• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 16

    Varios troyanos que no consigo eliminar.

    Buenas tardes; vengo con varios problemillas en mi pc. El Microsoft Security Essentials detecta desde hace dias varios troyanos, en teoría los elimina pero al apagar y volver a encender el ordenador, hago un escáner ...

    1. #1
      Usuario Avatar de Marina1111
      Registrado
      sep 2012
      Ubicación
      Barcelona
      Mensajes
      8

      Varios troyanos que no consigo eliminar.

      Buenas tardes;

      vengo con varios problemillas en mi pc. El Microsoft Security Essentials detecta desde hace dias varios troyanos, en teoría los elimina pero al apagar y volver a encender el ordenador, hago un escáner de nuevo y vuelven a salir. Detallo lo que encuentra:

      Win32/Fareit.gen!E
      Win32/Pdfjisc.RM
      Win32/Sirefef!cfg
      Java/CVE-2012-1723-AAV
      Java/CVE-2012-1723-AAW
      Java/CVE-2012-4681.GJ

      Le acabo de pasar el Malwarebytes, encontró 2 archivos infectados, os dejo el reporte.

      Malwarebytes Anti-Malware 1.65.0.1400
      www.malwarebytes.org

      Versión de la Base de Datos: v2012.09.12.03

      Windows Vista Service Pack 2 x64 NTFS
      Internet Explorer 9.0.8112.16421
      Petits :: PETITS1 [administrador]

      12/09/2012 13:56:51
      mbam-log-2012-09-12 (13-56-51).txt

      Tipos de Análisis: Análisis Completo (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 600534
      Tiempo transcurrido: 2 hora(s), 2 minuto(s), 22 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 2
      C:\Users\Petits\Documents\Petit\programas\avs4you.all.products.activator.2011.(v1.1a)-FIXED-mpt.exe (PUP.Hacktool.Patcher) -> En cuarentena y eliminado con éxito.
      C:\Users\Petits\AppData\Local\Temp\wpbt0.dll (Exploit.Drop.GS) -> En cuarentena y eliminado con éxito.

      fin)


      También tengo preoblemas con los iconos del escritorio. Yo los dejo en un tamaño y con un orden concreto, apago el pc y al encenderlo me los cambia de sitio y tamaño. (siempre los pone en el mismo lugar pero no donde yo le indico). No tengo marcada la pestaña de "Organización automática".

      No se que hacer, así que agradecería ayuda. Quedo a la espera de respuesta.

    2. #2
      Moderador
      Avatar de @DavidG_EB
      Registrado
      jul 2009
      Ubicación
      Mexico
      Mensajes
      10.633

      Re: Varios troyanos que no consigo eliminar.

      Hola Marina1111

      Win32/Sirefef!cfg
      Parece que tienes ZeroAccess

      Realiza lo siguiente porfavor:
      Descarga los siguientes programas pero no los ejecutes aun:
      Instala, y ejecuta glary utilities, despues ejecuta un mantenimiento one-click. Cualquier cosa te dejo su manual.

      Ejecuta TDSSKiller segun su manual y de ser necesario reinicia

      Instala y actualiza Malwarebytes, te dejo su manual.
      • Realiza un escaneo Completo.
      • Cuando termine da en Mostrar resultados, y selecciona todo lo que aparesca y no este seleccionado.
      • Presiona en Eliminar Seleccionados, si te pide reiniciar procedes.
      Nos traerias el reporte de Malwarebytes de la pestaña Registros y de TDSSKiller (C:\TDSSKiller.x.xx.x_xx.xx.xxxx_xx.xx.xx_log.txt donde "x.xx.x_xx.xx.xxxx_xx.xx.xx" son versión, fecha y hora)comentandonos como sigue el problema.

      Saludos
      ErdrickBass
      No importa lo fuerte que sea tu oponente. Lo importante es que estés de pie ante él

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de Marina1111
      Registrado
      sep 2012
      Ubicación
      Barcelona
      Mensajes
      8

      Re: Varios troyanos que no consigo eliminar.

      Gracias dadig-Bass.exe por tu ayuda.

      He seguido los pasos que me indicaste pero todo sigue igual. Ni el TDSSKiller ni el Malwarebytes encontraron nada. Dejé programado un escaneo de madrugada con el Microsoft Security Essentials y volvió a encontrar los bichos. Te dejo los reportes.

      19:19:15.0150 3192 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
      19:19:16.0890 3192 ============================================================
      19:19:16.0890 3192 Current date / time: 2012/09/12 19:19:16.0890
      19:19:16.0890 3192 SystemInfo:
      19:19:16.0890 3192
      19:19:16.0890 3192 OS Version: 6.0.6002 ServicePack: 2.0
      19:19:16.0890 3192 Product type: Workstation
      19:19:16.0890 3192 ComputerName: PETITS1
      19:19:16.0890 3192 UserName: Petits
      19:19:16.0890 3192 Windows directory: C:\Windows
      19:19:16.0890 3192 System windows directory: C:\Windows
      19:19:16.0890 3192 Running under WOW64
      19:19:16.0890 3192 Processor architecture: Intel x64
      19:19:16.0890 3192 Number of processors: 4
      19:19:16.0890 3192 Page size: 0x1000
      19:19:16.0890 3192 Boot type: Normal boot
      19:19:16.0890 3192 ============================================================
      19:19:17.0585 3192 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
      19:19:17.0610 3192 ============================================================
      19:19:17.0611 3192 \Device\Harddisk0\DR0:
      19:19:17.0611 3192 MBR partitions:
      19:19:17.0611 3192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48C68E23
      19:19:17.0611 3192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x48C68E62, BlocksNum 0x1BEE05F
      19:19:17.0611 3192 ============================================================
      19:19:17.0633 3192 C: <-> \Device\Harddisk0\DR0\Partition1
      19:19:17.0677 3192 D: <-> \Device\Harddisk0\DR0\Partition2
      19:19:17.0677 3192 ============================================================
      19:19:17.0677 3192 Initialize success
      19:19:17.0677 3192 ============================================================
      19:19:26.0294 2352 ============================================================
      19:19:26.0294 2352 Scan started
      19:19:26.0294 2352 Mode: Manual;
      19:19:26.0294 2352 ============================================================
      19:19:26.0855 2352 ================ Scan services =============================
      19:19:26.0988 2352 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
      19:19:26.0990 2352 ACPI - ok
      19:19:27.0100 2352 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      19:19:27.0102 2352 AdobeFlashPlayerUpdateSvc - ok
      19:19:27.0136 2352 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
      19:19:27.0139 2352 adp94xx - ok
      19:19:27.0174 2352 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
      19:19:27.0176 2352 adpahci - ok
      19:19:27.0204 2352 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
      19:19:27.0205 2352 adpu160m - ok
      19:19:27.0232 2352 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
      19:19:27.0233 2352 adpu320 - ok
      19:19:27.0276 2352 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
      19:19:27.0277 2352 AeLookupSvc - ok
      19:19:27.0308 2352 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
      19:19:27.0310 2352 AFD - ok
      19:19:27.0335 2352 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
      19:19:27.0335 2352 agp440 - ok
      19:19:27.0358 2352 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
      19:19:27.0359 2352 aic78xx - ok
      19:19:27.0374 2352 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
      19:19:27.0374 2352 ALG - ok
      19:19:27.0398 2352 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
      19:19:27.0398 2352 aliide - ok
      19:19:27.0414 2352 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
      19:19:27.0415 2352 amdide - ok
      19:19:27.0441 2352 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
      19:19:27.0441 2352 AmdK8 - ok
      19:19:27.0472 2352 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
      19:19:27.0473 2352 Appinfo - ok
      19:19:27.0496 2352 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
      19:19:27.0497 2352 arc - ok
      19:19:27.0514 2352 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
      19:19:27.0515 2352 arcsas - ok
      19:19:27.0534 2352 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
      19:19:27.0534 2352 AsyncMac - ok
      19:19:27.0562 2352 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
      19:19:27.0563 2352 atapi - ok
      19:19:27.0595 2352 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
      19:19:27.0598 2352 AudioEndpointBuilder - ok
      19:19:27.0607 2352 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
      19:19:27.0610 2352 AudioSrv - ok
      19:19:27.0647 2352 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
      19:19:27.0649 2352 BBSvc - ok
      19:19:27.0691 2352 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
      19:19:27.0694 2352 BFE - ok
      19:19:27.0742 2352 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
      19:19:27.0749 2352 BITS - ok
      19:19:27.0772 2352 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
      19:19:27.0772 2352 blbdrive - ok
      19:19:27.0819 2352 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
      19:19:27.0820 2352 bowser - ok
      19:19:27.0836 2352 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
      19:19:27.0836 2352 BrFiltLo - ok
      19:19:27.0866 2352 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
      19:19:27.0867 2352 BrFiltUp - ok
      19:19:27.0906 2352 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
      19:19:27.0907 2352 Browser - ok
      19:19:27.0929 2352 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
      19:19:27.0930 2352 Brserid - ok
      19:19:27.0966 2352 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
      19:19:27.0966 2352 BrSerWdm - ok
      19:19:28.0004 2352 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
      19:19:28.0004 2352 BrUsbMdm - ok
      19:19:28.0046 2352 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
      19:19:28.0046 2352 BrUsbSer - ok
      19:19:28.0086 2352 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
      19:19:28.0086 2352 BTHMODEM - ok
      19:19:28.0112 2352 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
      19:19:28.0113 2352 cdfs - ok
      19:19:28.0142 2352 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
      19:19:28.0142 2352 cdrom - ok
      19:19:28.0183 2352 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
      19:19:28.0184 2352 CertPropSvc - ok
      19:19:28.0185 2352 Scan interrupted by user!
      19:19:28.0185 2352 ================ Scan global ===============================
      19:19:28.0185 2352 Scan interrupted by user!
      19:19:28.0185 2352 ================ Scan MBR ==================================
      19:19:28.0185 2352 Scan interrupted by user!
      19:19:28.0185 2352 ================ Scan VBR ==================================
      19:19:28.0185 2352 Scan interrupted by user!
      19:19:28.0185 2352 ============================================================
      19:19:28.0185 2352 Scan finished
      19:19:28.0185 2352 ============================================================
      19:19:28.0194 3608 Detected object count: 0
      19:19:28.0194 3608 Actual detected object count: 0
      19:19:32.0379 4204 ============================================================
      19:19:32.0379 4204 Scan started
      19:19:32.0379 4204 Mode: Manual;
      19:19:32.0379 4204 ============================================================
      19:19:32.0555 4204 ================ Scan services =============================
      19:19:32.0702 4204 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
      19:19:32.0703 4204 ACPI - ok
      19:19:32.0822 4204 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      19:19:32.0824 4204 AdobeFlashPlayerUpdateSvc - ok
      19:19:32.0866 4204 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
      19:19:32.0869 4204 adp94xx - ok
      19:19:32.0887 4204 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
      19:19:32.0890 4204 adpahci - ok
      19:19:32.0918 4204 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
      19:19:32.0919 4204 adpu160m - ok
      19:19:32.0946 4204 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
      19:19:32.0947 4204 adpu320 - ok
      19:19:32.0973 4204 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
      19:19:32.0974 4204 AeLookupSvc - ok
      19:19:32.0997 4204 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
      19:19:32.0999 4204 AFD - ok
      19:19:33.0015 4204 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
      19:19:33.0016 4204 agp440 - ok
      19:19:33.0047 4204 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
      19:19:33.0048 4204 aic78xx - ok
      19:19:33.0063 4204 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
      19:19:33.0064 4204 ALG - ok
      19:19:33.0078 4204 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
      19:19:33.0079 4204 aliide - ok
      19:19:33.0095 4204 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
      19:19:33.0095 4204 amdide - ok
      19:19:33.0113 4204 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
      19:19:33.0113 4204 AmdK8 - ok
      19:19:33.0128 4204 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
      19:19:33.0129 4204 Appinfo - ok
      19:19:33.0143 4204 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
      19:19:33.0144 4204 arc - ok
      19:19:33.0161 4204 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
      19:19:33.0162 4204 arcsas - ok
      19:19:33.0181 4204 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
      19:19:33.0182 4204 AsyncMac - ok
      19:19:33.0193 4204 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
      19:19:33.0194 4204 atapi - ok
      19:19:33.0226 4204 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
      19:19:33.0229 4204 AudioEndpointBuilder - ok
      19:19:33.0237 4204 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
      19:19:33.0240 4204 AudioSrv - ok
      19:19:33.0278 4204 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
      19:19:33.0279 4204 BBSvc - ok
      19:19:33.0314 4204 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
      19:19:33.0317 4204 BFE - ok
      19:19:33.0357 4204 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
      19:19:33.0365 4204 BITS - ok
      19:19:33.0386 4204 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
      19:19:33.0387 4204 blbdrive - ok
      19:19:33.0417 4204 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
      19:19:33.0418 4204 bowser - ok
      19:19:33.0434 4204 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
      19:19:33.0434 4204 BrFiltLo - ok
      19:19:33.0447 4204 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
      19:19:33.0448 4204 BrFiltUp - ok
      19:19:33.0471 4204 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
      19:19:33.0471 4204 Browser - ok
      19:19:33.0486 4204 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
      19:19:33.0486 4204 Brserid - ok
      19:19:33.0497 4204 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
      19:19:33.0498 4204 BrSerWdm - ok
      19:19:33.0510 4204 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
      19:19:33.0510 4204 BrUsbMdm - ok
      19:19:33.0519 4204 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
      19:19:33.0519 4204 BrUsbSer - ok
      19:19:33.0534 4204 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
      19:19:33.0535 4204 BTHMODEM - ok
      19:19:33.0552 4204 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
      19:19:33.0553 4204 cdfs - ok
      19:19:33.0582 4204 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
      19:19:33.0583 4204 cdrom - ok
      19:19:33.0606 4204 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
      19:19:33.0607 4204 CertPropSvc - ok
      19:19:33.0617 4204 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
      19:19:33.0618 4204 circlass - ok
      19:19:33.0646 4204 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
      19:19:33.0648 4204 CLFS - ok
      19:19:33.0699 4204 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
      19:19:33.0700 4204 clr_optimization_v2.0.50727_32 - ok
      19:19:33.0745 4204 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
      19:19:33.0746 4204 clr_optimization_v2.0.50727_64 - ok
      19:19:33.0813 4204 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      19:19:33.0814 4204 clr_optimization_v4.0.30319_32 - ok
      19:19:33.0833 4204 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      19:19:33.0834 4204 clr_optimization_v4.0.30319_64 - ok
      19:19:33.0852 4204 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
      19:19:33.0853 4204 cmdide - ok
      19:19:33.0868 4204 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
      19:19:33.0869 4204 Compbatt - ok
      19:19:33.0873 4204 COMSysApp - ok
      19:19:33.0896 4204 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
      19:19:33.0896 4204 crcdisk - ok
      19:19:33.0932 4204 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
      19:19:33.0933 4204 CryptSvc - ok
      19:19:33.0961 4204 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
      19:19:33.0966 4204 DcomLaunch - ok
      19:19:33.0990 4204 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
      19:19:33.0991 4204 DfsC - ok
      19:19:34.0072 4204 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
      19:19:34.0092 4204 DFSR - ok
      19:19:34.0124 4204 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
      19:19:34.0126 4204 Dhcp - ok
      19:19:34.0180 4204 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
      19:19:34.0181 4204 disk - ok
      19:19:34.0210 4204 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
      19:19:34.0212 4204 Dnscache - ok
      19:19:34.0227 4204 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
      19:19:34.0229 4204 dot3svc - ok
      19:19:34.0249 4204 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
      19:19:34.0250 4204 DPS - ok
      19:19:34.0278 4204 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
      19:19:34.0279 4204 drmkaud - ok
      19:19:34.0316 4204 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
      19:19:34.0321 4204 DXGKrnl - ok
      19:19:34.0335 4204 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
      19:19:34.0336 4204 E1G60 - ok
      19:19:34.0360 4204 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
      19:19:34.0361 4204 EapHost - ok
      19:19:34.0383 4204 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
      19:19:34.0384 4204 Ecache - ok
      19:19:34.0434 4204 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
      19:19:34.0436 4204 ehRecvr - ok
      19:19:34.0445 4204 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
      19:19:34.0446 4204 ehSched - ok
      19:19:34.0465 4204 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
      19:19:34.0465 4204 ehstart - ok
      19:19:34.0482 4204 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
      19:19:34.0484 4204 elxstor - ok
      19:19:34.0508 4204 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
      19:19:34.0511 4204 EMDMgmt - ok
      19:19:34.0526 4204 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
      19:19:34.0527 4204 ErrDev - ok
      19:19:34.0557 4204 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
      19:19:34.0559 4204 EventSystem - ok
      19:19:34.0575 4204 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
      19:19:34.0576 4204 exfat - ok
      19:19:34.0587 4204 ezSharedSvc - ok
      19:19:34.0614 4204 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
      19:19:34.0616 4204 fastfat - ok
      19:19:34.0636 4204 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
      19:19:34.0637 4204 fdc - ok
      19:19:34.0642 4204 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
      19:19:34.0643 4204 fdPHost - ok
      19:19:34.0659 4204 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
      19:19:34.0660 4204 FDResPub - ok
      19:19:34.0672 4204 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
      19:19:34.0673 4204 FileInfo - ok
      19:19:34.0686 4204 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
      19:19:34.0686 4204 Filetrace - ok
      19:19:34.0704 4204 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
      19:19:34.0705 4204 flpydisk - ok
      19:19:34.0724 4204 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
      19:19:34.0726 4204 FltMgr - ok
      19:19:34.0791 4204 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
      19:19:34.0798 4204 FontCache - ok
      19:19:34.0838 4204 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
      19:19:34.0839 4204 FontCache3.0.0.0 - ok
      19:19:34.0858 4204 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
      19:19:34.0858 4204 fssfltr - ok
      19:19:34.0925 4204 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
      19:19:34.0934 4204 fsssvc - ok
      19:19:34.0966 4204 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
      19:19:34.0967 4204 Fs_Rec - ok
      19:19:34.0997 4204 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
      19:19:34.0997 4204 gagp30kx - ok
      19:19:35.0050 4204 [ CC1C8068B05283D63EC5FE782D2D3946 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
      19:19:35.0052 4204 GameConsoleService - ok
      19:19:35.0080 4204 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
      19:19:35.0085 4204 gpsvc - ok
      19:19:35.0124 4204 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
      19:19:35.0130 4204 HDAudBus - ok
      19:19:35.0144 4204 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
      19:19:35.0144 4204 HidBth - ok
      19:19:35.0157 4204 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
      19:19:35.0157 4204 HidIr - ok
      19:19:35.0173 4204 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
      19:19:35.0174 4204 hidserv - ok
      19:19:35.0186 4204 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
      19:19:35.0186 4204 HidUsb - ok
      19:19:35.0204 4204 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
      19:19:35.0206 4204 hkmsvc - ok
      19:19:35.0259 4204 [ A3A30438C48D2D71556E120C9C7BA7A0 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
      19:19:35.0260 4204 HP Health Check Service - ok
      19:19:35.0287 4204 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
      19:19:35.0287 4204 HpCISSs - ok
      19:19:35.0321 4204 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
      19:19:35.0325 4204 HTTP - ok
      19:19:35.0336 4204 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
      19:19:35.0337 4204 i2omp - ok
      19:19:35.0347 4204 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
      19:19:35.0348 4204 i8042prt - ok
      19:19:35.0408 4204 [ 5B19DFC29A9563A5DA5CA559BED83AA8 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      19:19:35.0410 4204 IAANTMON - ok
      19:19:35.0451 4204 [ 8EACF469269FB1509561961A3188F670 ] iaStor C:\Windows\system32\drivers\iastor.sys
      19:19:35.0454 4204 iaStor - ok
      19:19:35.0481 4204 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
      19:19:35.0483 4204 iaStorV - ok
      19:19:35.0542 4204 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
      19:19:35.0547 4204 idsvc - ok
      19:19:35.0587 4204 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
      19:19:35.0588 4204 iirsp - ok
      19:19:35.0623 4204 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
      19:19:35.0626 4204 IKEEXT - ok
      19:19:35.0683 4204 [ 46CB3ABE8150E7B181E86D4906DE17E8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
      19:19:35.0691 4204 IntcAzAudAddService - ok
      19:19:35.0707 4204 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
      19:19:35.0708 4204 intelide - ok
      19:19:35.0726 4204 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
      19:19:35.0727 4204 intelppm - ok
      19:19:35.0753 4204 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
      19:19:35.0754 4204 IPBusEnum - ok
      19:19:35.0779 4204 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
      19:19:35.0780 4204 IpFilterDriver - ok
      19:19:35.0803 4204 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
      19:19:35.0805 4204 iphlpsvc - ok
      19:19:35.0809 4204 IpInIp - ok
      19:19:35.0830 4204 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
      19:19:35.0830 4204 IPMIDRV - ok
      19:19:35.0858 4204 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
      19:19:35.0859 4204 IPNAT - ok
      19:19:35.0879 4204 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
      19:19:35.0880 4204 IRENUM - ok
      19:19:35.0904 4204 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
      19:19:35.0905 4204 isapnp - ok
      19:19:35.0923 4204 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
      19:19:35.0924 4204 iScsiPrt - ok
      19:19:35.0938 4204 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
      19:19:35.0939 4204 iteatapi - ok
      19:19:35.0950 4204 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
      19:19:35.0951 4204 iteraid - ok
      19:19:35.0969 4204 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
      19:19:35.0969 4204 kbdclass - ok
      19:19:35.0981 4204 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
      19:19:35.0981 4204 kbdhid - ok
      19:19:35.0994 4204 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
      19:19:35.0995 4204 KeyIso - ok
      19:19:36.0025 4204 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
      19:19:36.0028 4204 KSecDD - ok
      19:19:36.0033 4204 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
      19:19:36.0034 4204 ksthunk - ok
      19:19:36.0066 4204 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
      19:19:36.0069 4204 KtmRm - ok
      19:19:36.0103 4204 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
      19:19:36.0105 4204 LanmanServer - ok
      19:19:36.0141 4204 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
      19:19:36.0144 4204 LanmanWorkstation - ok
      19:19:36.0198 4204 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
      19:19:36.0199 4204 LightScribeService - ok
      19:19:36.0213 4204 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
      19:19:36.0213 4204 lltdio - ok
      19:19:36.0236 4204 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
      19:19:36.0239 4204 lltdsvc - ok
      19:19:36.0253 4204 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
      19:19:36.0254 4204 lmhosts - ok
      19:19:36.0274 4204 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
      19:19:36.0275 4204 LSI_FC - ok
      19:19:36.0296 4204 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
      19:19:36.0297 4204 LSI_SAS - ok
      19:19:36.0329 4204 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
      19:19:36.0329 4204 LSI_SCSI - ok
      19:19:36.0349 4204 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
      19:19:36.0350 4204 luafv - ok
      19:19:36.0410 4204 [ EC470D91EF06A59397EDC18D48899CC5 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
      19:19:36.0412 4204 MatSvc - ok
      19:19:36.0448 4204 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
      19:19:36.0450 4204 Mcx2Svc - ok
      19:19:36.0474 4204 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
      19:19:36.0474 4204 megasas - ok
      19:19:36.0495 4204 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
      19:19:36.0498 4204 MegaSR - ok
      19:19:36.0539 4204 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
      19:19:36.0540 4204 MMCSS - ok
      19:19:36.0569 4204 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
      19:19:36.0570 4204 Modem - ok
      19:19:36.0596 4204 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
      19:19:36.0596 4204 monitor - ok
      19:19:36.0605 4204 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
      19:19:36.0605 4204 mouclass - ok
      19:19:36.0622 4204 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
      19:19:36.0623 4204 mouhid - ok
      19:19:36.0633 4204 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
      19:19:36.0634 4204 MountMgr - ok
      19:19:36.0683 4204 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      19:19:36.0684 4204 MozillaMaintenance - ok
      19:19:36.0708 4204 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
      19:19:36.0709 4204 MpFilter - ok
      19:19:36.0724 4204 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
      19:19:36.0725 4204 mpio - ok
      19:19:36.0742 4204 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
      19:19:36.0743 4204 mpsdrv - ok
      19:19:36.0777 4204 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
      19:19:36.0782 4204 MpsSvc - ok
      19:19:36.0801 4204 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
      19:19:36.0801 4204 Mraid35x - ok
      19:19:36.0817 4204 mrffhmwz - ok
      19:19:36.0844 4204 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
      19:19:36.0845 4204 MRxDAV - ok
      19:19:36.0871 4204 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
      19:19:36.0872 4204 mrxsmb - ok
      19:19:36.0880 4204 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
      19:19:36.0882 4204 mrxsmb10 - ok
      19:19:36.0896 4204 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
      19:19:36.0897 4204 mrxsmb20 - ok
      19:19:36.0912 4204 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
      19:19:36.0912 4204 msahci - ok
      19:19:36.0929 4204 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
      19:19:36.0930 4204 msdsm - ok
      19:19:36.0955 4204 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
      19:19:36.0957 4204 MSDTC - ok
      19:19:36.0981 4204 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
      19:19:36.0982 4204 Msfs - ok
      19:19:36.0999 4204 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
      19:19:36.0999 4204 msisadrv - ok
      19:19:37.0028 4204 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
      19:19:37.0029 4204 MSiSCSI - ok
      19:19:37.0033 4204 msiserver - ok
      19:19:37.0044 4204 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
      19:19:37.0045 4204 MSKSSRV - ok
      19:19:37.0089 4204 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
      19:19:37.0089 4204 MsMpSvc - ok
      19:19:37.0106 4204 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
      19:19:37.0107 4204 MSPCLOCK - ok
      19:19:37.0118 4204 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
      19:19:37.0118 4204 MSPQM - ok
      19:19:37.0142 4204 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
      19:19:37.0144 4204 MsRPC - ok
      19:19:37.0159 4204 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
      19:19:37.0160 4204 mssmbios - ok
      19:19:37.0177 4204 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
      19:19:37.0177 4204 MSTEE - ok
      19:19:37.0200 4204 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
      19:19:37.0201 4204 Mup - ok
      19:19:37.0215 4204 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
      19:19:37.0219 4204 napagent - ok
      19:19:37.0250 4204 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
      19:19:37.0251 4204 NativeWifiP - ok
      19:19:37.0309 4204 [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
      19:19:37.0313 4204 NAUpdate - ok
      19:19:37.0322 4204 [ 7B2D90BBBBED11C8DFBA441D34AE901E ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys
      19:19:37.0323 4204 NBVol - ok
      19:19:37.0342 4204 [ 4FE7B5757279D82C4D171E9F7FD52A75 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys
      19:19:37.0342 4204 NBVolUp - ok
      19:19:37.0372 4204 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
      19:19:37.0376 4204 NDIS - ok
      19:19:37.0390 4204 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
      19:19:37.0390 4204 NdisTapi - ok
      19:19:37.0431 4204 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
      19:19:37.0432 4204 Ndisuio - ok
      19:19:37.0466 4204 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
      19:19:37.0467 4204 NdisWan - ok
      19:19:37.0491 4204 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
      19:19:37.0492 4204 NDProxy - ok
      19:19:37.0505 4204 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
      19:19:37.0505 4204 NetBIOS - ok
      19:19:37.0554 4204 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
      19:19:37.0556 4204 netbt - ok
      19:19:37.0570 4204 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
      19:19:37.0571 4204 Netlogon - ok
      19:19:37.0590 4204 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
      19:19:37.0593 4204 Netman - ok
      19:19:37.0611 4204 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
      19:19:37.0614 4204 netprofm - ok
      19:19:37.0633 4204 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
      19:19:37.0634 4204 NetTcpPortSharing - ok
      19:19:37.0659 4204 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
      19:19:37.0660 4204 nfrd960 - ok
      19:19:37.0684 4204 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
      19:19:37.0685 4204 NisDrv - ok
      19:19:37.0713 4204 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
      19:19:37.0717 4204 NisSrv - ok
      19:19:37.0740 4204 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
      19:19:37.0742 4204 NlaSvc - ok
      19:19:37.0773 4204 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
      19:19:37.0774 4204 nmwcd - ok
      19:19:37.0807 4204 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
      19:19:37.0807 4204 nmwcdc - ok
      19:19:37.0812 4204 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
      19:19:37.0812 4204 Npfs - ok
      19:19:37.0837 4204 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
      19:19:37.0839 4204 nsi - ok
      19:19:37.0849 4204 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
      19:19:37.0850 4204 nsiproxy - ok
      19:19:37.0883 4204 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
      19:19:37.0892 4204 Ntfs - ok
      19:19:37.0903 4204 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
      19:19:37.0903 4204 Null - ok
      19:19:38.0161 4204 [ 828E3D31D9E5B81A4927885D3752C996 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
      19:19:38.0240 4204 nvlddmkm - ok
      19:19:38.0267 4204 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
      19:19:38.0268 4204 nvraid - ok
      19:19:38.0288 4204 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
      19:19:38.0288 4204 nvstor - ok
      19:19:38.0336 4204 [ 1C63E34632CEBD6A37B82DC77C4F7575 ] nvsvc C:\Windows\system32\nvvsvc.exe
      19:19:38.0341 4204 nvsvc - ok
      19:19:38.0473 4204 [ 4A5A9DDEF3C7E4E37EB22DE00AE8B9F1 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      19:19:38.0487 4204 nvUpdatusService - ok
      19:19:38.0507 4204 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
      19:19:38.0508 4204 nv_agp - ok
      19:19:38.0512 4204 NwlnkFlt - ok
      19:19:38.0517 4204 NwlnkFwd - ok
      19:19:38.0554 4204 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
      19:19:38.0555 4204 ohci1394 - ok
      19:19:38.0589 4204 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
      19:19:38.0596 4204 p2pimsvc - ok
      19:19:38.0608 4204 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
      19:19:38.0614 4204 p2psvc - ok
      19:19:38.0633 4204 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
      19:19:38.0634 4204 Parport - ok
      19:19:38.0658 4204 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
      19:19:38.0659 4204 partmgr - ok
      19:19:38.0678 4204 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
      19:19:38.0680 4204 PcaSvc - ok
      19:19:38.0737 4204 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
      19:19:38.0737 4204 pccsmcfd - ok
      19:19:38.0833 4204 [ EE05945C27A3394EA2186751A14209DB ] PCD5SRVC{E2AF211B-86DA020A-05040000} C:\PROGRA~2\PC-DOC~1\PCD5SRVC_x64.pkms
      19:19:38.0834 4204 PCD5SRVC{E2AF211B-86DA020A-05040000} - ok
      19:19:38.0852 4204 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
      19:19:38.0853 4204 pci - ok
      19:19:38.0865 4204 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
      19:19:38.0866 4204 pciide - ok
      19:19:38.0881 4204 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
      19:19:38.0883 4204 pcmcia - ok
      19:19:38.0907 4204 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
      19:19:38.0912 4204 PEAUTH - ok
      19:19:38.0972 4204 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
      19:19:38.0974 4204 PerfHost - ok
      19:19:39.0034 4204 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
      19:19:39.0044 4204 pla - ok
      19:19:39.0066 4204 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
      19:19:39.0070 4204 PlugPlay - ok
      19:19:39.0103 4204 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
      19:19:39.0110 4204 PNRPAutoReg - ok
      19:19:39.0122 4204 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
      19:19:39.0128 4204 PNRPsvc - ok
      19:19:39.0145 4204 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
      19:19:39.0149 4204 PolicyAgent - ok
      19:19:39.0153 4204 ponxklqi - ok
      19:19:39.0183 4204 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
      19:19:39.0184 4204 PptpMiniport - ok
      19:19:39.0206 4204 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
      19:19:39.0207 4204 Processor - ok
      19:19:39.0227 4204 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
      19:19:39.0230 4204 ProfSvc - ok
      19:19:39.0245 4204 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
      19:19:39.0246 4204 ProtectedStorage - ok
      19:19:39.0312 4204 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe
      19:19:39.0314 4204 ProtexisLicensing - ok
      19:19:39.0353 4204 [ 1D0A3F565397D08707F3D75B88586645 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
      19:19:39.0354 4204 Ps2 - ok
      19:19:39.0367 4204 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
      19:19:39.0368 4204 PSched - ok
      19:19:39.0399 4204 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
      19:19:39.0406 4204 ql2300 - ok
      19:19:39.0439 4204 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
      19:19:39.0440 4204 ql40xx - ok
      19:19:39.0471 4204 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
      19:19:39.0474 4204 QWAVE - ok
      19:19:39.0483 4204 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
      19:19:39.0484 4204 QWAVEdrv - ok
      19:19:39.0489 4204 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
      19:19:39.0489 4204 RasAcd - ok
      19:19:39.0509 4204 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
      19:19:39.0511 4204 RasAuto - ok
      19:19:39.0520 4204 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
      19:19:39.0521 4204 Rasl2tp - ok
      19:19:39.0536 4204 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
      19:19:39.0539 4204 RasMan - ok
      19:19:39.0554 4204 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
      19:19:39.0554 4204 RasPppoe - ok
      19:19:39.0567 4204 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
      19:19:39.0568 4204 RasSstp - ok
      19:19:39.0594 4204 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
      19:19:39.0596 4204 rdbss - ok
      19:19:39.0603 4204 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
      19:19:39.0604 4204 RDPCDD - ok
      19:19:39.0630 4204 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
      19:19:39.0632 4204 rdpdr - ok
      19:19:39.0637 4204 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
      19:19:39.0637 4204 RDPENCDD - ok
      19:19:39.0684 4204 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
      19:19:39.0685 4204 RDPWD - ok
      19:19:39.0716 4204 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
      19:19:39.0718 4204 RemoteAccess - ok
      19:19:39.0731 4204 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
      19:19:39.0733 4204 RemoteRegistry - ok
      19:19:39.0748 4204 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
      19:19:39.0749 4204 RpcLocator - ok
      19:19:39.0782 4204 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
      19:19:39.0788 4204 RpcSs - ok
      19:19:39.0798 4204 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
      19:19:39.0799 4204 rspndr - ok
      19:19:39.0824 4204 [ 82B66ABF055611024E5DBB9FA556C11D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
      19:19:39.0825 4204 RTL8169 - ok
      19:19:39.0834 4204 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
      19:19:39.0835 4204 SamSs - ok
      19:19:39.0853 4204 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
      19:19:39.0854 4204 sbp2port - ok
      19:19:39.0880 4204 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
      19:19:39.0882 4204 SCardSvr - ok
      19:19:39.0917 4204 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
      19:19:39.0923 4204 Schedule - ok
      19:19:39.0934 4204 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
      19:19:39.0935 4204 SCPolicySvc - ok
      19:19:39.0960 4204 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
      19:19:39.0962 4204 SDRSVC - ok
      19:19:40.0014 4204 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
      19:19:40.0015 4204 SeaPort - ok
      19:19:40.0024 4204 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
      19:19:40.0024 4204 secdrv - ok
      19:19:40.0037 4204 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
      19:19:40.0039 4204 seclogon - ok
      19:19:40.0047 4204 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
      19:19:40.0049 4204 SENS - ok
      19:19:40.0072 4204 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
      19:19:40.0072 4204 Serenum - ok
      19:19:40.0086 4204 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
      19:19:40.0087 4204 Serial - ok
      19:19:40.0103 4204 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
      19:19:40.0104 4204 sermouse - ok
      19:19:40.0204 4204 [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
      19:19:40.0209 4204 ServiceLayer - ok
      19:19:40.0230 4204 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
      19:19:40.0232 4204 SessionEnv - ok
      19:19:40.0249 4204 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
      19:19:40.0249 4204 sffdisk - ok
      19:19:40.0261 4204 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
      19:19:40.0262 4204 sffp_mmc - ok
      19:19:40.0276 4204 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
      19:19:40.0276 4204 sffp_sd - ok
      19:19:40.0286 4204 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
      19:19:40.0286 4204 sfloppy - ok
      19:19:40.0306 4204 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
      19:19:40.0309 4204 SharedAccess - ok
      19:19:40.0341 4204 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
      19:19:40.0344 4204 ShellHWDetection - ok
      19:19:40.0355 4204 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
      19:19:40.0356 4204 SiSRaid2 - ok
      19:19:40.0367 4204 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
      19:19:40.0368 4204 SiSRaid4 - ok
      19:19:40.0532 4204 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
      19:19:40.0549 4204 Skype C2C Service - ok
      19:19:40.0604 4204 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
      19:19:40.0605 4204 SkypeUpdate - ok
      19:19:40.0667 4204 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
      19:19:40.0683 4204 slsvc - ok
      19:19:40.0699 4204 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
      19:19:40.0701 4204 SLUINotify - ok
      19:19:40.0727 4204 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
      19:19:40.0728 4204 Smb - ok
      19:19:40.0753 4204 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
      19:19:40.0755 4204 SNMPTRAP - ok
      19:19:40.0771 4204 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
      19:19:40.0772 4204 spldr - ok
      19:19:40.0802 4204 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
      19:19:40.0805 4204 Spooler - ok
      19:19:40.0832 4204 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
      19:19:40.0835 4204 srv - ok
      19:19:40.0858 4204 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
      19:19:40.0860 4204 srv2 - ok
      19:19:40.0870 4204 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
      19:19:40.0871 4204 srvnet - ok
      19:19:40.0897 4204 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
      19:19:40.0900 4204 SSDPSRV - ok
      19:19:40.0923 4204 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
      19:19:40.0925 4204 SstpSvc - ok
      19:19:40.0954 4204 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
      19:19:40.0959 4204 stisvc - ok
      19:19:40.0972 4204 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
      19:19:40.0973 4204 swenum - ok
      19:19:40.0996 4204 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
      19:19:41.0000 4204 swprv - ok
      19:19:41.0025 4204 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
      19:19:41.0025 4204 Symc8xx - ok
      19:19:41.0048 4204 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
      19:19:41.0049 4204 Sym_hi - ok
      19:19:41.0060 4204 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
      19:19:41.0061 4204 Sym_u3 - ok
      19:19:41.0087 4204 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
      19:19:41.0093 4204 SysMain - ok
      19:19:41.0112 4204 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
      19:19:41.0115 4204 TabletInputService - ok
      19:19:41.0146 4204 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
      19:19:41.0149 4204 TapiSrv - ok
      19:19:41.0158 4204 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
      19:19:41.0161 4204 TBS - ok
      19:19:41.0199 4204 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
      19:19:41.0209 4204 Tcpip - ok
      19:19:41.0233 4204 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
      19:19:41.0242 4204 Tcpip6 - ok
      19:19:41.0254 4204 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
      19:19:41.0255 4204 tcpipreg - ok
      19:19:41.0271 4204 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
      19:19:41.0271 4204 TDPIPE - ok
      19:19:41.0285 4204 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
      19:19:41.0285 4204 TDTCP - ok
      19:19:41.0313 4204 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
      19:19:41.0314 4204 tdx - ok
      19:19:41.0337 4204 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
      19:19:41.0337 4204 TermDD - ok
      19:19:41.0364 4204 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
      19:19:41.0368 4204 TermService - ok
      19:19:41.0386 4204 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
      19:19:41.0389 4204 Themes - ok
      19:19:41.0440 4204 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
      19:19:41.0441 4204 THREADORDER - ok
      19:19:41.0464 4204 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
      19:19:41.0466 4204 TrkWks - ok
      19:19:41.0499 4204 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
      19:19:41.0500 4204 TrustedInstaller - ok
      19:19:41.0508 4204 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
      19:19:41.0508 4204 tssecsrv - ok
      19:19:41.0519 4204 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
      19:19:41.0519 4204 tunmp - ok
      19:19:41.0547 4204 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
      19:19:41.0548 4204 tunnel - ok
      19:19:41.0575 4204 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
      19:19:41.0575 4204 uagp35 - ok
      19:19:41.0592 4204 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
      19:19:41.0594 4204 udfs - ok
      19:19:41.0609 4204 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
      19:19:41.0611 4204 UI0Detect - ok
      19:19:41.0627 4204 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
      19:19:41.0628 4204 uliagpkx - ok
      19:19:41.0648 4204 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
      19:19:41.0650 4204 uliahci - ok
      19:19:41.0664 4204 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
      19:19:41.0665 4204 UlSata - ok
      19:19:41.0679 4204 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
      19:19:41.0680 4204 ulsata2 - ok
      19:19:41.0684 4204 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
      19:19:41.0685 4204 umbus - ok
      19:19:41.0715 4204 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
      19:19:41.0718 4204 upnphost - ok
      19:19:41.0746 4204 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
      19:19:41.0747 4204 upperdev - ok
      19:19:41.0772 4204 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
      19:19:41.0773 4204 usbccgp - ok
      19:19:41.0785 4204 [ 8C39D53E1A343F4C47EE8F3C052126D8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
      19:19:41.0786 4204 usbcir - ok
      19:19:41.0815 4204 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
      19:19:41.0815 4204 usbehci - ok
      19:19:41.0829 4204 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
      19:19:41.0831 4204 usbhub - ok
      19:19:41.0845 4204 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
      19:19:41.0845 4204 usbohci - ok
      19:19:41.0863 4204 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
      19:19:41.0864 4204 usbprint - ok
      19:19:41.0888 4204 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
      19:19:41.0889 4204 usbscan - ok
      19:19:41.0943 4204 [ F7386007FB19E7685FC7B298560AA81F ] usbser C:\Windows\system32\drivers\usbser.sys
      19:19:41.0944 4204 usbser - ok
      19:19:41.0959 4204 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
      19:19:41.0959 4204 UsbserFilt - ok
      19:19:41.0972 4204 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
      19:19:41.0973 4204 USBSTOR - ok
      19:19:41.0984 4204 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
      19:19:41.0984 4204 usbuhci - ok
      19:19:42.0002 4204 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
      19:19:42.0004 4204 UxSms - ok
      19:19:42.0030 4204 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
      19:19:42.0034 4204 vds - ok
      19:19:42.0060 4204 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
      19:19:42.0060 4204 vga - ok
      19:19:42.0065 4204 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
      19:19:42.0065 4204 VgaSave - ok
      19:19:42.0081 4204 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
      19:19:42.0082 4204 viaide - ok
      19:19:42.0097 4204 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
      19:19:42.0098 4204 volmgr - ok
      19:19:42.0113 4204 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
      19:19:42.0115 4204 volmgrx - ok
      19:19:42.0134 4204 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
      19:19:42.0135 4204 volsnap - ok
      19:19:42.0151 4204 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
      19:19:42.0152 4204 vsmraid - ok
      19:19:42.0186 4204 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
      19:19:42.0197 4204 VSS - ok
      19:19:42.0213 4204 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
      19:19:42.0217 4204 W32Time - ok
      19:19:42.0238 4204 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
      19:19:42.0239 4204 WacomPen - ok
      19:19:42.0262 4204 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
      19:19:42.0263 4204 Wanarp - ok
      19:19:42.0267 4204 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
      19:19:42.0268 4204 Wanarpv6 - ok
      19:19:42.0299 4204 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
      19:19:42.0304 4204 wcncsvc - ok
      19:19:42.0324 4204 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
      19:19:42.0326 4204 WcsPlugInService - ok
      19:19:42.0338 4204 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
      19:19:42.0339 4204 Wd - ok
      19:19:42.0367 4204 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
      19:19:42.0371 4204 Wdf01000 - ok
      19:19:42.0389 4204 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
      19:19:42.0391 4204 WdiServiceHost - ok
      19:19:42.0406 4204 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
      19:19:42.0409 4204 WdiSystemHost - ok
      19:19:42.0430 4204 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
      19:19:42.0433 4204 WebClient - ok
      19:19:42.0476 4204 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
      19:19:42.0479 4204 Wecsvc - ok
      19:19:42.0496 4204 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
      19:19:42.0498 4204 wercplsupport - ok
      19:19:42.0508 4204 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
      19:19:42.0511 4204 WerSvc - ok
      19:19:42.0522 4204 WinDefend - ok
      19:19:42.0527 4204 WinHttpAutoProxySvc - ok
      19:19:42.0578 4204 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
      19:19:42.0580 4204 Winmgmt - ok
      19:19:42.0626 4204 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
      19:19:42.0639 4204 WinRM - ok
      19:19:42.0673 4204 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
      19:19:42.0678 4204 Wlansvc - ok
      19:19:42.0729 4204 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
      19:19:42.0730 4204 wlcrasvc - ok
      19:19:42.0822 4204 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      19:19:42.0835 4204 wlidsvc - ok
      19:19:42.0858 4204 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
      19:19:42.0858 4204 WmiAcpi - ok
      19:19:42.0886 4204 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
      19:19:42.0888 4204 wmiApSrv - ok
      19:19:42.0916 4204 WMPNetworkSvc - ok
      19:19:42.0946 4204 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
      19:19:42.0949 4204 WPCSvc - ok
      19:19:42.0969 4204 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
      19:19:42.0972 4204 WPDBusEnum - ok
      19:19:43.0020 4204 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
      19:19:43.0020 4204 WpdUsb - ok
      19:19:43.0128 4204 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
      19:19:43.0134 4204 WPFFontCache_v0400 - ok
      19:19:43.0150 4204 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
      19:19:43.0151 4204 ws2ifsl - ok
      19:19:43.0174 4204 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
      19:19:43.0176 4204 wscsvc - ok
      19:19:43.0180 4204 WSearch - ok
      19:19:43.0267 4204 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
      19:19:43.0282 4204 wuauserv - ok
      19:19:43.0304 4204 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
      19:19:43.0306 4204 WUDFRd - ok
      19:19:43.0327 4204 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
      19:19:43.0330 4204 wudfsvc - ok
      19:19:43.0335 4204 ================ Scan global ===============================
      19:19:43.0374 4204 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
      19:19:43.0402 4204 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
      19:19:43.0423 4204 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
      19:19:43.0452 4204 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
      19:19:43.0456 4204 [Global] - ok
      19:19:43.0456 4204 ================ Scan MBR ==================================
      19:19:43.0468 4204 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
      19:19:43.0845 4204 \Device\Harddisk0\DR0 - ok
      19:19:43.0846 4204 ================ Scan VBR ==================================
      19:19:43.0848 4204 [ 65CA1EF10AD646AD29B09044219F0714 ] \Device\Harddisk0\DR0\Partition1
      19:19:43.0856 4204 \Device\Harddisk0\DR0\Partition1 - ok
      19:19:43.0858 4204 [ A98FB98F729EB04506D85C167E4EC0A2 ] \Device\Harddisk0\DR0\Partition2
      19:19:43.0859 4204 \Device\Harddisk0\DR0\Partition2 - ok
      19:19:43.0861 4204 ============================================================
      19:19:43.0861 4204 Scan finished
      19:19:43.0861 4204 ============================================================
      19:19:43.0871 2392 Detected object count: 0
      19:19:43.0871 2392 Actual detected object count: 0
      19:19:50.0635 4432 Deinitialize success




      Malwarebytes Anti-Malware 1.65.0.1400
      www.malwarebytes.org

      Versión de la Base de Datos: v2012.09.12.03

      Windows Vista Service Pack 2 x64 NTFS
      Internet Explorer 9.0.8112.16421
      Petits :: PETITS1 [administrador]

      12/09/2012 19:20:52
      mbam-log-2012-09-12 (19-20-52).txt

      Tipos de Análisis: Análisis Completo (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 590400
      Tiempo transcurrido: 1 hora(s), 56 minuto(s), 50 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)

      fin)


      Tu solo me hablas del ZeroAccess pero en el listado del Microsoft Security Essentials salen mas nombres, son diferentes virus o variantes del mismo? Quedo a la espera de saber que mas debo hacer. Gracias.

    4. #4
      Moderador
      Avatar de @DavidG_EB
      Registrado
      jul 2009
      Ubicación
      Mexico
      Mensajes
      10.633

      Re: Varios troyanos que no consigo eliminar.

      Hola

      Te hablo principalmente de ZeroAccess porque es el mas peligroso de los que se mensionan

      Bueno, para tratar de adentrarnos en el problema realiza lo siguiente porfavor:
      Vacia el cache de java, puedes revisar estos 2 enlaces:
      Actualiza Java de la siguiente forma:
      1. Descarga e instala Java de su pagina oficial: Descarga gratuita de software de Java
      2. Ejecuta JavaRa: Manual de JavaRa
      3. Desinstala con RevoUninstaller cualquier version de Java anterior a la actual, en este caso 7 update 7

      Nota: cuando quieras verificar tu version de Java puedes ir a este enlace: Verificar la versión de Java
      Descarga y ejecuta Dr Web CureIt segun su manual y con estas especificaciones:
      • Cuando inicie el programa ejecutalo en su modo de proteccion mejorada preferentemente.
      • Al iniciarlo siguiendo el manual, comenzara un Escaneo rápido por defecto, lo detienes si es posible como se muestra en la imagen de abajo, si no espera a que termine:



      • Eliges la opción Escaneo completo y pulsas el botón de Play para iniciar.
      • Curas, Mueves y Eliminas, lo que encuentre según te de la opción y con ese orden de preferencia.
      • Si te detecta el archivo Hosts modificado pulsa en Si para restaurarlo.
      • Guarda un reporte al finalizar como lo indica la imagen
      Nos traerias el reporte de DrWeb ( de no poder guardarlo como se indica, un reporte se genera sobre %userprofile%\DoctorWeb\CureIt.log, del cual deberas traer solo la seccion del final de estadisticas) y de JavaRa (c:\javara.log) comentandonos como sigue el problema.

      Saludos
      ErdrickBass
      No importa lo fuerte que sea tu oponente. Lo importante es que estés de pie ante él

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de Marina1111
      Registrado
      sep 2012
      Ubicación
      Barcelona
      Mensajes
      8

      Re: Varios troyanos que no consigo eliminar.

      Hola de nuevo, siento la tardanza en responder.

      He seguido los pasos que me indicas, del JavaRa no encuentro el reporte
      del Dr Web CureIt te lo dejo a continuación.

      Estadística total de sesión
      =============================================================================
      Objetos chequeados: 1326202
      Infectados: 5
      Infectados con modificaciones: 0
      Sospechosos: 128
      Programas Adware: 0
      Programas Dialer: 0
      Programas - bromas: 0
      Programas Riskware: 0
      Programas Hacktool: 0
      Objetos curados: 0
      Objetos eliminados: 3
      Objetos renombrados: 0
      Objetos movidos: 37
      Objetos ignorados: 0
      Velocidad del chequeo: 60 Kb/s
      Tiempo del chequeo: 11:20:12
      =============================================================================

      Ayer volví a pasar el Microsoft Security Essentials y no me detectó nada, así que no se si los dichosos virus estan escondidos o ya los hemos eliminado. Por ahora no noto nada raro en el comportamiento del pc a excepción de los iconos del escritorio. Siguen sin guardarse en la posición que los dejo una vez reinicio el pc. Otra cosa de la que me he dado cuenta es que en la parte de arriba del explorador (uso firefox) en la barra de herramientas de marcadores, tengo una pestañita de búsqueda de google y simplemente ha dejado de funcionar; ni me deja escribir en ella y mucho menos buscar nada. No se si me he explicado bien

    6. #6
      Moderador
      Avatar de @DavidG_EB
      Registrado
      jul 2009
      Ubicación
      Mexico
      Mensajes
      10.633

      Re: Varios troyanos que no consigo eliminar.

      Hola

      Trata de reinstalar firefox o el componente que mencionas

      Igual realiza lo siguiente porfavor:
      Descarga Eset Smart Installer:
      Lo ejecutas como se indica en el manual y te aseguras de Activar las siguientes casillas antes de iniciar el escaneo:
      • Eliminar las amenazas detectadas
      • Analizar archivos
      • Analizar en busca de aplicaciones potencialmente indeseables
      • Analizar en busca de aplicaciones potencialmente peligrosas
      • Activar la tecnología Anti-Stealth
      Descarga USBfix
      USBFix | InfoSpyware
      Ejecuta USBfix segun su manual y con estas especificaciones:
      • De no ejecutarlo en modo seguro como se indica, desactiva temporalmente tu antivirus y cualquier programa de seguridad.
      • Conecta cualquier memoria USB, pendrive, o dispositivo extraible que quieras desinfectar y proteger en el proceso.
      • Presiona Supresion o Deletion y espera que el programa haga lo suyo.

      Nota: USBFix creara una carpeta oculta denominada ''Autorun.inf'' en cada partición, USB o disco extraíble conectado durante el análisis. Por favor, no elimine esa carpeta . Le protegerá de futuras infecciones.
      Nos traerias el reporte de Eset (%programfiles%\Eset\Eset Online Scanner\log.txt) y de USBfix (c:\usbfix.txt)

      Saludos
      ErdrickBass
      No importa lo fuerte que sea tu oponente. Lo importante es que estés de pie ante él

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de Marina1111
      Registrado
      sep 2012
      Ubicación
      Barcelona
      Mensajes
      8

      Re: Varios troyanos que no consigo eliminar.

      Ya vuelvo a estar por aquí.
      Dejo el reporte del Eset, encontró 5 virus y los puso en cuarentena.

      [email protected] as downloader log:
      all ok
      # version=7
      # OnlineScannerApp.exe=1.0.0.1
      # OnlineScanner.ocx=1.0.0.6583
      # api_version=3.0.2
      # EOSSerial=7dd65bef12cc8745b949dc71c0edd650
      # end=finished
      # remove_checked=true
      # archives_checked=true
      # unwanted_checked=true
      # unsafe_checked=true
      # antistealth_checked=true
      # utc_time=2012-09-17 01:45:53
      # local_time=2012-09-17 03:45:53 (+0100, Hora de verano romance)
      # country="Spain"
      # lang=3082
      # osver=6.0.6002 NT Service Pack 2
      # compatibility_mode=5892 16776574 100 56 2955434 185404120 0 0
      # compatibility_mode=8192 67108863 100 0 583 583 0 0
      # scanned=382800
      # found=5
      # cleaned=5
      # scan_time=9338
      C:\Users\Petits\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QHPX7DR\vipreplica_org[1].htm HTML/ScrInject.B.Gen virus (eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
      C:\Users\Petits\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RG35C9L\new_handbags[1].htm HTML/ScrInject.B.Gen virus (eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
      C:\Users\Petits\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CM5DLPYP\vipreplica_org[1].htm HTML/ScrInject.B.Gen virus (eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
      C:\Users\Petits\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CM5DLPYP\vipreplica_org[2].htm HTML/ScrInject.B.Gen virus (eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
      C:\Users\Petits\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBBSHZEY\new-online-dating_net[1].htm HTML/ScrInject.B.Gen virus (eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C


      El de UBSfix:

      ############################## | UsbFix V 7.096 | [Supresión]

      Usuario: Petits (Administrador) # PETITS1
      Actualizado el 15/08/2012 por El Desaparecido
      Comenzó a 18:46:11 | 17/09/2012

      Sitio web: http://eldesaparecido.com
      Foro: http://forum.eldesaparecido.com
      Archivo sospechoso ? : http://eldesaparecido.com/upload.php
      Contacto: [email protected]

      PC: HP-Pavilion (FR544AA-ABE a6645es) (x64-based PC) # Desktop Computer
      CPU: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz (2333)
      RAM -> [Total : 4094 | Free : 1499]
      BIOS: BIOS Date: 10/23/08 21:39:17 Ver: 5.32
      BOOT: Normal boot

      OS: Microsoft® Windows Vista™ Home Premium (6.0.6002 64-Bit) # Service Pack 2
      WB: Windows Internet Explorer 9.0.8112.16421

      SC: Security Center Service [Enabled]
      WU: Windows Update Service [Enabled]
      AV: Microsoft Security Essentials [(!) Disabled | Updated]
      FW: Windows FireWall Service [Enabled]

      C:\ (%systemdrive%) -> Disco fijo # 582 Gb (219 Mb libre(s) - 38%) [HP] # NTFS
      D:\ -> Disco fijo # 14 Gb (2 Mb libre(s) - 14%) [FACTORY_IMAGE] # NTFS
      E:\ -> CD-ROM

      ################## | Procesos Activos |

      C:\Windows\system32\csrss.exe (544)
      C:\Windows\system32\wininit.exe (596)
      C:\Windows\system32\csrss.exe (616)
      C:\Windows\system32\services.exe (652)
      C:\Windows\system32\lsass.exe (668)
      C:\Windows\system32\lsm.exe (676)
      C:\Windows\system32\winlogon.exe (752)
      C:\Windows\system32\svchost.exe (876)
      C:\Windows\system32\nvvsvc.exe (920)
      C:\Windows\system32\svchost.exe (952)
      c:\Program Files\Microsoft Security Client\MsMpEng.exe (1004)
      C:\Windows\System32\svchost.exe (640)
      C:\Windows\System32\svchost.exe (864)
      C:\Windows\system32\svchost.exe (796)
      C:\Windows\system32\svchost.exe (1080)
      C:\Windows\system32\SLsvc.exe (1100)
      C:\Windows\system32\svchost.exe (1148)
      C:\Windows\system32\svchost.exe (1276)
      C:\Windows\System32\spoolsv.exe (1588)
      C:\Windows\system32\svchost.exe (1612)
      C:\Windows\SysWOW64\svchost.exe (1848)
      C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (1892)
      C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (1880)
      C:\Program Files (x86)\Nero\Update\NASvc.exe (248)
      C:\Windows\system32\svchost.exe (2128)
      C:\Windows\SysWOW64\PSIService.exe (2148)
      C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (2184)
      C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (2216)
      C:\Windows\system32\svchost.exe (2272)
      C:\Windows\System32\svchost.exe (2320)
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2352)
      C:\Windows\system32\SearchIndexer.exe (2412)
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2592)
      C:\Windows\system32\WUDFHost.exe (2628)
      C:\Windows\system32\taskeng.exe (2888)
      C:\Windows\system32\Dwm.exe (1456)
      C:\Windows\system32\taskeng.exe (872)
      C:\Windows\Explorer.EXE (3096)
      C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (3272)
      C:\Program Files\Microsoft Security Client\msseces.exe (3292)
      C:\WINDOWS\ehome\ehtray.exe (3352)
      C:\hp\support\hpsysdrv.exe (3500)
      C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (3572)
      C:\Program Files\Windows Media Player\wmpnscfg.exe (3628)
      C:\Program Files\Windows Media Player\wmpnetwk.exe (3664)
      C:\Windows\ehome\ehmsas.exe (3256)
      C:\Windows\system32\svchost.exe (3616)
      C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (3640)
      C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (2268)
      C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (3936)
      c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (4120)
      C:\hp\kbd\kbd.exe (4280)
      C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (4980)
      C:\Windows\system32\taskeng.exe (2564)
      C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe (2260)
      C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2560)
      C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (6052)
      C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (5476)
      C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (2536)
      C:\Windows\SysWOW64\conime.exe (4676)
      C:\UsbFix\Go.exe (5404)
      C:\Windows\system32\wbem\wmiprvse.exe (6068)

      ################## | Procesos Parados |

      Parado! C:\Windows\system32\nvvsvc.exe (920)
      Parado! c:\Program Files\Microsoft Security Client\MsMpEng.exe (1004)
      Parado! C:\Windows\system32\SLsvc.exe (1100)
      Parado! C:\Windows\System32\spoolsv.exe (1588)
      Parado! C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (1892)
      Parado! C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (1880)
      Parado! C:\Program Files (x86)\Nero\Update\NASvc.exe (248)
      Parado! C:\Windows\SysWOW64\PSIService.exe (2148)
      Parado! C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (2184)
      Parado! C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (2216)
      Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2352)
      Parado! C:\Windows\system32\SearchIndexer.exe (2412)
      Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2592)
      Parado! C:\Windows\system32\WUDFHost.exe (2628)
      Parado! C:\Windows\system32\taskeng.exe (2888)
      Parado! C:\Windows\system32\taskeng.exe (872)
      Parado! C:\Program Files\Microsoft Security Client\msseces.exe (3292)
      Parado! C:\WINDOWS\ehome\ehtray.exe (3352)
      Parado! C:\hp\support\hpsysdrv.exe (3500)
      Parado! C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (3572)
      Parado! C:\Program Files\Windows Media Player\wmpnscfg.exe (3628)
      Parado! C:\Program Files\Windows Media Player\wmpnetwk.exe (3664)
      Parado! C:\Windows\ehome\ehmsas.exe (3256)
      Parado! C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (3640)
      Parado! C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (2268)
      Parado! C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (3936)
      Parado! c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (4120)
      Parado! C:\hp\kbd\kbd.exe (4280)
      Parado! C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (4980)
      Parado! C:\Windows\system32\taskeng.exe (2564)
      Parado! C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe (2260)
      Parado! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2560)
      Parado! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (6052)
      Parado! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (5476)
      Parado! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (2536)
      Parado! C:\Windows\SysWOW64\conime.exe (4676)

      ################## | Archivos # Carpetas infectadas |

      No suprimido ! E:\Autorun.exe
      Suprimido ! C:\$RECYCLE.BIN\S-1-5-20
      Suprimido ! C:\$RECYCLE.BIN\S-1-5-21-3365442718-3619873953-3573372052-1000
      Suprimido ! D:\$RECYCLE.BIN\S-1-5-21-1540418967-2499522288-1884013317-1000
      Suprimido ! D:\$RECYCLE.BIN\S-1-5-21-3365442718-3619873953-3573372052-1000
      Suprimido ! D:\$RECYCLE.BIN\S-1-5-21-4172095798-764186186-2404385666-1000
      Suprimido ! D:\$RECYCLE.BIN\S-1-5-21-582984981-2314123676-3055251068-1000
      Suprimido ! D:\$RECYCLE.BIN\S-1-5-21-582984981-2314123676-3055251068-500
      No suprimido ! E:\Autorun.inf

      (!) Archivos temporales suprimido.

      ################## | Registro |


      ################## | Mountpoints2 |

      Suprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{e26468c9-4856-11e1-9df0-806e6f6e6963}

      ################## | Listing |

      [17/09/2012 - 18:50:27 | SHD ] C:\$Recycle.Bin
      [06/05/2012 - 19:02:34 | D ] C:\aeat
      [26/01/2012 - 22:16:26 | D ] C:\Archivos de programa
      [27/01/2012 - 14:08:49 | SHD ] C:\Boot
      [11/04/2009 - 08:36:36 | RASH | 333257] C:\bootmgr
      [13/11/2008 - 04:34:18 | N | 8192] C:\BOOTSECT.BAK
      [26/01/2012 - 22:16:26 | SHD ] C:\Documents and Settings
      [21/05/2012 - 12:57:30 | D ] C:\DTRToll
      [31/01/2012 - 11:15:17 | D ] C:\hp
      [26/01/2012 - 22:20:54 | D ] C:\Intel
      [06/08/2012 - 21:58:11 | D ] C:\MSNCleaner
      [13/08/2012 - 23:00:18 | D ] C:\Nokia
      [24/06/2012 - 19:33:59 | D ] C:\NVIDIA
      [14/09/2012 - 11:31:54 | ASH | 4607787008] C:\pagefile.sys
      [21/01/2008 - 05:04:13 | D ] C:\PerfLogs
      [06/08/2012 - 22:34:07 | D ] C:\Program Files
      [17/09/2012 - 13:00:31 | D ] C:\Program Files (x86)
      [03/09/2012 - 15:29:05 | HD ] C:\ProgramData
      [21/05/2012 - 12:55:28 | D ] C:\Quarentena
      [21/05/2012 - 12:55:29 | N | 2557] C:\R_TKill.txt
      [17/09/2012 - 06:57:35 | SHD ] C:\System Volume Information
      [12/09/2012 - 19:15:48 | N | 115932] C:\TDSSKiller.2.8.8.0_12.09.2012_19.12.04_log.txt
      [12/09/2012 - 19:19:50 | N | 128908] C:\TDSSKiller.2.8.8.0_12.09.2012_19.19.15_log.txt
      [17/09/2012 - 18:50:27 | D ] C:\UsbFix
      [17/09/2012 - 18:46:21 | A | 8753] C:\UsbFix.txt
      [24/06/2012 - 13:48:56 | D ] C:\Users
      [23/08/2012 - 19:25:24 | D ] C:\WINDOWS
      [18/05/2012 - 18:17:47 | D ] C:\_OTM
      [13/08/2012 - 23:00:18 | D ] C:\??
      [17/09/2012 - 18:50:27 | D ] D:\$RECYCLE.BIN
      [27/01/2012 - 06:43:52 | SHD ] D:\boot
      [02/11/2006 - 03:53:58 | SH | 438840] D:\bootmgr
      [28/03/2008 - 20:54:00 | ASH | 1242] D:\Desktop.ini
      [26/01/2012 - 16:54:19 | N | 24] D:\DRECOVERY
      [27/01/2012 - 06:43:52 | D ] D:\hp
      [26/01/2012 - 16:55:36 | AH | 32] D:\HPCD.sys
      [26/01/2012 - 22:21:42 | N | 273] D:\Master.log
      [27/01/2012 - 06:09:59 | D ] D:\PC-Doctor for Win PE
      [03/06/2008 - 15:17:28 | AH | 422] D:\pcdr.ini
      [27/01/2012 - 06:43:52 | SHD ] D:\preload
      [19/06/2007 - 17:22:02 | AH | 182323] D:\protect.arabic
      [19/06/2007 - 17:22:06 | AH | 181572] D:\protect.catalan
      [19/06/2007 - 17:22:18 | AH | 181898] D:\protect.chinese hong kong
      [19/06/2007 - 17:22:18 | AH | 181916] D:\protect.chinese simplified
      [19/06/2007 - 17:22:18 | AH | 181898] D:\protect.chinese traditional
      [04/07/2007 - 13:31:50 | AH | 181735] D:\protect.czech
      [19/06/2007 - 17:22:04 | AH | 181680] D:\protect.danish
      [19/06/2007 - 17:22:12 | AH | 181605] D:\protect.dutch
      [19/06/2007 - 17:22:06 | AH | 181648] D:\protect.english
      [19/06/2007 - 17:22:06 | AH | 181648] D:\protect.finnish
      [19/06/2007 - 17:22:06 | AH | 181616] D:\protect.french
      [19/06/2007 - 17:22:04 | AH | 181650] D:\protect.german
      [04/07/2007 - 13:33:08 | AH | 182717] D:\protect.greek
      [04/07/2007 - 13:36:12 | AH | 182626] D:\protect.hebrew
      [19/06/2007 - 17:22:08 | AH | 181535] D:\protect.italian
      [19/06/2007 - 17:22:10 | AH | 182351] D:\protect.japanese
      [19/06/2007 - 17:22:10 | AH | 182043] D:\protect.korean
      [04/07/2007 - 13:39:14 | AH | 181562] D:\protect.norwegian
      [04/07/2007 - 13:39:52 | AH | 181741] D:\protect.polish
      [04/07/2007 - 13:40:52 | AH | 181617] D:\protect.portuguese
      [04/07/2007 - 13:40:30 | AH | 181866] D:\protect.portuguese brazilian
      [19/06/2007 - 17:22:14 | AH | 211936] D:\protect.russian
      [05/07/2007 - 12:32:24 | AH | 181959] D:\protect.serbian latin
      [04/07/2007 - 13:46:44 | AH | 181954] D:\protect.slovak
      [19/06/2007 - 17:22:06 | AH | 181572] D:\protect.spanish
      [04/07/2007 - 13:43:46 | AH | 181605] D:\protect.swedish
      [04/07/2007 - 13:44:58 | AH | 181829] D:\protect.turkish
      [26/01/2012 - 16:55:35 | RSH | 26] D:\RCBoot.sys
      [27/01/2012 - 06:43:52 | RD ] D:\RECOVERY
      [13/11/2008 - 06:49:55 | SH | 45] D:\RESTORE.INI
      [27/01/2012 - 06:43:52 | SHD ] D:\SOURCES
      [25/11/2008 - 21:54:31 | SHD ] D:\System Volume Information
      [13/11/2008 - 06:49:57 | D ] D:\Windows
      [18/04/2009 - 20:11:01 | D ] D:\~MSSETUP.T
      [10/04/2009 - 03:52:04 | RA | 12292] E:\.DS_Store
      [30/04/2009 - 05:03:45 | RAD ] E:\.background
      [10/04/2009 - 03:59:38 | RA | 253] E:\.hidden
      [30/04/2009 - 04:57:32 | RA | 54544] E:\Autorun.exe
      [22/10/2008 - 01:48:37 | RA | 45] E:\Autorun.inf
      [30/04/2009 - 04:58:40 | RAD ] E:\Caches
      [30/04/2009 - 04:59:14 | RAD ] E:\Game
      [30/04/2009 - 04:58:40 | RAD ] E:\GameData
      [20/06/2008 - 03:06:56 | RA | 555520] E:\ISSetup.dll
      [22/10/2008 - 01:48:38 | RA | 174684] E:\Sims3.ico
      [30/04/2009 - 05:03:35 | RA | 398608] E:\Sims3Setup.exe
      [30/04/2009 - 05:03:33 | RAD ] E:\Support
      [30/04/2009 - 05:03:37 | RAD ] E:\The SIMS(tm) 3 Install.app
      [30/04/2009 - 04:59:14 | RAD ] E:\Thumbnails
      [05/03/2009 - 22:33:50 | RA | 319488] E:\_Setup.dll
      [30/04/2009 - 04:58:00 | RA | 3204962] E:\data1.cab
      [30/04/2009 - 04:57:58 | RA | 195056] E:\data1.hdr
      [30/04/2009 - 05:03:29 | RA | 512] E:\data2.cab
      [12/08/2008 - 23:02:42 | RA | 10134] E:\eauninstall.ico
      [30/04/2009 - 05:03:46 | RAD ] E:\installer
      [30/04/2009 - 05:03:29 | RA | 25506] E:\layout.bin
      [03/10/2008 - 21:46:08 | RA | 164463] E:\setup.gif
      [30/04/2009 - 04:57:48 | RA | 707] E:\setup.ini
      [30/04/2009 - 04:57:38 | RA | 354226] E:\setup.inx
      [28/03/2009 - 08:29:46 | RA | 548828] E:\setup.isn
      [30/04/2009 - 04:57:12 | RA | 152] E:\skuversion.txt

      ################## | Vaccin |

      C:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)
      D:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)

      ################## | Upload |

      Por favor, envie el archivo: C:\UsbFix_Upload_Me_PETITS1.zip
      http://eldesaparecido.com/upload.php
      Gracias por su contribución.

      ################## | E.O.F |

      Vamos avanzando, eliminamos virus pero los iconos siguen colocandose como quieren.

      Aquí espero las siguientes instrucciones. Gracias.

    8. #8
      Moderador
      Avatar de @DavidG_EB
      Registrado
      jul 2009
      Ubicación
      Mexico
      Mensajes
      10.633

      Re: Varios troyanos que no consigo eliminar.

      Hola

      Esta algo dificil, programa que pasamos programa que detecta cosas, con excepcion de TDSSKiller y malwarebytes

      Ejecuta USBfix y presiona en Desinstalar/Uninstall

      Antes de arreglar directamente lo que podamos de los iconos hay que asegurarnos primero que el equipo esta limpio y si no limpiarlo. No se si estes deacuerdo

      Si esto fue causado por una infeccion pues ya te imaginaras que mientras siga no nos permitira reparar nada

      Como tuviste o tienes ZeroAccess realiza lo siguiente:
      Despues esto:
      Realiza un escaneo con PandaActiveScan segun su manual y al terminar no olvides presionar sobre para guardar el reporte.

      Notas de panda:
      Si usas Mozilla instala IEtab.
      Si usas IE9 ejecutalo en su modo de compatibilidad
      Nos traerias ese reporte

      Saludos
      ErdrickBass
      No importa lo fuerte que sea tu oponente. Lo importante es que estés de pie ante él

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de Marina1111
      Registrado
      sep 2012
      Ubicación
      Barcelona
      Mensajes
      8

      Re: Varios troyanos que no consigo eliminar.

      Buenos días

      Entiendo perfectamente que hay que eliminar del pc las infecciones antes que arreglar el problema de los iconos, sólo te lo decía para informarte de como va todo. Al fin y al cabo, yo de esto no entiendo y me limito a seguir las pautas que me marcas

      He desinstalado USBfix, he seguido los pasos de "Cómo reparar Windows Update, Win Defender, Firewall después de ZA.?" pero no ha servido de mucho. Desde que me infecté con el ZeroAccess no puedo acceder al Win Defender y tampoco me ha dejado acceder después de seguir esos pasos.

      Dejo reporte del PandaActiveScan

      Código:
      ;***********************************************************************************************************************************************************************************
      ANALYSIS: 2012-09-18 11:37:22
      PROTECTIONS: 1
      MALWARE: 10
      SUSPECTS: 1
      ;***********************************************************************************************************************************************************************************
      PROTECTIONS
      Description                                  Version                       Active    Updated
      ;===================================================================================================================================================================================
      Microsoft Security Essentials                                              No        Yes
      ;===================================================================================================================================================================================
      MALWARE
      Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
      ;===================================================================================================================================================================================
      00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\users\petits\appdata\roaming\microsoft\windows\cookies\l2li3a2t.txt
      00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\users\petits\appdata\roaming\microsoft\windows\cookies\low\hw2h7hkf.txt
      00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\users\petits\appdata\roaming\microsoft\windows\cookies\l31t1uxp.txt
      00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           c:\users\petits\appdata\roaming\microsoft\windows\cookies\w3e728ri.txt
      00167753  Cookie/Statcounter                 TrackingCookie      No        0         Yes            No           c:\users\petits\appdata\roaming\microsoft\windows\cookies\j6oxla5j.txt
      00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           c:\users\petits\appdata\roaming\microsoft\windows\cookies\p5191bov.txt
      00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\users\petits\appdata\roaming\microsoft\windows\cookies\sweera3q.txt
      00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\users\petits\appdata\roaming\microsoft\windows\cookies\s46qnkzb.txt
      00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           c:\users\petits\appdata\roaming\microsoft\windows\cookies\kprl533f.txt
      00194327  Cookie/Go                          TrackingCookie      No        0         Yes            No           c:\users\petits\appdata\roaming\microsoft\windows\cookies\0omtotjr.txt
      00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           c:\users\petits\appdata\roaming\microsoft\windows\cookies\low\l5xppn1b.txt
      03009106  W32/Xor-encoded.A                  Virus               No        0         Yes            No           c:\users\petits\doctorweb\quarantine\{f42e61c0-bb0b-d1d9-2564-e1d52223af7b}-wvbgx9u[10
      ;===================================================================================================================================================================================
      SUSPECTS
      Sent      Location
      ;===================================================================================================================================================================================
      No        c:\users\petits\desktop\usbfix.exe
      ;===================================================================================================================================================================================
      VULNERABILITIES
      Id        Severity       Description
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================

      Gracias por los desvelos Espero los siguientes pasos a realizar.
      Saludos.

    10. #10
      Moderador
      Avatar de @DavidG_EB
      Registrado
      jul 2009
      Ubicación
      Mexico
      Mensajes
      10.633

      Re: Varios troyanos que no consigo eliminar.

      Hola

      Parece un poco mejor, realiza lo siguiente:
      Descarga FIxWin:
      Manual de FixWin
      Ejecuta su utilidad "System File Cheker Utility" y realiza un punto de restauracion.

      Ve a Herramientas del sistema y dale fix a los siguientes segun el manual:
      Repare Windows Defender. Repara toda la configuración de registro y de servicios de Windows Defender a su valor predeterminado.

      Centro de seguridad de Windows o el Centro de Acción no reconocen el Antivirus o Firewall, o aun detecta antiguos programas de seguridad.
      Ve a Correcciones Adicionales y dale fix a:
      Soluciona Iconos de Escritorios Corruptos. Limpie y reconstruya Iconos corruptos de Caché e incremente el límite de iconos de caché.
      Reinicias las veces necesarias y nos comentas.

      Saludos
      ErdrickBass
      No importa lo fuerte que sea tu oponente. Lo importante es que estés de pie ante él

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo