• Registrarse
  • Iniciar sesión


  • Resultados 1 al 6 de 6

    Ayuda para eliminar troyano Java/Adwind.AAU troyan (Solucionado)

    Buenas. Por favor, necesito ayuda para eliminar algún troyano que se me ha colado por el email. Tengo el antivirus NOD32 y me ha detectado el Java/Adwind.AAU. He hecho un escaneo y dice que me ...

          
    1. #1
      Usuario Avatar de nostromo_88
      Registrado
      oct 2010
      Ubicación
      Oviedo
      Mensajes
      24

      Ayuda para eliminar troyano Java/Adwind.AAU troyan (Solucionado)

      Buenas.

      Por favor, necesito ayuda para eliminar algún troyano que se me ha colado por el email.

      Tengo el antivirus NOD32 y me ha detectado el Java/Adwind.AAU. He hecho un escaneo y dice que me lo ha desinfectado, pero el ordenador me da síntomas de que no es así, ya que a cada poco me sale una ventana de emergencia del Nod32 comentando "Address has been blocked"

      A ver si alguien me puede echar un cable y proceder a desinfectar el pc con las instrucciones que me vayáis dando.

      Gracias

    2. #2
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      8.973

      Re: Ayuda para eliminar troyano Java/Adwind.AAU troyan

      Antes de comenzar actualiza JAVA

      Vamos a realizar estos pasos en modo normal, es importante que leas con detenemiento y sin ejecutarlas haz lo siguiente:


      1. Descarga en tú escritorio el TDSSKiller pero NO la ejecutes aún.
      2. Descarga e instala Malwarebytes. tras su instalación cierra el programa.

      Paso 1º Ejecute TDSSkiller,acepte las condiciones y licencia de Kaspesrky y siga estos pasos:

      1. Haga clic sobre "Change parameters" y marque las opciones:
      2. Verify Driver Digital Signature;
      3. Detect TDLFS file system
      4. Use KSN to scan objects
      5. Haga clic en OK, y luego presione el botón Start Scan.
      6. Si se detecta un archivo infectado, la acción por defecto será Cure, haga clic en Continue.
      7. Si se detecta un archivo sospechoso, la acción por defecto será Skip, haga clic en Continue.
      8. Se le puede pedir que reinicie el equipo para completar el proceso. Hacer clic en "Reboot Computer".
      9. Una vez completado, se generara un log en la raíz del disco duro (Por lo general es el disco C:) como:
        C:\TDSSKiller.x.xx.x_xx.xx.xxxx_xx.xx.xx_log.txt donde "x.xx.x_xx.xx.xxxx_xx.xx.xx" son versión, fecha y hora.
      10. Copie y pegue el final del reporte donde indica los archivos infectados/curados.. en su siguiente respuesta en este mismo tema para continuar.
      Paso 2º Ejecutamos Malwarebytes y realizamos lo siguiente:


      1. En la ventana principal pulsamos en donde pone Update Now en la columna " Data versión"
      2. Luego pestaña "SCAN" y luego a "Custom Scan" y seguido a "Scan Now"
      3. En la parte izquierda marcas la opción " Scan for Rootkits" y en la parte derecha marca todos los discos duros que tengas y le das a " Start Scan"
      4. Tras acabar el análisis debemos de pulsar en "Todos a Cuarentena" y reiniciar la máquina.
      5. Una vez reiniciado copia el reporte en tú proxima respuesta.


      Paso 3er

      Analiza tú máquina con ESET Online Scanner siguiendo los pasos con detenimiento
      Bien, una vez acabado el nod32 pega el reporte, una vez que lo tengamos ya continuamos con más pasos sí fuese necesario

      Resumen:

      • Colocar el reporte del Malwarebytes.
      • Colocar el reporte del TDSSkiller.
      • Colocar el reporte del ESET Online Scanner.
      • Comenta como va el ordenador.

      Un saludo.
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de nostromo_88
      Registrado
      oct 2010
      Ubicación
      Oviedo
      Mensajes
      24

      Re: Ayuda para eliminar troyano Java/Adwind.AAU troyan

      Buenas.
      Gracias por las instrucciones. El ordenador parece que va mejor. Estaré alerta durante unos dias, a ver cómo se comporta definitivamente.

      Os coloco los reportes:

      - Malwarebytes:

      -Detalles del registro-
      Fecha del análisis: 2/11/17
      Hora del análisis: 16:20
      Archivo de registro: 56e5d108-bfe1-11e7-84c1-3417eba54ae6.json
      Administrador: Sí

      -Información del software-
      Versión: 3.2.2.2029
      Versión de los componentes: 1.0.212
      Versión del paquete de actualización: 1.0.3159
      Licencia: Prueba

      -Información del sistema-
      SO: Windows 10 (Build 15063.674)
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: JORGE\Jorge

      -Resumen del análisis-
      Tipo de análisis: Análisis personalizado
      Resultado: Completado
      Objetos analizados: 510202
      Amenazas detectadas: 3
      Amenazas en cuarentena: 0
      (No hay elementos maliciosos detectados)
      Tiempo transcurrido: 6 hr, 1 min, 44 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Activado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 3
      PUP.Optional.Radmin, C:\TST_INTEGRA\SOPORTE\ARANCHATST.EXE, Sin acciones por parte del usuario, [7140], [86095],1.0.3159
      PUP.Optional.Radmin, C:\TST_INTEGRA\SOPORTE\MAITETST.EXE, Sin acciones por parte del usuario, [7140], [86095],1.0.3159
      PUP.Optional.Radmin, C:\TST_INTEGRA\SOPORTE\TALLERTST.EXE, Sin acciones por parte del usuario, [7140], [86095],1.0.3159

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

      - TDSSkiller:
      16:09:23.0190 0x0b5c TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
      16:09:29.0602 0x0b5c ============================================================
      16:09:29.0602 0x0b5c Current date / time: 2017/11/02 16:09:29.0602
      16:09:29.0602 0x0b5c SystemInfo:
      16:09:29.0602 0x0b5c
      16:09:29.0602 0x0b5c OS Version: 10.0.15063 ServicePack: 0.0
      16:09:29.0602 0x0b5c Product type: Workstation
      16:09:29.0602 0x0b5c ComputerName: JORGE
      16:09:29.0602 0x0b5c UserName: Jorge
      16:09:29.0602 0x0b5c Windows directory: C:\WINDOWS
      16:09:29.0602 0x0b5c System windows directory: C:\WINDOWS
      16:09:29.0602 0x0b5c Running under WOW64
      16:09:29.0602 0x0b5c Processor architecture: Intel x64
      16:09:29.0602 0x0b5c Number of processors: 4
      16:09:29.0602 0x0b5c Page size: 0x1000
      16:09:29.0602 0x0b5c Boot type: Normal boot
      16:09:29.0602 0x0b5c CodeIntegrityOptions = 0x00000001
      16:09:29.0602 0x0b5c ============================================================
      16:09:30.0133 0x0b5c KLMD registered as C:\WINDOWS\system32\drivers\58083018.sys
      16:09:30.0133 0x0b5c KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 15063.0, osProperties = 0x19
      16:09:30.0633 0x0b5c System UUID: {E5EBA866-898F-E517-DEAE-61EAB16FBBD5}
      16:09:31.0274 0x0b5c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
      16:09:31.0368 0x0b5c ============================================================
      16:09:31.0368 0x0b5c \Device\Harddisk0\DR0:
      16:09:31.0368 0x0b5c MBR partitions:
      16:09:31.0368 0x0b5c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B91000
      16:09:31.0368 0x0b5c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BA5000, BlocksNum 0x2C490800
      16:09:31.0383 0x0b5c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2E036000, BlocksNum 0xC34F800
      16:09:31.0383 0x0b5c ============================================================
      16:09:31.0477 0x0b5c C: <-> \Device\Harddisk0\DR0\Partition2
      16:09:31.0508 0x0b5c D: <-> \Device\Harddisk0\DR0\Partition3
      16:09:31.0508 0x0b5c ============================================================
      16:09:31.0508 0x0b5c Initialize success
      16:09:31.0508 0x0b5c ============================================================
      16:10:44.0268 0x1b80 ============================================================
      16:10:44.0268 0x1b80 Scan started
      16:10:44.0268 0x1b80 Mode: Manual; SigCheck; TDLFS;
      16:10:44.0268 0x1b80 ============================================================
      16:10:44.0268 0x1b80 KSN ping started
      16:10:44.0378 0x1b80 KSN ping finished: true
      16:10:51.0523 0x1b80 ================ Scan system memory ========================
      16:10:51.0523 0x1b80 System memory - ok
      16:10:51.0523 0x1b80 ================ Scan services =============================
      16:10:51.0616 0x1b80 [ 98E06CAC2C508118450095E581202230, 8FC6C08487F2A481A28F1E5E500B61A21B7A0D44B342F9F887017D6FAE4F87F4 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
      16:10:51.0679 0x1b80 !SASCORE - ok
      16:10:51.0851 0x1b80 1394ohci - ok
      16:10:51.0866 0x1b80 3ware - ok
      16:10:51.0882 0x1b80 ACPI - ok
      16:10:51.0898 0x1b80 AcpiDev - ok
      16:10:51.0898 0x1b80 acpiex - ok
      16:10:51.0913 0x1b80 acpipagr - ok
      16:10:51.0929 0x1b80 AcpiPmi - ok
      16:10:51.0945 0x1b80 acpitime - ok
      16:10:52.0054 0x1b80 [ A53405A42D5EC519714F7ACB8C38CFA4, 72163C073FC6FF88EEA9E49165B881047E185BDD9E295B4DA3BA08ABED4B45A2 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
      16:10:52.0085 0x1b80 AcrSch2Svc - ok
      16:10:52.0116 0x1b80 [ 4DC1B5F3AF4C25FBA19874D37844B396, 5EC841084D00B8832BF49A5A9AD40B3BB7A7FCCA563ACB45A170790F6175A522 ] ACSSCR C:\WINDOWS\system32\DRIVERS\a38usb.sys
      16:10:52.0163 0x1b80 ACSSCR - ok
      16:10:52.0226 0x1b80 [ 9B112FDA1D5FB7B75627461001AC692A, 2EDF7C8FD59CD5FCD19FA528F60CBD6DDB9A8076AE0280B11D8EA8EAF7D39958 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      16:10:52.0257 0x1b80 AdobeARMservice - ok
      16:10:52.0288 0x1b80 ADP80XX - ok
      16:10:52.0429 0x1b80 [ B048C87A82322C06F0F22C7627D60B57, CA24E2007340F2C773137D3B709D5EED58B37BE19901D44A96FB77C8D063AE54 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
      16:10:52.0570 0x1b80 afcdpsrv - ok
      16:10:52.0585 0x1b80 AFD - ok
      16:10:52.0585 0x1b80 ahcache - ok
      16:10:52.0601 0x1b80 AJRouter - ok
      16:10:52.0616 0x1b80 ALG - ok
      16:10:52.0616 0x1b80 AmdK8 - ok
      16:10:52.0616 0x1b80 AmdPPM - ok
      16:10:52.0632 0x1b80 amdsata - ok
      16:10:52.0632 0x1b80 amdsbs - ok
      16:10:52.0632 0x1b80 amdxata - ok
      16:10:52.0695 0x1b80 [ 53EA061ECC67223A430F153C3682AD54, 55ACC25231C1A0B010A253263A47D71F724B124B334952BF86505B33D7CC3358 ] Apache2.2 C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
      16:10:52.0757 0x1b80 Apache2.2 - detected UnsignedFile.Multi.Generic ( 1 )
      16:10:52.0882 0x1b80 Detect skipped due to KSN trusted
      16:10:52.0882 0x1b80 Apache2.2 - ok
      16:10:52.0945 0x1b80 AppHostSvc - ok
      16:10:52.0976 0x1b80 AppID - ok
      16:10:53.0023 0x1b80 AppIDSvc - ok
      16:10:53.0023 0x1b80 Appinfo - ok
      16:10:53.0085 0x1b80 applockerfltr - ok
      16:10:53.0085 0x1b80 AppMgmt - ok
      16:10:53.0101 0x1b80 AppReadiness - ok
      16:10:53.0116 0x1b80 AppVClient - ok
      16:10:53.0148 0x1b80 AppvStrm - ok
      16:10:53.0148 0x1b80 AppvVemgr - ok
      16:10:53.0163 0x1b80 AppvVfs - ok
      16:10:53.0179 0x1b80 AppXSvc - ok
      16:10:53.0210 0x1b80 arcsas - ok
      16:10:53.0304 0x1b80 aspnet_state - ok
      16:10:53.0304 0x1b80 AsyncMac - ok
      16:10:53.0335 0x1b80 atapi - ok
      16:10:53.0351 0x1b80 AudioEndpointBuilder - ok
      16:10:53.0367 0x1b80 Audiosrv - ok
      16:10:53.0382 0x1b80 AxInstSV - ok
      16:10:53.0382 0x1b80 b06bdrv - ok
      16:10:53.0398 0x1b80 BasicDisplay - ok
      16:10:53.0413 0x1b80 BasicRender - ok
      16:10:53.0413 0x1b80 bcmfn2 - ok
      16:10:53.0429 0x1b80 BDESVC - ok
      16:10:53.0445 0x1b80 Beep - ok
      16:10:53.0460 0x1b80 BFE - ok
      16:10:53.0460 0x1b80 BITS - ok
      16:10:53.0476 0x1b80 bowser - ok
      16:10:53.0476 0x1b80 BrokerInfrastructure - ok
      16:10:53.0492 0x1b80 Browser - ok
      16:10:53.0538 0x1b80 [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
      16:10:53.0585 0x1b80 BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
      16:10:53.0742 0x1b80 Detect skipped due to KSN trusted
      16:10:53.0742 0x1b80 BrYNSvc - ok
      16:10:53.0788 0x1b80 BthAvrcpTg - ok
      16:10:53.0820 0x1b80 BthHFEnum - ok
      16:10:53.0835 0x1b80 bthhfhid - ok
      16:10:53.0835 0x1b80 BthHFSrv - ok
      16:10:53.0835 0x1b80 BTHMODEM - ok
      16:10:53.0867 0x1b80 bthserv - ok
      16:10:53.0898 0x1b80 buttonconverter - ok
      16:10:53.0913 0x1b80 CAD - ok
      16:10:53.0945 0x1b80 CapImg - ok
      16:10:53.0945 0x1b80 cdfs - ok
      16:10:53.0960 0x1b80 CDPSvc - ok
      16:10:53.0960 0x1b80 CDPUserSvc - ok
      16:10:53.0992 0x1b80 cdrom - ok
      16:10:54.0018 0x1b80 CertPropSvc - ok
      16:10:54.0022 0x1b80 cht4iscsi - ok
      16:10:54.0025 0x1b80 cht4vbd - ok
      16:10:54.0029 0x1b80 circlass - ok
      16:10:54.0033 0x1b80 CldFlt - ok
      16:10:54.0054 0x1b80 CLFS - ok
      16:10:54.0317 0x1b80 [ BD253BDA167B9C2874B68B07B500673B, 3F9CC7D8DFE81200623CC345B6D9C3822C0E3B92427702197261477366B3963D ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
      16:10:54.0546 0x1b80 ClickToRunSvc - ok
      16:10:54.0577 0x1b80 ClipSVC - ok
      16:10:54.0598 0x1b80 clreg - ok
      16:10:54.0628 0x1b80 CmBatt - ok
      16:10:54.0651 0x1b80 CNG - ok
      16:10:54.0675 0x1b80 cnghwassist - ok
      16:10:54.0727 0x1b80 CompositeBus - ok
      16:10:54.0731 0x1b80 COMSysApp - ok
      16:10:54.0735 0x1b80 condrv - ok
      16:10:54.0751 0x1b80 CoreMessagingRegistrar - ok
      16:10:54.0837 0x1b80 [ A28D6FA203CE094BDE7ED8CEC6079E42, 5DCA8BA21F5FD0D9F00620E7592949ABCF3BA202CF7AF3D84F93DF7C13E2D4C9 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
      16:10:56.0853 0x1b80 cphs - ok
      16:10:56.0884 0x1b80 CryptSvc - ok
      16:10:56.0884 0x1b80 CSC - ok
      16:10:56.0899 0x1b80 CscService - ok
      16:10:56.0899 0x1b80 dam - ok
      16:10:56.0931 0x1b80 [ E1617EC33B0B88FEC429BF6EB7B9FA52, 8F9A784674DDF4B2924645836AB03BA54D714FA16BB9130EE36E96C6D2073D6A ] dcdbas C:\WINDOWS\System32\drivers\dcdbas64.sys
      16:10:57.0009 0x1b80 dcdbas - ok
      16:10:57.0056 0x1b80 DcomLaunch - ok
      16:10:57.0071 0x1b80 defragsvc - ok
      16:10:57.0134 0x1b80 [ F99467B497644C9F107876A510E8CB10, 66551E4A01106AFAC3BFB07D1E6E8CDB2AEEDB6A6BB0C7D9665AE287EC3A0A3C ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
      16:10:57.0149 0x1b80 DellDigitalDelivery - ok
      16:10:57.0196 0x1b80 DeviceAssociationService - ok
      16:10:57.0196 0x1b80 DeviceInstall - ok
      16:10:57.0196 0x1b80 DevicesFlowUserSvc - ok
      16:10:57.0212 0x1b80 DevQueryBroker - ok
      16:10:57.0212 0x1b80 Dfsc - ok
      16:10:57.0243 0x1b80 [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
      16:10:57.0274 0x1b80 dg_ssudbus - ok
      16:10:57.0274 0x1b80 Dhcp - ok
      16:10:57.0321 0x1b80 diagnosticshub.standardcollector.service - ok
      16:10:57.0353 0x1b80 DiagTrack - ok
      16:10:57.0368 0x1b80 Disk - ok
      16:10:57.0399 0x1b80 DmEnrollmentSvc - ok
      16:10:57.0415 0x1b80 dmvsc - ok
      16:10:57.0431 0x1b80 dmwappushservice - ok
      16:10:57.0462 0x1b80 Dnscache - ok
      16:10:57.0478 0x1b80 dot3svc - ok
      16:10:57.0478 0x1b80 DPS - ok
      16:10:57.0524 0x1b80 drmkaud - ok
      16:10:57.0540 0x1b80 DsmSvc - ok
      16:10:57.0540 0x1b80 DsSvc - ok
      16:10:57.0571 0x1b80 DusmSvc - ok
      16:10:57.0571 0x1b80 DXGKrnl - ok
      16:10:57.0618 0x1b80 [ 40C02799EE2421B0BE402D972CDC49CA, CB34EE412516D97B6F0831BE6B0AB9DBFAA6CC9A949183C96EF985D9DD264743 ] e1cexpress C:\WINDOWS\system32\DRIVERS\e1c65x64.sys
      16:10:57.0634 0x1b80 e1cexpress - ok
      16:10:57.0696 0x1b80 [ F1096DCF5E19FA624062C7CA8C8C9183, 830E69A84C4EE9C61ADE1A893DBFFD032B6923746B8265A451069681BBD35155 ] eamonm C:\WINDOWS\system32\DRIVERS\eamonm.sys
      16:10:57.0696 0x1b80 eamonm - ok
      16:10:57.0728 0x1b80 EapHost - ok
      16:10:57.0728 0x1b80 ebdrv - ok
      16:10:57.0759 0x1b80 EFS - ok
      16:10:57.0790 0x1b80 [ F1D90D6628C73830432CDBC8A1497C9F, 4B8D0A2ADAEFA67F7A9B08C0E59B2E0F400E6E54ED042F23C0207DBFD34126DB ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
      16:10:57.0806 0x1b80 ehdrv - ok
      16:10:57.0821 0x1b80 EhStorClass - ok
      16:10:57.0837 0x1b80 EhStorTcgDrv - ok
      16:10:57.0915 0x1b80 [ 10642966D9BF86FC694BD84965AC0293, 180DF6F35C0CD09398EB82E0FA6F43C4840617B9EED95544074D014A612BB907 ] EHttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\ehttpsrv.exe
      16:10:57.0931 0x1b80 EHttpSrv - ok
      16:10:58.0024 0x1b80 [ 3F473F4618657BC2E1451EAE5C705AC6, 314E519166503B32286267B5F948814E6A508C0A1B14DDE1E3B6D8E380E63802 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
      16:10:58.0071 0x1b80 ekrn - ok
      16:10:58.0149 0x1b80 [ 4BF31477A5AB8B15E741E71F446A7EE2, 261764CEBBF1EE7E03BB122AC9DD2A405BBBE243EDEFDB40CE939F77F0B26875 ] EmbassyService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
      16:10:58.0165 0x1b80 EmbassyService - ok
      16:10:58.0212 0x1b80 embeddedmode - ok
      16:10:58.0212 0x1b80 EntAppSvc - ok
      16:10:58.0243 0x1b80 [ 34949D6AE508C59A8BC5351EFD90882E, 349945D12E2BDF5494439F32E467DD2B15A6257357B68B4F5FE28DE18287831D ] epfwwfpr C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys
      16:10:58.0243 0x1b80 epfwwfpr - ok
      16:10:58.0275 0x1b80 ErrDev - ok
      16:10:58.0290 0x1b80 [ 0DA76960ACE0FB0B78794C4837B6E206, 7CE092AD5B5464DECB9831D0E1C6539C7D45497B380F4CB3992AA54466424575 ] eshasrv C:\Program Files\ESET\ESET NOD32 Antivirus\eshasrv.exe
      16:10:58.0306 0x1b80 eshasrv - ok
      16:10:58.0337 0x1b80 EventSystem - ok
      16:10:58.0353 0x1b80 exfat - ok
      16:10:58.0353 0x1b80 fastfat - ok
      16:10:58.0368 0x1b80 Fax - ok
      16:10:58.0384 0x1b80 fdc - ok
      16:10:58.0431 0x1b80 fdPHost - ok
      16:10:58.0431 0x1b80 FDResPub - ok
      16:10:58.0431 0x1b80 fhsvc - ok
      16:10:58.0446 0x1b80 FileCrypt - ok
      16:10:58.0446 0x1b80 FileInfo - ok
      16:10:58.0462 0x1b80 Filetrace - ok
      16:10:58.0493 0x1b80 [ 85A063C15DC49543700B73084E16CF06, 50A946B03296D674550570BD7301EEA972F6CAF0F4ACCB05EA2303977739E39A ] file_tracker C:\WINDOWS\system32\DRIVERS\file_tracker.sys
      16:10:58.0509 0x1b80 file_tracker - ok
      16:10:58.0556 0x1b80 FirebirdGuardianDefaultInstance - ok
      16:10:58.0556 0x1b80 FirebirdServerDefaultInstance - ok
      16:10:58.0571 0x1b80 flpydisk - ok
      16:10:58.0571 0x1b80 FltMgr - ok
      16:10:58.0618 0x1b80 [ AFCF6AAE1602877AB261F64D853F5385, E16BB9A5E6605B5AFB4B44904285540C98EEBDA74D1A731B9D247AA098EA0FE4 ] fltsrv C:\WINDOWS\system32\DRIVERS\fltsrv.sys
      16:10:58.0618 0x1b80 fltsrv - ok
      16:10:58.0650 0x1b80 FontCache - ok
      16:10:58.0759 0x1b80 FontCache3.0.0.0 - ok
      16:10:58.0790 0x1b80 FrameServer - ok
      16:10:58.0821 0x1b80 FsDepends - ok
      16:10:58.0837 0x1b80 Fs_Rec - ok
      16:10:58.0853 0x1b80 fvevol - ok
      16:10:58.0884 0x1b80 gencounter - ok
      16:10:58.0884 0x1b80 genericusbfn - ok
      16:10:58.0900 0x1b80 GPIOClx0101 - ok
      16:10:58.0900 0x1b80 gpsvc - ok
      16:10:58.0915 0x1b80 GpuEnergyDrv - ok
      16:10:58.0978 0x1b80 HDAudBus - ok
      16:10:58.0993 0x1b80 HidBatt - ok
      16:10:59.0009 0x1b80 HidBth - ok
      16:10:59.0009 0x1b80 hidi2c - ok
      16:10:59.0025 0x1b80 hidinterrupt - ok
      16:10:59.0025 0x1b80 HidIr - ok
      16:10:59.0025 0x1b80 hidserv - ok
      16:10:59.0040 0x1b80 HidUsb - ok
      16:10:59.0056 0x1b80 HomeGroupListener - ok
      16:10:59.0071 0x1b80 HomeGroupProvider - ok
      16:10:59.0087 0x1b80 HpSAMD - ok
      16:10:59.0087 0x1b80 HTTP - ok
      16:10:59.0103 0x1b80 HvHost - ok
      16:10:59.0150 0x1b80 hvservice - ok
      16:10:59.0165 0x1b80 hwpolicy - ok
      16:10:59.0165 0x1b80 hyperkbd - ok
      16:10:59.0181 0x1b80 i8042prt - ok
      16:10:59.0181 0x1b80 iagpio - ok
      16:10:59.0196 0x1b80 iai2c - ok
      16:10:59.0196 0x1b80 iaLPSS2i_GPIO2 - ok
      16:10:59.0212 0x1b80 iaLPSS2i_GPIO2_BXT_P - ok
      16:10:59.0212 0x1b80 iaLPSS2i_I2C - ok
      16:10:59.0212 0x1b80 iaLPSS2i_I2C_BXT_P - ok
      16:10:59.0228 0x1b80 iaLPSSi_GPIO - ok
      16:10:59.0228 0x1b80 iaLPSSi_I2C - ok
      16:10:59.0228 0x1b80 iaStorAV - ok
      16:10:59.0243 0x1b80 iaStorV - ok
      16:10:59.0243 0x1b80 ibbus - ok
      16:10:59.0259 0x1b80 icssvc - ok
      16:10:59.0384 0x1b80 [ 9CE4D3A79D3180AC5A141E2F7E7137F4, 1D717D2156B78632895281779D2646AB066619EA1DB293A9505BF7C174F53271 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
      16:10:59.0493 0x1b80 igfx - ok
      16:10:59.0509 0x1b80 [ 6A9C613D0F5F9676D128F39B63ACE45B, 027B9568C740E336C7CBBE952309E2719E8FFA14E7DFC2B85B49E0C0CE7D2149 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
      16:10:59.0525 0x1b80 igfxCUIService1.0.0.0 - ok
      16:10:59.0540 0x1b80 IKEEXT - ok
      16:10:59.0556 0x1b80 IndirectKmd - ok
      16:10:59.0587 0x1b80 [ 41CD73C13FCAEA4942F0CF7608B7530F, 835BF370E6624975E3CB7106D4835488D6F527C545E7B0ECD26A161D36CABABB ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
      16:10:59.0587 0x1b80 intaud_WaveExtensible - ok
      16:10:59.0650 0x1b80 [ E5063181E33BEFF9AF46358DD9778FAF, 2F5E571FB3C5C2223AE002DDC7A4B906A8C618A16BCD1457309A562343431A5B ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTDVHD64.sys
      16:10:59.0728 0x1b80 IntcAzAudAddService - ok
      16:10:59.0743 0x1b80 [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
      16:10:59.0822 0x1b80 IntcDAud - ok
      16:10:59.0915 0x1b80 [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
      16:10:59.0962 0x1b80 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
      16:11:00.0087 0x1b80 Detect skipped due to KSN trusted
      16:11:00.0087 0x1b80 Intel(R) Capability Licensing Service Interface - ok
      16:11:00.0118 0x1b80 [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
      16:11:00.0150 0x1b80 Intel(R) Capability Licensing Service TCP IP Interface - ok
      16:11:00.0165 0x1b80 [ A53C54D81C726BEB508F0005F445C4A0, 81CA5BFB192D4F6C5807BDB4DD07BD726E48CFBB33F60BACD055AA23959DD33D ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
      16:11:00.0181 0x1b80 Intel(R) PROSet Monitoring Service - ok
      16:11:00.0197 0x1b80 intelide - ok
      16:11:00.0212 0x1b80 intelpep - ok
      16:11:00.0228 0x1b80 intelppm - ok
      16:11:00.0290 0x1b80 [ C4E9E2CB3B18739BBCF4C45FA106456B, 44986A5C135A89781275D945948B731D0C3F984F54E4E3BB14D6D0F96C49A38B ] InvProtectDrv C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys
      16:11:00.0290 0x1b80 InvProtectDrv - ok
      16:11:00.0384 0x1b80 [ 98632FFC351BA6759CC1C03EF240A758, D7140B4FA0E1D9478C60A3EC123BC1622A0BBB2077FB3DD708881ADF763B0E98 ] InvProtectSvc C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
      16:11:00.0478 0x1b80 InvProtectSvc - ok
      16:11:00.0494 0x1b80 iorate - ok
      16:11:00.0494 0x1b80 IpFilterDriver - ok
      16:11:00.0525 0x1b80 iphlpsvc - ok
      16:11:00.0540 0x1b80 IPMIDRV - ok
      16:11:00.0540 0x1b80 IPNAT - ok
      16:11:00.0603 0x1b80 IpxlatCfgSvc - ok
      16:11:00.0603 0x1b80 irda - ok
      16:11:00.0619 0x1b80 IRENUM - ok
      16:11:00.0619 0x1b80 irmon - ok
      16:11:00.0619 0x1b80 isapnp - ok
      16:11:00.0634 0x1b80 iScsiPrt - ok
      16:11:00.0666 0x1b80 [ 48B904D31F2369D7B0122617038D3F5B, 8A43CB37667929CCCC37B6E79E82509BBCA6C8884B44059DC87BCA7C21BE7FE1 ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
      16:11:00.0681 0x1b80 iwdbus - ok
      16:11:00.0775 0x1b80 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      16:11:00.0791 0x1b80 jhi_service - ok
      16:11:00.0806 0x1b80 kbdclass - ok
      16:11:00.0806 0x1b80 kbdhid - ok
      16:11:00.0822 0x1b80 kdnic - ok
      16:11:00.0822 0x1b80 KeyIso - ok
      16:11:00.0838 0x1b80 KSecDD - ok
      16:11:00.0869 0x1b80 KSecPkg - ok
      16:11:00.0884 0x1b80 ksthunk - ok
      16:11:00.0900 0x1b80 KtmRm - ok
      16:11:00.0916 0x1b80 LanmanServer - ok
      16:11:00.0947 0x1b80 LanmanWorkstation - ok
      16:11:00.0947 0x1b80 lfsvc - ok
      16:11:00.0963 0x1b80 LicenseManager - ok
      16:11:00.0963 0x1b80 lltdio - ok
      16:11:00.0978 0x1b80 lltdsvc - ok
      16:11:00.0978 0x1b80 lmhosts - ok
      16:11:01.0056 0x1b80 [ 08E2B577DB95156F9A658C988EE71F5D, D229FFD97EE9478169D2418A722FD2AD6AD10108FF1B0156BE9A1ADF38B5633A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      16:11:01.0072 0x1b80 LMS - ok
      16:11:01.0134 0x1b80 LSI_SAS - ok
      16:11:01.0150 0x1b80 LSI_SAS2i - ok
      16:11:01.0150 0x1b80 LSI_SAS3i - ok
      16:11:01.0166 0x1b80 LSI_SSS - ok
      16:11:01.0166 0x1b80 LSM - ok
      16:11:01.0197 0x1b80 luafv - ok
      16:11:01.0275 0x1b80 MapsBroker - ok
      16:11:01.0291 0x1b80 mausbhost - ok
      16:11:01.0291 0x1b80 mausbip - ok
      16:11:01.0306 0x1b80 megasas - ok
      16:11:01.0306 0x1b80 megasas2i - ok
      16:11:01.0322 0x1b80 megasr - ok
      16:11:01.0369 0x1b80 [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64 C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
      16:11:01.0384 0x1b80 MEIx64 - ok
      16:11:01.0400 0x1b80 MessagingService - ok
      16:11:01.0447 0x1b80 Microsoft SharePoint Workspace Audit Service - ok
      16:11:01.0463 0x1b80 mlx4_bus - ok
      16:11:01.0463 0x1b80 MMCSS - ok
      16:11:01.0666 0x1b80 [ D9652739D1007B9B5CE34CEF38E095C5, 20AFFEA3B2E7F254A58CDD9F4F9D51D94710C20E98A650BE33FD446A474D7D12 ] mmsminisrv C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
      16:11:01.0869 0x1b80 mmsminisrv - ok
      16:11:01.0884 0x1b80 Modem - ok
      16:11:01.0900 0x1b80 monitor - ok
      16:11:01.0900 0x1b80 mouclass - ok
      16:11:01.0916 0x1b80 mouhid - ok
      16:11:01.0916 0x1b80 mountmgr - ok
      16:11:01.0978 0x1b80 [ 9483990A1D62927147778E2A1C2F5775, 0721E682853D348227FA6E925CC83FC839D9CCD27DBAD81363C471D9B7155132 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      16:11:01.0994 0x1b80 MozillaMaintenance - ok
      16:11:01.0994 0x1b80 mpsdrv - ok
      16:11:02.0009 0x1b80 MpsSvc - ok
      16:11:02.0041 0x1b80 MQAC - ok
      16:11:02.0056 0x1b80 MRxDAV - ok
      16:11:02.0056 0x1b80 mrxsmb - ok
      16:11:02.0072 0x1b80 mrxsmb10 - ok
      16:11:02.0088 0x1b80 mrxsmb20 - ok
      16:11:02.0103 0x1b80 MsBridge - ok
      16:11:02.0119 0x1b80 MSDTC - ok
      16:11:02.0119 0x1b80 Msfs - ok
      16:11:02.0119 0x1b80 msgpiowin32 - ok
      16:11:02.0134 0x1b80 mshidkmdf - ok
      16:11:02.0134 0x1b80 mshidumdf - ok
      16:11:02.0134 0x1b80 msisadrv - ok
      16:11:02.0166 0x1b80 MSiSCSI - ok
      16:11:02.0166 0x1b80 msiserver - ok
      16:11:02.0181 0x1b80 MSKSSRV - ok
      16:11:02.0197 0x1b80 MsLldp - ok
      16:11:02.0197 0x1b80 MSMQ - ok
      16:11:02.0213 0x1b80 MSPCLOCK - ok
      16:11:02.0213 0x1b80 MSPQM - ok
      16:11:02.0213 0x1b80 MsRPC - ok
      16:11:02.0228 0x1b80 MsSecFlt - ok
      16:11:02.0228 0x1b80 mssmbios - ok
      16:11:02.0228 0x1b80 MSTEE - ok
      16:11:02.0228 0x1b80 MTConfig - ok
      16:11:02.0244 0x1b80 Mup - ok
      16:11:02.0244 0x1b80 mvumis - ok
      16:11:02.0275 0x1b80 MySQLTST - ok
      16:11:02.0275 0x1b80 NativeWifiP - ok
      16:11:02.0306 0x1b80 NaturalAuthentication - ok
      16:11:02.0384 0x1b80 [ E59AFB64C2F6E0C99350E1C944C75088, 10A9044192D0A83857A57286EABB05037922860483DA2B05AFCC485A8311E4EF ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
      16:11:02.0400 0x1b80 NAUpdate - ok
      16:11:02.0400 0x1b80 NcaSvc - ok
      16:11:02.0400 0x1b80 NcbService - ok
      16:11:02.0416 0x1b80 NcdAutoSetup - ok
      16:11:02.0416 0x1b80 ndfltr - ok
      16:11:02.0431 0x1b80 NDIS - ok
      16:11:02.0447 0x1b80 NdisCap - ok
      16:11:02.0463 0x1b80 NdisImPlatform - ok
      16:11:02.0478 0x1b80 NdisTapi - ok
      16:11:02.0478 0x1b80 Ndisuio - ok
      16:11:02.0478 0x1b80 NdisVirtualBus - ok
      16:11:02.0478 0x1b80 NdisWan - ok
      16:11:02.0494 0x1b80 ndiswanlegacy - ok
      16:11:02.0494 0x1b80 ndproxy - ok
      16:11:02.0494 0x1b80 Ndu - ok
      16:11:02.0494 0x1b80 NetAdapterCx - ok
      16:11:02.0509 0x1b80 NetBIOS - ok
      16:11:02.0525 0x1b80 NetBT - ok
      16:11:02.0525 0x1b80 Netlogon - ok
      16:11:02.0556 0x1b80 Netman - ok
      16:11:02.0650 0x1b80 NetMsmqActivator - ok
      16:11:02.0650 0x1b80 NetPipeActivator - ok
      16:11:02.0666 0x1b80 netprofm - ok
      16:11:02.0681 0x1b80 NetSetupSvc - ok
      16:11:02.0681 0x1b80 NetTcpActivator - ok
      16:11:02.0697 0x1b80 NetTcpPortSharing - ok
      16:11:02.0713 0x1b80 netvsc - ok
      16:11:02.0728 0x1b80 NgcCtnrSvc - ok
      16:11:02.0744 0x1b80 NgcSvc - ok
      16:11:02.0744 0x1b80 NlaSvc - ok
      16:11:02.0775 0x1b80 Npfs - ok
      16:11:02.0791 0x1b80 npsvctrig - ok
      16:11:02.0806 0x1b80 nsi - ok
      16:11:02.0822 0x1b80 nsiproxy - ok
      16:11:02.0822 0x1b80 NTFS - ok
      16:11:02.0822 0x1b80 Null - ok
      16:11:02.0853 0x1b80 nvdimmn - ok
      16:11:02.0853 0x1b80 nvraid - ok
      16:11:02.0853 0x1b80 nvstor - ok
      16:11:02.0916 0x1b80 OneSyncSvc - ok
      16:11:02.0963 0x1b80 [ 8297060F5927C2A818263E27CF5FDFAD, 1D91D88CCAC39118346EADF735907D311452975930638160391C45C4EFFADED1 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      16:11:02.0978 0x1b80 ose - ok
      16:11:03.0166 0x1b80 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
      16:11:03.0322 0x1b80 osppsvc - ok
      16:11:03.0353 0x1b80 p2pimsvc - ok
      16:11:03.0353 0x1b80 p2psvc - ok
      16:11:03.0369 0x1b80 Parport - ok
      16:11:03.0385 0x1b80 partmgr - ok
      16:11:03.0431 0x1b80 [ E5EE2F0C619F6B6FBD6D06008428FE01, 613CEA8472E1593FC38F92E4ECBC2E8F7EB581871B46223C80627850F8DF80E6 ] PbaDrvSvc_x64 C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
      16:11:03.0478 0x1b80 PbaDrvSvc_x64 - detected UnsignedFile.Multi.Generic ( 1 )
      16:11:03.0666 0x1b80 Detect skipped due to KSN trusted
      16:11:03.0666 0x1b80 PbaDrvSvc_x64 - ok
      16:11:03.0666 0x1b80 PcaSvc - ok
      16:11:03.0666 0x1b80 pci - ok
      16:11:03.0681 0x1b80 pciide - ok
      16:11:03.0697 0x1b80 pcmcia - ok
      16:11:03.0697 0x1b80 pcw - ok
      16:11:03.0713 0x1b80 pdc - ok
      16:11:03.0760 0x1b80 [ C1C3BAF078BE5A14384A4BA2D730817D, 6E4D2F73A1CB250B3EE270CCE806A37EB2140E34EAF9F48C45CC12D2A451AA16 ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
      16:11:03.0775 0x1b80 PDFProFiltSrvPP - ok
      16:11:03.0791 0x1b80 PEAUTH - ok
      16:11:03.0806 0x1b80 PeerDistSvc - ok
      16:11:03.0806 0x1b80 percsas2i - ok
      16:11:03.0806 0x1b80 percsas3i - ok
      16:11:03.0869 0x1b80 PerfHost - ok
      16:11:03.0900 0x1b80 PhoneSvc - ok
      16:11:03.0900 0x1b80 PimIndexMaintenanceSvc - ok
      16:11:03.0900 0x1b80 pla - ok
      16:11:03.0916 0x1b80 PlugPlay - ok
      16:11:03.0931 0x1b80 pmem - ok
      16:11:03.0931 0x1b80 PNRPAutoReg - ok
      16:11:03.0947 0x1b80 PNRPsvc - ok
      16:11:03.0994 0x1b80 PolicyAgent - ok
      16:11:04.0010 0x1b80 Power - ok
      16:11:04.0010 0x1b80 PptpMiniport - ok
      16:11:04.0166 0x1b80 [ 5404E7A968A26DF03793B6F68536594D, BE5A85581E87EFE4DB43AD17B8D42D3F7F32364AEEC1416DBB94279C4A203FF2 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
      16:11:04.0385 0x1b80 PrintNotify - ok
      16:11:04.0400 0x1b80 Processor - ok
      16:11:04.0416 0x1b80 ProfSvc - ok
      16:11:04.0436 0x1b80 Psched - ok
      16:11:04.0466 0x1b80 [ 05A0C2744CEAC6F1B723EC469B650EF0, D9F2E0E4431217C6A7CDE38D36362CD5A06E93B9F45F92638120EF151089B370 ] PSKMAD C:\WINDOWS\system32\DRIVERS\PSKMAD.sys
      16:11:04.0466 0x1b80 PSKMAD - ok
      16:11:04.0497 0x1b80 QWAVE - ok
      16:11:04.0497 0x1b80 QWAVEdrv - ok
      16:11:04.0497 0x1b80 RasAcd - ok
      16:11:04.0513 0x1b80 RasAgileVpn - ok
      16:11:04.0513 0x1b80 RasAuto - ok
      16:11:04.0528 0x1b80 Rasl2tp - ok
      16:11:04.0528 0x1b80 RasMan - ok
      16:11:04.0528 0x1b80 RasPppoe - ok
      16:11:04.0528 0x1b80 RasSstp - ok
      16:11:04.0544 0x1b80 rdbss - ok
      16:11:04.0544 0x1b80 rdpbus - ok
      16:11:04.0560 0x1b80 RDPDR - ok
      16:11:04.0591 0x1b80 RdpVideoMiniport - ok
      16:11:04.0606 0x1b80 rdyboost - ok
      16:11:04.0606 0x1b80 ReFS - ok
      16:11:04.0606 0x1b80 ReFSv1 - ok
      16:11:04.0653 0x1b80 RemoteAccess - ok
      16:11:04.0669 0x1b80 RemoteRegistry - ok
      16:11:04.0685 0x1b80 RetailDemo - ok
      16:11:04.0700 0x1b80 RmSvc - ok
      16:11:04.0716 0x1b80 RpcEptMapper - ok
      16:11:04.0731 0x1b80 RpcLocator - ok
      16:11:04.0747 0x1b80 RpcSs - ok
      16:11:04.0778 0x1b80 rspndr - ok
      16:11:04.0778 0x1b80 s3cap - ok
      16:11:04.0794 0x1b80 SamSs - ok
      16:11:04.0841 0x1b80 [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
      16:11:04.0841 0x1b80 SASDIFSV - ok
      16:11:04.0856 0x1b80 [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
      16:11:04.0872 0x1b80 SASKUTIL - ok
      16:11:04.0966 0x1b80 [ 9EBC8558F87AB6645DD12A0EE99E1353, 5A4B49051FB7BFACAB81F0CF1B27057BC46D4A064005BF738549208667D00AAA ] SboxDrv C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys
      16:11:04.0966 0x1b80 SboxDrv - ok
      16:11:04.0981 0x1b80 [ 6E5A7FD77EE6D70C738B6439B5E8FF0C, 0E9570B5FD7BEDF62EB9D35B6834E2F0B740548D128D153DAF452B2CED0905A9 ] SboxSvc C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
      16:11:04.0981 0x1b80 SboxSvc - ok
      16:11:05.0013 0x1b80 sbp2port - ok
      16:11:05.0028 0x1b80 SCardSvr - ok
      16:11:05.0028 0x1b80 ScDeviceEnum - ok
      16:11:05.0075 0x1b80 scfilter - ok
      16:11:05.0075 0x1b80 Schedule - ok
      16:11:05.0091 0x1b80 scmbus - ok
      16:11:05.0091 0x1b80 SCPolicySvc - ok
      16:11:05.0122 0x1b80 sdbus - ok
      16:11:05.0122 0x1b80 SDFRd - ok
      16:11:05.0122 0x1b80 SDRSVC - ok
      16:11:05.0122 0x1b80 sdstor - ok
      16:11:05.0138 0x1b80 seclogon - ok
      16:11:05.0263 0x1b80 [ E2756DB7B61C76654710821D402048C9, 53B79D0D3E59626BCC95F485115B61E32CEB89B19CC0D0418E94FECD1E9C1719 ] SecureStorageService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
      16:11:05.0325 0x1b80 SecureStorageService - ok
      16:11:05.0357 0x1b80 SecurityHealthService - ok
      16:11:05.0357 0x1b80 SEMgrSvc - ok
      16:11:05.0357 0x1b80 SENS - ok
      16:11:05.0372 0x1b80 Sense - ok
      16:11:05.0388 0x1b80 SensorDataService - ok
      16:11:05.0403 0x1b80 SensorService - ok
      16:11:05.0403 0x1b80 SensrSvc - ok
      16:11:05.0419 0x1b80 SerCx - ok
      16:11:05.0419 0x1b80 SerCx2 - ok
      16:11:05.0435 0x1b80 Serenum - ok
      16:11:05.0435 0x1b80 Serial - ok
      16:11:05.0435 0x1b80 sermouse - ok
      16:11:05.0450 0x1b80 SessionEnv - ok
      16:11:05.0450 0x1b80 sfloppy - ok
      16:11:05.0528 0x1b80 [ 36930348608E6808EC0C4C00019BB611, AF4B23FA40FD85CB2A179251095261480B54F27B7737CC78CA8A84374D1AAA26 ] SftService C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
      16:11:05.0591 0x1b80 SftService - ok
      16:11:05.0607 0x1b80 SharedAccess - ok
      16:11:05.0638 0x1b80 ShellHWDetection - ok
      16:11:05.0653 0x1b80 shpamsvc - ok
      16:11:05.0653 0x1b80 SiSRaid2 - ok
      16:11:05.0653 0x1b80 SiSRaid4 - ok
      16:11:05.0669 0x1b80 smphost - ok
      16:11:05.0700 0x1b80 SmsRouter - ok
      16:11:05.0763 0x1b80 [ 012BF90E29868D52E853C452DD88A173, E33B943A651505E94018AB70B4F56C0C4C9A89A275EF18442D7302F50D1076FD ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
      16:11:05.0794 0x1b80 snapman - ok
      16:11:05.0810 0x1b80 SNMPTRAP - ok
      16:11:05.0810 0x1b80 spaceport - ok
      16:11:05.0825 0x1b80 SpatialGraphFilter - ok
      16:11:05.0825 0x1b80 SpbCx - ok
      16:11:05.0841 0x1b80 spectrum - ok
      16:11:05.0857 0x1b80 Spooler - ok
      16:11:05.0857 0x1b80 sppsvc - ok
      16:11:05.0872 0x1b80 srv - ok
      16:11:05.0888 0x1b80 srv2 - ok
      16:11:05.0888 0x1b80 srvnet - ok
      16:11:05.0919 0x1b80 SSDPSRV - ok
      16:11:05.0919 0x1b80 SstpSvc - ok
      16:11:05.0950 0x1b80 [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
      16:11:05.0966 0x1b80 ssudmdm - ok
      16:11:05.0982 0x1b80 StateRepository - ok
      16:11:05.0997 0x1b80 stexstor - ok
      16:11:06.0028 0x1b80 [ 01726E4BD1D1A5AF1F23833C79528555, 736DDA82BF17880A2C596571CBCA4C8E3829526AACC3C50B9E2D3A0DA9744E41 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
      16:11:06.0075 0x1b80 StillCam - ok
      16:11:06.0091 0x1b80 stisvc - ok
      16:11:06.0091 0x1b80 storahci - ok
      16:11:06.0107 0x1b80 storflt - ok
      16:11:06.0107 0x1b80 stornvme - ok
      16:11:06.0107 0x1b80 storqosflt - ok
      16:11:06.0107 0x1b80 StorSvc - ok
      16:11:06.0107 0x1b80 storufs - ok
      16:11:06.0122 0x1b80 storvsc - ok
      16:11:06.0122 0x1b80 svsvc - ok
      16:11:06.0122 0x1b80 swenum - ok
      16:11:06.0122 0x1b80 swprv - ok
      16:11:06.0403 0x1b80 [ D794BEC3ED2CF41FB1C11609C8984EEB, 6028B0132C0AFEB6FAD3D62971BF73A55DC5A96AF0587495A939D71044A45642 ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
      16:11:06.0607 0x1b80 syncagentsrv - ok
      16:11:06.0638 0x1b80 Synth3dVsc - ok
      16:11:06.0638 0x1b80 SysMain - ok
      16:11:06.0653 0x1b80 SystemEventsBroker - ok
      16:11:06.0669 0x1b80 TabletInputService - ok
      16:11:06.0685 0x1b80 TapiSrv - ok
      16:11:06.0700 0x1b80 Tcpip - ok
      16:11:06.0716 0x1b80 Tcpip6 - ok
      16:11:06.0732 0x1b80 tcpipreg - ok
      16:11:06.0825 0x1b80 [ 40C2F1FAEBF7D5E15A5F264B06D8CC70, AE4816932918E37AD33DBFFE51853B74FE9D1339AEF1B0BCE1C84EE07ADAD62F ] tcsd_win32.exe C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe
      16:11:06.0919 0x1b80 tcsd_win32.exe - detected UnsignedFile.Multi.Generic ( 1 )
      16:11:07.0091 0x1b80 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - warning
      16:11:07.0372 0x1b80 [ 6F12E6B316F7481DE7FE0D735C39728F, 45F163AB886E39E93E3F489DE9EC370020486778F2C3BCE1B9D0AF60AC306E62 ] TdmService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
      16:11:07.0513 0x1b80 TdmService - ok
      16:11:07.0544 0x1b80 tdx - ok
      16:11:07.0544 0x1b80 terminpt - ok
      16:11:07.0560 0x1b80 TermService - ok
      16:11:07.0575 0x1b80 Themes - ok
      16:11:07.0622 0x1b80 [ D00E6FC3615D6DF90B3B9A842B07C1E2, 10B713FE8C99566DF28788F111C58352BBE13C4C1F88A38829017BFA28046881 ] tib C:\WINDOWS\system32\DRIVERS\tib.sys
      16:11:07.0653 0x1b80 tib - ok
      16:11:07.0716 0x1b80 [ E06B7687DB5ADB25CDCC6FF4D8435094, AEF5C048C8A4DEAAAE02BF2C24A8841B6D8B0055578241F8A2C4F7B1BC6A51C0 ] tib_mounter C:\WINDOWS\system32\DRIVERS\tib_mounter.sys
      16:11:07.0732 0x1b80 tib_mounter - ok
      16:11:07.0779 0x1b80 TieringEngineService - ok
      16:11:07.0794 0x1b80 tiledatamodelsvc - ok
      16:11:07.0794 0x1b80 TimeBrokerSvc - ok
      16:11:07.0825 0x1b80 [ 05B50E47A9166AA92D9775D5A604506E, 223D9EE5C5550A00FFE058E9F60D0E85E0C182ADE47223B9BFE6FC545FC6543C ] tnd C:\WINDOWS\system32\DRIVERS\tnd.sys
      16:11:07.0841 0x1b80 tnd - ok
      16:11:07.0872 0x1b80 TokenBroker - ok
      16:11:07.0888 0x1b80 TPM - ok
      16:11:07.0888 0x1b80 TrkWks - ok
      16:11:07.0935 0x1b80 TrustedInstaller - ok
      16:11:07.0935 0x1b80 TsUsbFlt - ok
      16:11:07.0950 0x1b80 TsUsbGD - ok
      16:11:07.0966 0x1b80 tsusbhub - ok
      16:11:07.0966 0x1b80 tunnel - ok
      16:11:07.0997 0x1b80 tzautoupdate - ok
      16:11:08.0013 0x1b80 UASPStor - ok
      16:11:08.0044 0x1b80 UcmCx0101 - ok
      16:11:08.0044 0x1b80 UcmTcpciCx0101 - ok
      16:11:08.0075 0x1b80 UcmUcsi - ok
      16:11:08.0075 0x1b80 Ucx01000 - ok
      16:11:08.0075 0x1b80 UdeCx - ok
      16:11:08.0091 0x1b80 udfs - ok
      16:11:08.0091 0x1b80 UEFI - ok
      16:11:08.0091 0x1b80 UevAgentDriver - ok
      16:11:08.0122 0x1b80 UevAgentService - ok
      16:11:08.0122 0x1b80 Ufx01000 - ok
      16:11:08.0122 0x1b80 UfxChipidea - ok
      16:11:08.0122 0x1b80 ufxsynopsys - ok
      16:11:08.0154 0x1b80 UI0Detect - ok
      16:11:08.0154 0x1b80 umbus - ok
      16:11:08.0169 0x1b80 UmPass - ok
      16:11:08.0169 0x1b80 UmRdpService - ok
      16:11:08.0185 0x1b80 UnistoreSvc - ok
      16:11:08.0185 0x1b80 upnphost - ok
      16:11:08.0200 0x1b80 UrsChipidea - ok
      16:11:08.0200 0x1b80 UrsCx01000 - ok
      16:11:08.0200 0x1b80 UrsSynopsys - ok
      16:11:08.0247 0x1b80 usbccgp - ok
      16:11:08.0247 0x1b80 usbcir - ok
      16:11:08.0263 0x1b80 usbehci - ok
      16:11:08.0279 0x1b80 usbhub - ok
      16:11:08.0279 0x1b80 USBHUB3 - ok
      16:11:08.0310 0x1b80 usbohci - ok
      16:11:08.0325 0x1b80 usbprint - ok
      16:11:08.0357 0x1b80 [ 96B48485A7CC2C0A63C196A16403C5F3, 4E364DE1FE19D14D5BA4F4360563BB49F4DEC90430771C12376C0B1BB70CFD37 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
      16:11:08.0388 0x1b80 usbscan - ok
      16:11:08.0404 0x1b80 usbser - ok
      16:11:08.0404 0x1b80 USBSTOR - ok
      16:11:08.0419 0x1b80 usbuhci - ok
      16:11:08.0450 0x1b80 USBXHCI - ok
      16:11:08.0482 0x1b80 UserDataSvc - ok
      16:11:08.0497 0x1b80 UserManager - ok
      16:11:08.0513 0x1b80 UsoSvc - ok
      16:11:08.0529 0x1b80 VaultSvc - ok
      16:11:08.0529 0x1b80 vdrvroot - ok
      16:11:08.0544 0x1b80 vds - ok
      16:11:08.0544 0x1b80 VerifierExt - ok
      16:11:08.0560 0x1b80 vhdmp - ok
      16:11:08.0560 0x1b80 vhf - ok
      16:11:08.0560 0x1b80 vmbus - ok
      16:11:08.0575 0x1b80 VMBusHID - ok
      16:11:08.0591 0x1b80 vmgid - ok
      16:11:08.0607 0x1b80 vmicguestinterface - ok
      16:11:08.0607 0x1b80 vmicheartbeat - ok
      16:11:08.0622 0x1b80 vmickvpexchange - ok
      16:11:08.0622 0x1b80 vmicrdv - ok
      16:11:08.0638 0x1b80 vmicshutdown - ok
      16:11:08.0654 0x1b80 vmictimesync - ok
      16:11:08.0654 0x1b80 vmicvmsession - ok
      16:11:08.0654 0x1b80 vmicvss - ok
      16:11:08.0669 0x1b80 volmgr - ok
      16:11:08.0669 0x1b80 volmgrx - ok
      16:11:08.0685 0x1b80 volsnap - ok
      16:11:08.0685 0x1b80 volume - ok
      16:11:08.0700 0x1b80 vpci - ok
      16:11:08.0700 0x1b80 vsmraid - ok
      16:11:08.0716 0x1b80 VSS - ok
      16:11:08.0716 0x1b80 VSTXRAID - ok
      16:11:08.0732 0x1b80 vwifibus - ok
      16:11:08.0732 0x1b80 vwififlt - ok
      16:11:08.0732 0x1b80 W32Time - ok
      16:11:08.0810 0x1b80 w3logsvc - ok
      16:11:08.0810 0x1b80 WacomPen - ok
      16:11:08.0872 0x1b80 WalletService - ok
      16:11:08.0872 0x1b80 wanarp - ok
      16:11:08.0872 0x1b80 wanarpv6 - ok
      16:11:08.0888 0x1b80 WAS - ok
      16:11:09.0247 0x1b80 [ D9211C457D9050604AE2467B3612B793, C6014A00C7F8337E3092C119A2E087D0497CA09C813225AB92F7AB3F28DD4622 ] Wave Authentication Manager Service C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
      16:11:09.0388 0x1b80 Wave Authentication Manager Service - detected UnsignedFile.Multi.Generic ( 1 )
      16:11:09.0513 0x1b80 Detect skipped due to KSN trusted
      16:11:09.0513 0x1b80 Wave Authentication Manager Service - ok
      16:11:09.0529 0x1b80 wbengine - ok
      16:11:09.0575 0x1b80 WbioSrvc - ok
      16:11:09.0607 0x1b80 wcifs - ok
      16:11:09.0638 0x1b80 Wcmsvc - ok
      16:11:09.0669 0x1b80 wcncsvc - ok
      16:11:09.0700 0x1b80 wcnfs - ok
      16:11:09.0700 0x1b80 WdBoot - ok
      16:11:09.0716 0x1b80 Wdf01000 - ok
      16:11:09.0732 0x1b80 WdFilter - ok
      16:11:09.0732 0x1b80 WdiServiceHost - ok
      16:11:09.0747 0x1b80 WdiSystemHost - ok
      16:11:09.0747 0x1b80 wdiwifi - ok
      16:11:09.0747 0x1b80 WdNisDrv - ok
      16:11:09.0794 0x1b80 WdNisSvc - ok
      16:11:09.0794 0x1b80 WebClient - ok
      16:11:09.0825 0x1b80 Wecsvc - ok
      16:11:09.0841 0x1b80 WEPHOSTSVC - ok
      16:11:09.0888 0x1b80 wercplsupport - ok
      16:11:09.0888 0x1b80 WerSvc - ok
      16:11:09.0904 0x1b80 WFDSConMgrSvc - ok
      16:11:09.0919 0x1b80 WFPLWFS - ok
      16:11:09.0919 0x1b80 WiaRpc - ok
      16:11:09.0950 0x1b80 WIMMount - ok
      16:11:09.0950 0x1b80 WinDefend - ok
      16:11:09.0997 0x1b80 WindowsTrustedRT - ok
      16:11:09.0997 0x1b80 WindowsTrustedRTProxy - ok
      16:11:10.0044 0x1b80 WinHttpAutoProxySvc - ok
      16:11:10.0060 0x1b80 WinMad - ok
      16:11:10.0218 0x1b80 Winmgmt - ok
      16:11:10.0218 0x1b80 WinNat - ok
      16:11:10.0249 0x1b80 WinRM - ok
      16:11:10.0296 0x1b80 WINUSB - ok
      16:11:10.0296 0x1b80 WinVerbs - ok
      16:11:10.0374 0x1b80 wisvc - ok
      16:11:10.0452 0x1b80 WlanSvc - ok
      16:11:10.0546 0x1b80 wlidsvc - ok
      16:11:10.0577 0x1b80 wlpasvc - ok
      16:11:10.0624 0x1b80 WmiAcpi - ok
      16:11:10.0655 0x1b80 wmiApSrv - ok
      16:11:10.0733 0x1b80 WMPNetworkSvc - ok
      16:11:10.0811 0x1b80 [ 1AE1076034392218EE89D2744EC2A071, 695C28E2697B12BBD919687176CE082E94887A5D8B6229F163A26F6EDF401C4C ] Wof C:\WINDOWS\system32\drivers\Wof.sys
      16:11:10.0843 0x1b80 Wof - ok
      16:11:10.0889 0x1b80 workfolderssvc - ok
      16:11:10.0968 0x1b80 WPDBusEnum - ok
      16:11:11.0014 0x1b80 WpdUpFltr - ok
      16:11:11.0061 0x1b80 WpnService - ok
      16:11:11.0093 0x1b80 WpnUserService - ok
      16:11:11.0124 0x1b80 ws2ifsl - ok
      16:11:11.0124 0x1b80 wscsvc - ok
      16:11:11.0124 0x1b80 WSearch - ok
      16:11:11.0171 0x1b80 wuauserv - ok
      16:11:11.0265 0x1b80 WudfPf - ok
      16:11:11.0343 0x1b80 WUDFRd - ok
      16:11:11.0405 0x1b80 wudfsvc - ok
      16:11:11.0405 0x1b80 WUDFWpdFs - ok
      16:11:11.0561 0x1b80 [ EA0DFCD1345CADDA8B1AFC4ACAFA627F, FCF9DE59F55A4F6C5FB350DBC6E655C744890FB451DD0C0E402C9E8E36130F9B ] WvPCR C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe
      16:11:11.0577 0x1b80 WvPCR - ok
      16:11:11.0608 0x1b80 WwanSvc - ok
      16:11:11.0624 0x1b80 xbgm - ok
      16:11:11.0686 0x1b80 XblAuthManager - ok
      16:11:11.0733 0x1b80 XblGameSave - ok
      16:11:11.0749 0x1b80 xboxgip - ok
      16:11:11.0765 0x1b80 XboxGipSvc - ok
      16:11:11.0780 0x1b80 XboxNetApiSvc - ok
      16:11:11.0811 0x1b80 xinputhid - ok
      16:11:11.0811 0x1b80 ================ Scan global ===============================
      16:11:12.0046 0x1b80 [ Global ] - ok
      16:11:12.0046 0x1b80 ================ Scan MBR ==================================
      16:11:12.0061 0x1b80 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
      16:11:13.0015 0x1b80 \Device\Harddisk0\DR0 - ok
      16:11:13.0015 0x1b80 ================ Scan VBR ==================================
      16:11:13.0030 0x1b80 [ 5FF06546B6D6CCE735A11F8E301C7BBE ] \Device\Harddisk0\DR0\Partition1
      16:11:13.0030 0x1b80 \Device\Harddisk0\DR0\Partition1 - ok
      16:11:13.0046 0x1b80 [ EEBD959A0521425D46149EC459793CD0 ] \Device\Harddisk0\DR0\Partition2
      16:11:13.0046 0x1b80 \Device\Harddisk0\DR0\Partition2 - ok
      16:11:13.0077 0x1b80 [ 8ACA62D9588AC5F865CE0A2E2D0752A5 ] \Device\Harddisk0\DR0\Partition3
      16:11:13.0077 0x1b80 \Device\Harddisk0\DR0\Partition3 - ok
      16:11:13.0077 0x1b80 ================ Scan generic autorun ======================
      16:11:13.0077 0x1b80 SecurityHealth - ok
      16:11:13.0311 0x1b80 [ 4E5C692EB417DF5A9AE0F6F54B889E14, 2FE282284D3DF4D8A9ABB7E0A6F95379A0AF1FC798C44E02B178FF650B450D22 ] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
      16:11:13.0436 0x1b80 RtHDVCpl - ok
      16:11:13.0483 0x1b80 [ BBD33D80F5208FE34A54EEA8552F5A9A, 8E5FE9DDFEEC8D157364DB681BB36982C05DA34086167741DDCB7DB713966A29 ] C:\Windows\system32\igfxtray.exe
      16:11:13.0499 0x1b80 IgfxTray - ok
      16:11:13.0546 0x1b80 [ 594A517703DA8709203223F5B7438DF8, CE0CEDE04546831591DFAB88BDDAF89409552264E671F0EDE6212016C990FB6B ] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
      16:11:13.0561 0x1b80 TdmNotify - ok
      16:11:13.0577 0x1b80 bit4id csp store register (M x64) - ok
      16:11:13.0671 0x1b80 [ 3BB4DFD5081C628AB68F63E174DEF52D, DC6DD0414E1A92341BD76E0A49DBF1B96D3DDF91ED08874608D92272DE1F12FA ] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
      16:11:13.0686 0x1b80 Acronis Scheduler2 Service - ok
      16:11:13.0780 0x1b80 [ 796227FCA947A0B8E3D6A097B27F2363, F14B1F8CF253A27554D4C24228911355FA475AABF086B66A498E825E8E3CBFA5 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      16:11:13.0796 0x1b80 USB3MON - ok
      16:11:13.0858 0x1b80 bit4id csp store register (M) - ok
      16:11:13.0890 0x1b80 [ C1B8F3DD778FD730F1FEA6BFC23B9EC3, 759554320C6FAE99375FDEE31824102871974F95D636473BE9224096292E85DA ] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
      16:11:13.0921 0x1b80 AcronisTibMounterMonitor - ok
      16:11:14.0108 0x1b80 [ 8FD1D1B78E520F2CB083D80317C14A50, 6019C35456A6D41AAEFD4A75E481ED70D71115847F5E8FC15970495957CF409A ] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
      16:11:14.0343 0x1b80 TrueImageMonitor.exe - ok
      16:11:14.0405 0x1b80 [ AC581685C4CC890B42E9E9700014543D, 642DEB7AF6576D07C8D8019135338E4B45B2B17329BF376C4605E912F0CBD034 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      16:11:14.0437 0x1b80 SunJavaUpdateSched - ok
      16:11:14.0452 0x1b80 OneDriveSetup - ok
      16:11:14.0452 0x1b80 OneDriveSetup - ok
      16:11:14.0702 0x1b80 [ 5C9960660DC2D5C8A94FFA7A8174A0BA, 0143AC161EA7BC59F6E1FC86948E9CFBC41CB068D6D118BBAB0250789222538A ] C:\Users\Jorge\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
      16:11:14.0733 0x1b80 Google Update - ok
      16:11:14.0843 0x1b80 [ 41205572066FA2F02036BAD3C6D0916A, 987B26F8FD0AC83CE309D119D284836F8AF16A6DDE2537B62798F2BB5FF0D420 ] C:\Users\Jorge\AppData\Local\Microsoft\OneDrive\OneDrive.exe
      16:11:14.0905 0x1b80 OneDrive - ok
      16:11:14.0968 0x1b80 [ 9334873B8E03987869C2FBF0999C3173, FF53529712D6043961F53C4C7AAF224BCD3E2BE9305752B2DD896BAF9BEDA990 ] C:\Users\Jorge\AppData\Roaming\Oracle\bin\javaw.exe
      16:11:14.0983 0x1b80 EzEVVXGRsoz - ok
      16:11:14.0983 0x1b80 OneDriveSetup - ok
      16:11:15.0046 0x1b80 WAB Migrate - ok
      16:11:15.0046 0x1b80 Waiting for KSN requests completion. In queue: 69
      16:11:16.0155 0x1b80 AV detected via SS2: ESET Endpoint Antivirus 6.4.2014.0, C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe ( 6.4.2014.0 ), 0x41000 ( enabled : updated )
      16:11:16.0187 0x1b80 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.11.15063.332 ), 0x60100 ( disabled : updated )
      16:11:16.0296 0x1b80 Win FW state via NFP2: disabled ( trusted )
      16:11:16.0421 0x1b80 ============================================================
      16:11:16.0421 0x1b80 Scan finished
      16:11:16.0421 0x1b80 ============================================================
      16:11:16.0437 0x0194 Detected object count: 1
      16:11:16.0437 0x0194 Actual detected object count: 1
      16:13:15.0223 0x0194 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - skipped by user
      16:13:15.0223 0x0194 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
      16:14:13.0853 0x2af8 Deinitialize success

      - ESET Online Scanner:

      C:\Users\Jorge\Documents\Programas utiles\Acronis.True.Image.2016.v19.0.5586.MultilinguaL\Activator\ActivationATI(H).zip Win32/HackTool.Crack.FP aplicación potencialmente peligrosa eliminado
      C:\Users\Jorge\ImQuOuOfNhn\GeigPjHtcAs.hFiLeL una variante de Java/Kryptik.QR Troyano no se ha podido desinfectar - archivo eliminado (después del próximo reinicio)

      Si necesitamos dar algún paso más, me comentáis.
      Saludos.

    4. #4
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      8.973

      Re: Ayuda para eliminar troyano Java/Adwind.AAU troyan

      De acuerdo, pásate en unos días y comenta como va y sí podemos darlo por solucionado.

      Un saludo.
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de nostromo_88
      Registrado
      oct 2010
      Ubicación
      Oviedo
      Mensajes
      24

      Re: Ayuda para eliminar troyano Java/Adwind.AAU troyan

      Buenas.

      He estado observando el pc unos días, y parece que vuelve a funcionar con normalidad.

      Gracias por todo y perdonar las molestias.

      Saludos

    6. #6
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.177

      Re: Ayuda para eliminar troyano Java/Adwind.AAU troyan

      Hola, con permiso

      Sigue estos pasos, para eliminar las herramientas utilizadas:


      • Utiliza de nuevo >> Descarga >> DelFix

        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca todas las casillas.

      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), revisa que se hayan eliminado las herramientas utilizadas.



      Gracias a ti por confiar en ForoSpyware.

      Nos alegramos que se te haya resuelto Damos el tema por solucionado.


      Si deseas REABRIR ESTE TEMA presiona para reportarlo Como Reportar Mensajes?.

      Como recomendación final, te invitamos a seguirnos en nuestros canales de difusión: Blog, Twitter, Facebook, para estar al tanto de los nuevos malwares y cómo prevenirlos.
      *** Tema solucionado ***


      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.