| |
| |||||||
Log-Analyse und Auswertung: Virenfunde in Quarantäne file von AviraWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
04.01.2013, 20:07
| #1 |
 |  Virenfunde in Quarantäne file von Avira Hi liebe Admins, ich bin neu hier und habe wenig Ahnung von der Materie, leider. Ich gebe mir aber alle Mühe, alles richtig zu machen und euch die Arbeit, für die ich euch sehr sehr dankbar bin, so leicht wie möglich zu machen. Mein Laptop ist infiziert mit 4 verschiedenen Viren und Phishingprogrammen (und die Laptops meiner beiden Kinder ebenfalls, insgesamt 3 Laptops). Habe Avira als Antivirus programm. Dort sind die folgenden Dateien im Quarantäne file: 1.TR/Crypt.XPACK.Gen 2.PHISH/Lloydstsb.B.2 3.ADWARE/Adware.Gen 4.ADWARE/Zugo.C.1 Ich werde ausschliesslich auf unverschlüsselte Webseiten weitergeleitet und kann keine Hyperlinks aus einer email öffnen. Erhalte dann immer eine Warnung, Vorsicht unverschlüsselte Seite. Mein Emailprogramm ist auch unverschlüsselt und jemand hat versucht, eine Subemail einzurichten, was ich im Internetcafe verhindern konnte, indem ich mein Passwort geändert habe ( ich hoffe es jedenfalls, das das etwas gebracht hat  ) (yahoo.com und gmx.net).Habe dann Malwarebytes runtergeladen und laufen lassen. Hat leider nichts gefunden. Defogger ist nur eine Sekunde lang gelaufen, ohne weitere Meldungen. Dann habe ich OTL laufen lassen, hier sind die Logdateien, hoffe ich jedenfalls, denn ich habe sie sicherheitshalber in ein Worddoc. kopiert: OTL logfile created on: 04/01/2013 18:42:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\usuaria\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy 3,80 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 58,97% Memory free 7,60 Gb Paging File | 5,58 Gb Available in Paging File | 73,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 281,05 Gb Total Space | 12,15 Gb Free Space | 4,32% Space Free | Partition Type: NTFS Drive D: | 16,74 Gb Total Space | 2,42 Gb Free Space | 14,45% Space Free | Partition Type: NTFS Computer Name: USUARIA-HP | User Name: usuaria | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\usuaria\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\usuaria\Downloads\Defogger.exe () PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\usuaria\Downloads\Defogger.exe () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7e8f414bc6515c5c0ac668b66c54d0e9\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ea188a15ceb1b2cd23b5d1001851415f\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1a91709f9ee4c8f482e39a7edab66a82\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\afd41059ca83fef0dcd7fa7153c584f3\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\235eaf1990f51bf13f28330ebaade5c3\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f99b0632adee947c24ac2e46826d794f\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (wlcrasvc) -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () SRV - (HP Wireless Assistant Service) -- C:\Archivos de programa\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) SRV - (RtVOsdService) -- C:\Archivos de programa\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AERTFilters) -- C:\Archivos de programa\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/10 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/10 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A5D006A4-2613-429B-9D18-7E69D1A47BBE} IE:64bit: - HKLM\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/10 IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2549263 IE - HKLM\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/10 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=10&cc= IE - HKCU\..\URLSearchHook: {a060276a-53be-45ec-8ebe-b94b1e803179} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {94F2CA5E-9D46-495A-8700-5EBDA1B10960} IE - HKCU\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{7055052C-AABD-4F87-86B2-2555CAB9A5D3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYES&apn_uid=1DFDDFE2-3A33-4AD4-80DC-D1525CA0ECF7&apn_sauid=9661D129-DF98-47F6-9778-07DA305D73DB IE - HKCU\..\SearchScopes\{94F2CA5E-9D46-495A-8700-5EBDA1B10960}: "URL" = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKCU\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2549263 IE - HKCU\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\usuaria\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/16 11:04:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/16 11:04:29 | 000,000,000 | ---D | M] [2012/02/29 21:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\usuaria\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Skype Click to Call = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ CHR - Extension: Google Mail = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A060276A-53BE-45EC-8EBE-B94B1E803179} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found O4 - Startup: C:\Users\usuaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{255B75DC-C912-48F5-A2E8-2DB43E870C9C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5586999B-4ED2-4C86-8077-0D81E07C6273}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/04 18:12:08 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2013/01/04 00:43:28 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{8A4F1AA4-380E-45BD-B721-54A8CD167255} [2012/12/30 17:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [2012/12/30 17:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} [2012/12/29 18:30:31 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{97B0A534-45EA-49D5-88DD-40942E160041} [2012/12/28 12:57:25 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{2CB4DDF3-2864-4C29-9F8A-57ACAB5CC410} [2012/12/28 06:40:42 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Roaming\Malwarebytes [2012/12/28 06:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/28 06:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/12/28 06:40:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/28 06:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/12/28 06:38:39 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\Programs [2012/12/28 05:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/12/28 05:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012/12/20 21:58:43 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{C1D01EAC-C83B-4C88-9300-4302DE776D47} [2012/12/20 21:49:36 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{7980638D-EAEF-466D-BB63-FA0248460A01} [2012/12/20 21:40:04 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{74DCB271-F49D-4B82-B575-3C8A846DE6D0} [2012/12/20 21:38:09 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{C01AF3A6-D141-453D-ADBE-CB13DB45B32D} [2012/12/20 18:48:55 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{171327EB-539E-46AE-B45A-B00EC92B1D34} [2012/12/20 18:20:28 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{02817BBC-0514-43F4-9812-ABC7D01425D5} [2012/12/20 18:04:00 | 000,000,000 | ---D | C] -- C:\Users\usuaria\Desktop\fotos tarjeta 16 gb [2012/12/20 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{A53B79E6-37C5-4D9E-A94D-DF5E49F60F72} [2012/12/20 16:54:56 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{14C06D40-6601-4D93-877A-8BFA4ACD22A3} [2012/12/16 23:29:27 | 000,000,000 | ---D | C] -- C:\Users\usuaria\aeat [2012/12/11 17:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012/12/11 17:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [26 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Users\usuaria\Desktop\*.tmp files -> C:\Users\usuaria\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/04 18:42:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/04 18:42:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/04 18:39:19 | 000,000,000 | ---- | M] () -- C:\Users\usuaria\defogger_reenable [2013/01/04 18:34:57 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/04 18:34:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/04 18:34:42 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys [2013/01/04 18:27:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/04 17:56:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/01 19:29:52 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForusuaria.job [2012/12/30 17:34:02 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2012/12/28 06:40:32 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/12/28 05:52:54 | 000,002,281 | ---- | M] () -- C:\Users\usuaria\Desktop\Google Chrome.lnk [2012/12/23 05:15:43 | 001,557,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/23 05:15:43 | 000,704,518 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2012/12/23 05:15:43 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/23 05:15:43 | 000,138,226 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2012/12/23 05:15:43 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/20 23:18:19 | 000,303,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/20 17:33:53 | 000,006,144 | ---- | M] () -- C:\Users\usuaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/19 19:17:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUSUARIA-HP$.job [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/11 17:04:34 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/12/11 17:04:34 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [26 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Users\usuaria\Desktop\*.tmp files -> C:\Users\usuaria\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/04 18:39:19 | 000,000,000 | ---- | C] () -- C:\Users\usuaria\defogger_reenable [2012/12/30 17:34:02 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2012/12/28 06:40:32 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/12/28 05:52:54 | 000,002,281 | ---- | C] () -- C:\Users\usuaria\Desktop\Google Chrome.lnk [2012/12/28 05:51:33 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/28 05:51:29 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/15 00:51:20 | 000,006,144 | ---- | C] () -- C:\Users\usuaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/11/03 02:13:04 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012/01/03 16:29:57 | 001,584,422 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/12/19 01:33:05 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp [2011/12/16 11:00:14 | 000,244,490 | ---- | C] () -- C:\Windows\hpoins19.dat [2011/12/16 11:00:14 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2011/12/07 15:33:22 | 000,017,408 | ---- | C] () -- C:\Users\usuaria\AppData\Local\WebpageIcons.db ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/10/11 17:47:49 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\.minecraft [2012/05/26 15:14:02 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\OpenOffice.org [2013/01/01 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\SoftGrid Client [2012/01/03 16:30:46 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\TP [2012/01/15 13:01:47 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\WildTangent [2013/01/04 00:43:35 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > OTL Extras logfile created on: 04/01/2013 18:42:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\usuaria\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy 3,80 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 58,97% Memory free 7,60 Gb Paging File | 5,58 Gb Available in Paging File | 73,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 281,05 Gb Total Space | 12,15 Gb Free Space | 4,32% Space Free | Partition Type: NTFS Drive D: | 16,74 Gb Total Space | 2,42 Gb Free Space | 14,45% Space Free | Partition Type: NTFS Computer Name: USUARIA-HP | User Name: usuaria | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08AC2105-1106-47D6-A7C6-9451FC4D790D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{12395484-D3B7-4D2D-B108-77EDA9F7F476}" = rport=137 | protocol=17 | dir=out | app=system | "{14406CF3-5995-4943-8AF2-7B73273DAC1F}" = lport=137 | protocol=17 | dir=in | app=system | "{14B461CE-7382-42B7-8D6B-35EE0161F71C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2274A369-1028-4CAF-B39B-4C94119DA22F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{44379B13-2E51-4B40-B9A4-BE379853DEC2}" = lport=2869 | protocol=6 | dir=in | app=system | "{4E2C07BE-DCD9-4321-B2EF-FB06A300E869}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{4F183B8B-D3DD-4BB6-8E08-8D4E0C2E76C5}" = lport=445 | protocol=6 | dir=in | app=system | "{52CBFE9E-7D62-440E-BC04-877DD8FCD64B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7125DEF4-B4F3-4A2C-AB95-1E12FBF341AE}" = lport=139 | protocol=6 | dir=in | app=system | "{73C9C0CA-9597-47BC-A7C0-8A2E7B4C416E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{76F12180-8944-4007-92DE-55A016A880F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{78A47875-D195-4E35-8069-7F6A22B06575}" = lport=138 | protocol=17 | dir=in | app=system | "{86A5379A-E36D-4360-A994-05BAA7AF603F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{96BA09F8-1D92-4275-AA6F-F805A6FD0096}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9A1BC049-421F-41BC-AF47-44B0F380C53D}" = lport=2869 | protocol=6 | dir=in | app=system | "{A9A81CEF-F7E4-46A9-8DD6-9FF605FD2D14}" = rport=138 | protocol=17 | dir=out | app=system | "{AE473711-8E10-4C77-A4F4-EEF6191E82E0}" = rport=445 | protocol=6 | dir=out | app=system | "{B82B5744-F8D7-460E-97DA-76752554608B}" = lport=10243 | protocol=6 | dir=in | app=system | "{C455599B-A223-4A2D-A9B1-933D9347A81E}" = rport=139 | protocol=6 | dir=out | app=system | "{CA4440CD-B369-4C13-896C-8880C830A63C}" = rport=10243 | protocol=6 | dir=out | app=system | "{CCAFDF77-1ECD-4EA6-AC52-84EE2767CF13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D5560FFD-B1F8-4927-AECC-6BCCB6EF9605}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{D94ACBB1-3A7D-4EFE-B554-F0CD6B82055A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E840FEAF-438D-496A-B070-DE9C0716A5D4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EEF137C6-214B-42F7-A1CA-D56759DE80CC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F2AFFE59-2472-4138-A64F-122CC76CEDEB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02B38825-DC17-450C-94FA-DCE7878F23F5}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{05FD4F0E-58CC-4CD3-8E0B-30C962A3BE89}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0EF403D4-07C4-4D56-A579-5F8469044FA3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{10EE6459-51CF-45D6-92DC-5731F5C63C0D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{12C0C214-FBAF-48DC-ADFB-897A07D91B33}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{13101B93-E636-4F54-A12D-824F41D3C6D0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{13638D79-CCAD-491A-92E9-391B38329750}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{1BF19B1B-A047-4A6B-95CE-D94D4C919CB2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1DA964F6-1551-48A5-A405-063188612903}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1E2632A3-420A-47D9-A60C-05EF81EDFE1C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{1EEE8CF0-8B96-4E63-B00B-296BE3E4C73C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{21583109-B642-4969-A008-319E103950C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{2517D0B3-4078-4207-BDA2-89D364E78F43}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{27466975-7AB7-45D4-B435-CA7B0853C3AD}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{274736CA-DF9E-4866-BC3D-1D322DFD9FA9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{34112EAB-1410-47F6-858D-C4E0A1EC5798}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{37682735-E95C-4D26-A21C-F1593FD3FBBD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3D4F8FD0-4CBA-4216-870D-5DD675D2C860}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{4D121459-ED07-4408-9F78-99FF14A1DA50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{4DA4C203-C47B-489D-A324-DC89B6D3FC93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{59A8A70B-5CC0-4D30-A5B9-847D2376C763}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5AE544C0-82FF-45F8-8926-A1FC2DC5327D}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{630D70FE-116C-4DC4-AF1A-19B91A25CD69}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{6B31CD0D-5BF2-46FE-8B18-30852A258A55}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{6E083F55-16B6-4203-8420-44BF2C9F8379}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{769F4D23-3BBC-4BF7-8F00-80B93033E278}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{84C98A09-C759-4DD4-9E2A-4E206D7E9903}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8DB05E65-3D25-4F7D-A18D-3729A1F30B37}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8DD2A18B-0605-4D95-B185-DEE21D410BEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8FF88F84-7B4A-4D0F-88CC-9320C3C97103}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{92FC2579-C1C6-494D-B8F3-5E35C18A08A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{95834211-9C21-4F39-AC8F-BD895513CF51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{9C2E032A-A163-457C-904F-0B7FB9DCE203}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{9CEBC2E0-20BC-473B-B55C-A74F766DC701}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9E34B6B7-4096-42B7-BFCA-C6DB0DF6ED59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{A237B703-B061-4917-9CED-66DBBA6179DF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC55B16E-BF4D-46EA-A1A3-BD3622F1D586}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{B4CD46C4-F0B6-429C-B24F-BABB03F0CB00}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B63A085B-A0A1-43DA-A2AC-C647E21075F9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B855F89A-E487-4564-B1C9-B86B76267DBA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{BC3417DC-9463-4333-8C68-2572E21F1C99}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{C0FE1E5D-40BA-4146-A86E-BB3254C4F0D0}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{C7631890-2EAF-4822-9CFE-D24134263ECD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{D424A0C8-70FE-47FA-A6A6-894C7A10FB4A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DDBE7AD5-ED24-4BF9-BEB0-9862D95407DC}" = protocol=58 | dir=in | app=system | "{DDCA07EA-3C88-4018-9853-935F0A8EEF44}" = protocol=6 | dir=out | app=system | "{DE130FF7-DA25-45A0-BF00-D52D640E4ECE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{DEDB7083-768E-4B70-95BC-813643FBACAC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{E353446C-0D10-4A30-BF91-128785F67564}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E66C4D90-0EF5-452F-876D-F1C04F31E22F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{F067FF26-8555-48E9-B31D-D5C26193FC3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F4C1D810-7D3F-49C1-AF41-FAAEE3A6F476}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{F71DDD05-1031-47D9-87AA-4F5813494034}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{F98C2737-FA3E-4F8C-B885-1458F8B8DB9E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{FEDBAB3A-11BD-461F-A1C4-4DCF48C55C4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{FF0DEC12-B896-4E87-BE7A-B348825696EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{1795BAA8-65EC-66D0-9DA4-D4B1FBE7700E}" = ATI Catalyst Install Manager "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{60B72AB8-52E9-4D34-99A9-BC7377EB35DE}" = HP Wireless Assistant "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-006D-0C0A-1000-0000000FF1CE}" = Hacer clic y ejecutar de Microsoft Office 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{B601929F-3A47-4F37-8D1E-EAD1481BE5EA}" = ccc-utility64 "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B "{C3C912BB-BF4B-3788-8A19-DA5B999CE0C6}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack "{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{02FC8489-58FB-2628-768A-2CE172A37D7D}" = Catalyst Control Center Graphics Previews Common "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08F1513E-2113-06C5-583A-FB1DE0E64AE6}" = CCC Help Chinese Standard "{0AB910A1-042A-D781-3779-2A4DC383BF0F}" = CCC Help Czech "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0D619D56-854C-F5D1-A134-4EB72974E09E}" = CCC Help Thai "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi "{144AAC2E-410C-6F23-5EC4-CB96049DD1D4}" = CCC Help Finnish "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1AF5A6D6-266D-9A24-D13A-5A50B2182645}" = CCC Help Norwegian "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2A54B824-C32C-A931-17CB-A74B54E28AAE}" = CCC Help Spanish "{2BED1172-6F40-1090-C681-26FEEF383E14}" = ccc-core-static "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2F1E1F4D-B5CC-CA5D-2035-3A464BB053C3}" = CCC Help English "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3234355B-963B-99FE-EECA-8A034781AF15}" = CCC Help Polish "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3C302D80-4540-BA36-7167-8B59EC0BB9F4}" = CCC Help Korean "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{41136F4A-3C71-7F9F-7ECA-4E2C2D6C216F}" = CCC Help Dutch "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager "{4D66BBCA-8E0A-5FF3-4206-3BEA432FB1E9}" = CCC Help Turkish "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{543F949F-2B95-448F-9F2E-56F0C5FF8E2C}" = Catalyst Control Center - Branding "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66E2396F-1392-BECA-37D7-6C4AECED9668}" = CCC Help Russian "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup "{76896231-3040-4D77-B0D4-87D2256AC0CB}" = OpenOffice.org 3.2 "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}" = Microsoft Small Basic v1.0 "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E918D75-2600-0674-ADC2-4722D7F37018}" = CCC Help Italian "{824A35FE-EAB8-48E5-89EC-94D7D730C5FB}" = HP Software Framework "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{90140011-0066-0C0A-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Español "{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0C0A-0000-0000000FF1CE}" = Visor de Microsoft PowerPoint "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C632E6D-C984-75B8-DE46-8E495E179314}" = CCC Help Portuguese "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5 "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software "{A1A5DA17-C6A6-897E-2EBB-8BACE074FA10}" = CCC Help Swedish "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A5EFB5BD-5B8C-813B-711E-4C068721281F}" = CCC Help Danish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI "{B0B3A2CE-C337-E33B-F24E-A8BDCA644D03}" = Catalyst Control Center Localization All "{B360E24A-BF25-4353-AA79-1B54F509024A}" = HP Documentation "{B635B0A0-8C8B-4492-E54A-85CA5DC5CAC2}" = CCC Help Japanese "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BAB3C6F6-8C54-BFE0-A570-1E471ACE00B5}" = Catalyst Control Center Graphics Previews Vista "{BB9344E4-C629-7E36-6248-EAF3F7AFCB95}" = CCC Help Chinese Traditional "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D45DB0E4-E813-1584-9670-ADF85214596E}" = CCC Help French "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{DB15EA7D-B263-1B9B-0C3E-25BE7D15C551}" = PX Profile Update "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EE07C46F-278A-412C-4687-54963CBC5862}" = CCC Help Hungarian "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFD35B3A-0296-864F-C78F-910CD41B1C32}" = CCC Help Greek "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8504F00-2C61-0FA1-8E17-AADA786A164F}" = CCC Help German "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FE363238-928A-113D-0318-4F7CEBB88715}" = Catalyst Control Center InstallProxy "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira Free Antivirus "EasyBits Magic Desktop" = Magic Desktop "Google Chrome" = Google Chrome "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "jZip" = jZip "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "My HP Game Console" = HP Game Console "Office14.Click2Run" = Hacer clic y ejecutar de Microsoft Office 2010 "Softonic" = Softonic toolbar on IE "VLC media player" = VLC media player 1.1.11 "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials "World of Warcraft" = World of Warcraft "WT087361" = FATE "WT087380" = John Deere Drive Green "WT087394" = Penguins! "WT087396" = Polar Bowler "WT087420" = Agatha Christie - Death on the Nile "WT087428" = Bejeweled 2 Deluxe "WT087453" = Chuzzle Deluxe "WT087480" = Insaniquarium Deluxe "WT087485" = Jewel Quest II "WT087490" = Jewel Quest Solitaire "WT087501" = Plants vs. Zombies "WT087510" = Slingo Deluxe "WT087513" = Virtual Villagers - The Secret City "WT087519" = Wedding Dash "WT087533" = Zuma Deluxe "WT087536" = Diner Dash 2 Restaurant Rescue "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23/09/2012 19:59:25 | Computer Name = usuaria-HP | Source = VSS | ID = 8193 Description = Error - 24/09/2012 3:51:17 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815 Description = Error al generar el contexto de activación para "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" del atributo "version" del elemento "assemblyIdentity" no es válido. Error - 24/09/2012 13:02:07 | Computer Name = usuaria-HP | Source = CVHSVC | ID = 100 Description = Solo información. (Patch task for {90140011-0066-0C0A-0000-0000000FF1CE}): DownloadLatest Failed: No se pudo resolver el nombre de servidor o su dirección Error - 25/09/2012 3:49:52 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815 Description = Error al generar el contexto de activación para "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" del atributo "version" del elemento "assemblyIdentity" no es válido. Error - 27/09/2012 4:33:15 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815 Description = Error al generar el contexto de activación para "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" del atributo "version" del elemento "assemblyIdentity" no es válido. Error - 29/09/2012 19:51:04 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815 Description = Error al generar el contexto de activación para "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" del atributo "version" del elemento "assemblyIdentity" no es válido. Error - 02/10/2012 5:39:13 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815 Description = Error al generar el contexto de activación para "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" del atributo "version" del elemento "assemblyIdentity" no es válido. Error - 05/10/2012 4:24:04 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815 Description = Error al generar el contexto de activación para "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" del atributo "version" del elemento "assemblyIdentity" no es válido. Error - 05/10/2012 18:31:20 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815 Description = Error al generar el contexto de activación para "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" del atributo "version" del elemento "assemblyIdentity" no es válido. Error - 08/10/2012 4:19:07 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815 Description = Error al generar el contexto de activación para "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" del atributo "version" del elemento "assemblyIdentity" no es válido. [ Hewlett-Packard Events ] Error - 07/07/2012 7:11:52 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000 Description = Error - 21/07/2012 8:33:33 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000 Description = Error - 25/08/2012 10:30:14 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000 Description = Error - 01/09/2012 9:27:35 | Computer Name = usuaria-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() en HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() en HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: El objeto '/5724be89_fc37_4ff9_8720_2e995076e4d6/lzdfk24fml2qoonod_kyts6a_5.rem' se desconectó o no existe en el servidor. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: es-ES RAM: 3893 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String) Error - 04/10/2012 2:18:36 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000 Description = Error - 10/11/2012 11:02:42 | Computer Name = usuaria-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() en HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() en HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: El objeto '/92d7dd3c_9a95_4855_8e81_d7ebe9a8b022/ok7x6zwn7rtup9jjswp7tequ_5.rem' se desconectó o no existe en el servidor. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: es-ES RAM: 3893 Ram Utilization: 60 TargetSite: Void UpdateDetail(System.String) Error - 17/11/2012 4:11:17 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000 Description = Error - 01/12/2012 4:38:34 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000 Description = Error - 08/12/2012 7:16:37 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000 Description = Error - 30/12/2012 12:37:37 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261 en HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties() Message: Referencia a objeto no establecida como instancia de un objeto. StackTrace: en HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties() Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: es-ES RAM: 3893 Ram Utilization: 50 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties() [ HP Wireless Assistant Events ] Error - 06/09/2012 19:51:43 | Computer Name = usuaria-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 en HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) en HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 03/01/2013 12:22:33 | Computer Name = usuaria-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 en HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) en HPPA_Service.CurrentConfiguration.ReloadRadioList() [ System Events ] Error - 02/01/2013 17:54:27 | Computer Name = usuaria-HP | Source = BROWSER | ID = 8032 Description = Error - 03/01/2013 12:22:13 | Computer Name = usuaria-HP | Source = Service Control Manager | ID = 7011 Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio iphlpsvc. Error - 03/01/2013 19:37:52 | Computer Name = usuaria-HP | Source = bowser | ID = 8003 Description = Error - 03/01/2013 19:40:43 | Computer Name = usuaria-HP | Source = bowser | ID = 8003 Description = Error - 03/01/2013 20:07:19 | Computer Name = usuaria-HP | Source = EventLog | ID = 6008 Description = El cierre anterior del sistema a las 1:06:04 del ?04/?01/?2013 resultó inesperado. Error - 03/01/2013 22:44:12 | Computer Name = usuaria-HP | Source = bowser | ID = 8003 Description = Error - 04/01/2013 11:32:15 | Computer Name = usuaria-HP | Source = DCOM | ID = 10010 Description = Error - 04/01/2013 11:32:46 | Computer Name = usuaria-HP | Source = DCOM | ID = 10010 Description = Error - 04/01/2013 11:40:19 | Computer Name = usuaria-HP | Source = bowser | ID = 8003 Description = Error - 04/01/2013 13:34:48 | Computer Name = usuaria-HP | Source = EventLog | ID = 6008 Description = El cierre anterior del sistema a las 18:33:38 del ?04/?01/?2013 resultó inesperado. < End of report > Danach habe ich GMER runtergeladen, bin offline gegangen, habe Avira deaktiviert und GMER laufen lassen. Leider ist nach kurzer Zeit, ca. 2 min. alles gecrashed und ein Notfall Reboot gelaufen, ohne das ich etwas tun konnte (ohne Frage yes or no meine ich). Was soll ich jetzt tun? Gmer noch mal laufen lassen?? Danke im voraus Sissy |
|
04.01.2013, 21:58
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virenfunde in Quarantäne file von Avira Hallo und
__________________ Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________ |
|
06.01.2013, 01:54
| #3 |
| | Virenfunde in Quarantäne file von Avira Hallo Cosinus,
__________________wow ihr seit echt schnell..erst mal vielen Dank für die schnelle..ehmm Rüge.. ..tut mir echt leid, habe ich offensichtlich nicht gleich verstanden, das ich die Aviralogs auch posten soll.. sorry, tut mir leid..ich gebe mir alle Mühe , aber ich bin etwas schwerfällig mit dieser Materie..hab bitte Geduld mit mir,ok?Habe jetzt hoffentlich die Logs von Avira als Text Datei, hoffe, das ist ok?? Habe noch keinen Zipper auf meinem neuen Laptop, noch nicht geschafft zu downloaden..hoffe, das macht nicht noch mehr Arbeit für dich..  Die Frage jetzt, soll ich die Textdatei als Anhang oder copy paste senden??? Ahhhh, sorry als Code tag.. bin blond, sorry  Hoffe, das hat richtig funktioniert.. Vielen Dank und ach ja..gesundes und erfolgreiches neues Jahr Cosinus _________________________________________________________________ Code:
ATTFilter Exportierte Ereignisse:
28/12/2012 12:51 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\usuaria\Desktop\Sissy\Store n go\Magic Ball
2\MagicBall2.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei existiert nicht!
28/12/2012 12:48 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\usuaria\Desktop\Sissy\Store n go\Magic Ball
2\MagicBall2.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5a2417b6.qua'
verschoben!
28/12/2012 7:24 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\usuaria\Desktop\Sissy\Store n go\Magic Ball
2\MagicBall2.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
08/12/2012 21:32 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\usuaria\Downloads\ONLINE.LLOYDSTSB.CO.UK-PERSONAL-LOGON-LOGIN.JSPWT.AC
=HPIBLOGON.HTML'
enthielt einen Virus oder unerwünschtes Programm 'PHISH/Lloydstsb.B.2'
[phishing].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58173a31.qua'
verschoben!
08/12/2012 21:31 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\usuaria\Downloads\ONLINE.LLOYDSTSB.CO.UK-PERSONAL-LOGON-LOGIN.JSPWT.AC
=HPIBLOGON.HTML'
wurde ein Virus oder unerwünschtes Programm 'PHISH/Lloydstsb.B.2' [phishing]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
Geändert von buggerlux (06.01.2013 um 02:08 Uhr) |
|
06.01.2013, 02:24
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virenfunde in Quarantäne file von AviraCode:
ATTFilter C:\Users\usuaria\Desktop\Sissy\Store n go\Magic Ball 2\MagicBall2.exe
C:\Users\usuaria\Downloads\ONLINE.LLOYDSTSB.CO.UK-PERSONAL-LOGON-LOGIN.JSPWT.AC
Was hat das zweite im Downloadordner zu suchen? Wenn es da ist, müsstest du es ja selbst runtergeladen haben
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.01.2013, 21:09
| #5 |
| | Virenfunde in Quarantäne file von Avira Hi Cosinus, ich glaube das ist ein USB stick, store n go, von dem wir ein Spiel runtergeladen haben, Magic ball 2. Jetzt verstehe ich auch warum alle unsere Laptops infiziert wurden, obwohl wir alle Avira / Mc Affee auf dem Laptop haben, da wir alle das Spiel von dem USB runtergeladen haben. Wie kann ich den infizierten USB stick behandeln, um den Virus zu löschen?? Zum Thema Downloads, ich weiss nicht wann und wie ich das Programm runtergeladen habe..leider..eigentlich bin ich sehr vorsichtig mit Downloads..vielleicht war das als Anhang irgendwo dabei?? Danke erstmal Sissy Geändert von buggerlux (06.01.2013 um 21:14 Uhr) |
|
07.01.2013, 21:28
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virenfunde in Quarantäne file von Avira Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Virenfunde in Quarantäne file von Avira |
|
07.01.2013, 22:57
| #7 |
| | Virenfunde in Quarantäne file von Avira Hallo Cosinus, ich habe das Malwarebytes Antirootkit runtergeladen, gespeichert auf dem Desktop und mbar.exe gestartet und folgende Fehlermeldung bekommen: mbar.exe-Systemfehler Das Programm kann leider nicht gestartet werden, da QtGui4.dll im Computer fehlt. Bitte reinstallieren Sie dieses Programm, um dieses Problem zu korrigieren..oder so ähnlich, ist leider in spanisch.. Was nun? Gruss Sissy |
|
07.01.2013, 22:59
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virenfunde in Quarantäne file von Avira Überspringen wir MBAR erstmal 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.01.2013, 23:13
| #9 |
| | Virenfunde in Quarantäne file von Avira während des scans von aswmbr online bleiben oder offline? wegen dem ausgeschalteten avira, weisst du? |
|
07.01.2013, 23:22
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virenfunde in Quarantäne file von Avira Online bleiben! Schädlinge fliegen nicht einfach so auf deinem Rechner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.01.2013, 23:38
| #11 |
| | Virenfunde in Quarantäne file von AviraCode:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-07 23:08:04
-----------------------------
23:08:04.386 OS Version: Windows x64 6.1.7600
23:08:04.386 Number of processors: 4 586 0x2505
23:08:04.388 ComputerName: USUARIA-HP UserName: usuaria
23:08:09.485 Initialize success
23:10:25.040 AVAST engine defs: 13010700
23:10:44.986 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:10:44.991 Disk 0 Vendor: ST932042 0006 Size: 305245MB BusType: 3
23:10:45.005 Disk 0 MBR read successfully
23:10:45.009 Disk 0 MBR scan
23:10:45.016 Disk 0 unknown MBR code
23:10:45.023 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:10:45.038 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287800 MB offset 409600
23:10:45.073 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17141 MB offset 589824000
23:10:45.092 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
23:10:45.133 Disk 0 scanning C:\Windows\system32\drivers
23:10:56.102 Service scanning
23:11:18.379 Modules scanning
23:11:18.396 Disk 0 trace - called modules:
23:11:18.750 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:11:18.760 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fdd060]
23:11:18.770 3 CLASSPNP.SYS[fffff88001ae943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f3e050]
23:11:22.292 AVAST engine scan C:\Windows
23:11:24.455 AVAST engine scan C:\Windows\system32
23:14:35.778 AVAST engine scan C:\Windows\system32\drivers
23:14:48.790 AVAST engine scan C:\Users\usuaria
23:28:09.388 AVAST engine scan C:\ProgramData
23:31:21.169 Scan finished successfully
23:31:56.432 Disk 0 MBR has been saved successfully to "C:\Users\usuaria\Desktop\MBR.dat"
23:31:56.437 The log file has been saved successfully to "C:\Users\usuaria\Desktop\aswMBR.txt"
Code:
ATTFilter 00:10:40.0754 7060 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:10:42.0760 7060 ============================================================
00:10:42.0761 7060 Current date / time: 2013/01/08 00:10:42.0760
00:10:42.0761 7060 SystemInfo:
00:10:42.0761 7060
00:10:42.0761 7060 OS Version: 6.1.7600 ServicePack: 0.0
00:10:42.0761 7060 Product type: Workstation
00:10:42.0761 7060 ComputerName: USUARIA-HP
00:10:42.0761 7060 UserName: usuaria
00:10:42.0761 7060 Windows directory: C:\Windows
00:10:42.0761 7060 System windows directory: C:\Windows
00:10:42.0761 7060 Running under WOW64
00:10:42.0761 7060 Processor architecture: Intel x64
00:10:42.0761 7060 Number of processors: 4
00:10:42.0761 7060 Page size: 0x1000
00:10:42.0761 7060 Boot type: Normal boot
00:10:42.0761 7060 ============================================================
00:10:43.0416 7060 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:10:43.0513 7060 ============================================================
00:10:43.0513 7060 \Device\Harddisk0\DR0:
00:10:43.0523 7060 MBR partitions:
00:10:43.0523 7060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
00:10:43.0523 7060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x2321C000
00:10:43.0523 7060 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23280000, BlocksNum 0x217A800
00:10:43.0523 7060 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
00:10:43.0523 7060 ============================================================
00:10:43.0575 7060 C: <-> \Device\Harddisk0\DR0\Partition2
00:10:43.0622 7060 D: <-> \Device\Harddisk0\DR0\Partition3
00:10:43.0622 7060 ============================================================
00:10:43.0622 7060 Initialize success
00:10:43.0622 7060 ============================================================
00:12:47.0472 6016 ============================================================
00:12:47.0472 6016 Scan started
00:12:47.0472 6016 Mode: Manual; SigCheck; TDLFS;
00:12:47.0472 6016 ============================================================
00:12:47.0870 6016 ================ Scan system memory ========================
00:12:47.0870 6016 System memory - ok
00:12:47.0870 6016 ================ Scan services =============================
00:12:48.0018 6016 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
00:12:48.0150 6016 1394ohci - ok
00:12:48.0172 6016 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
00:12:48.0196 6016 ACPI - ok
00:12:48.0209 6016 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
00:12:48.0269 6016 AcpiPmi - ok
00:12:48.0425 6016 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:12:48.0450 6016 AdobeFlashPlayerUpdateSvc - ok
00:12:48.0501 6016 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:12:48.0529 6016 adp94xx - ok
00:12:48.0562 6016 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:12:48.0597 6016 adpahci - ok
00:12:48.0641 6016 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:12:48.0658 6016 adpu320 - ok
00:12:48.0677 6016 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:12:48.0831 6016 AeLookupSvc - ok
00:12:48.0913 6016 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
00:12:48.0934 6016 AERTFilters - ok
00:12:49.0002 6016 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
00:12:49.0069 6016 AFD - ok
00:12:49.0126 6016 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
00:12:49.0224 6016 AgereSoftModem - ok
00:12:49.0250 6016 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
00:12:49.0272 6016 agp440 - ok
00:12:49.0312 6016 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:12:49.0370 6016 ALG - ok
00:12:49.0405 6016 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
00:12:49.0422 6016 aliide - ok
00:12:49.0442 6016 [ CC180E1E0700995340C838BC1A729577 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:12:49.0474 6016 AMD External Events Utility - ok
00:12:49.0499 6016 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
00:12:49.0515 6016 amdide - ok
00:12:49.0532 6016 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:12:49.0564 6016 AmdK8 - ok
00:12:49.0724 6016 [ 8155EA1864D1FA8B168C46C41ED97A76 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:12:49.0928 6016 amdkmdag - ok
00:12:49.0953 6016 [ 4841C7AF2BAC05AE23955D65B4336446 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
00:12:49.0993 6016 amdkmdap - ok
00:12:50.0012 6016 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:12:50.0029 6016 AmdPPM - ok
00:12:50.0072 6016 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:12:50.0101 6016 amdsata - ok
00:12:50.0126 6016 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:12:50.0155 6016 amdsbs - ok
00:12:50.0184 6016 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:12:50.0210 6016 amdxata - ok
00:12:50.0323 6016 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:12:50.0342 6016 AntiVirSchedulerService - ok
00:12:50.0353 6016 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:12:50.0367 6016 AntiVirService - ok
00:12:50.0390 6016 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
00:12:50.0480 6016 AppID - ok
00:12:50.0505 6016 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:12:50.0577 6016 AppIDSvc - ok
00:12:50.0595 6016 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
00:12:50.0631 6016 Appinfo - ok
00:12:50.0652 6016 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:12:50.0666 6016 arc - ok
00:12:50.0685 6016 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:12:50.0700 6016 arcsas - ok
00:12:50.0721 6016 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:12:50.0786 6016 AsyncMac - ok
00:12:50.0813 6016 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
00:12:50.0825 6016 atapi - ok
00:12:50.0862 6016 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
00:12:50.0882 6016 AtiHdmiService - ok
00:12:50.0921 6016 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:12:51.0030 6016 AudioEndpointBuilder - ok
00:12:51.0052 6016 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:12:51.0098 6016 AudioSrv - ok
00:12:51.0127 6016 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
00:12:51.0139 6016 avgntflt - ok
00:12:51.0170 6016 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
00:12:51.0198 6016 avipbb - ok
00:12:51.0225 6016 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
00:12:51.0247 6016 avkmgr - ok
00:12:51.0287 6016 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:12:51.0335 6016 AxInstSV - ok
00:12:51.0376 6016 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:12:51.0428 6016 b06bdrv - ok
00:12:51.0449 6016 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:12:51.0481 6016 b57nd60a - ok
00:12:51.0595 6016 [ 810BE94A9E42309B3F74217AC28BC6AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
00:12:51.0708 6016 BCM43XX - ok
00:12:51.0742 6016 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:12:51.0790 6016 BDESVC - ok
00:12:51.0813 6016 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:12:51.0878 6016 Beep - ok
00:12:51.0912 6016 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
00:12:51.0989 6016 BFE - ok
00:12:52.0038 6016 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
00:12:52.0131 6016 BITS - ok
00:12:52.0166 6016 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:12:52.0195 6016 blbdrive - ok
00:12:52.0241 6016 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:12:52.0298 6016 bowser - ok
00:12:52.0317 6016 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:12:52.0356 6016 BrFiltLo - ok
00:12:52.0368 6016 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:12:52.0387 6016 BrFiltUp - ok
00:12:52.0425 6016 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
00:12:52.0472 6016 Browser - ok
00:12:52.0499 6016 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:12:52.0539 6016 Brserid - ok
00:12:52.0552 6016 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:12:52.0588 6016 BrSerWdm - ok
00:12:52.0602 6016 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:12:52.0626 6016 BrUsbMdm - ok
00:12:52.0640 6016 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:12:52.0664 6016 BrUsbSer - ok
00:12:52.0676 6016 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:12:52.0697 6016 BTHMODEM - ok
00:12:52.0729 6016 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:12:52.0790 6016 bthserv - ok
00:12:52.0808 6016 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:12:52.0852 6016 cdfs - ok
00:12:52.0887 6016 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:12:52.0927 6016 cdrom - ok
00:12:52.0958 6016 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
00:12:53.0023 6016 CertPropSvc - ok
00:12:53.0036 6016 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:12:53.0063 6016 circlass - ok
00:12:53.0092 6016 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:12:53.0113 6016 CLFS - ok
00:12:53.0179 6016 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:12:53.0202 6016 clr_optimization_v2.0.50727_32 - ok
00:12:53.0268 6016 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:12:53.0293 6016 clr_optimization_v2.0.50727_64 - ok
00:12:53.0380 6016 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:12:53.0407 6016 clr_optimization_v4.0.30319_32 - ok
00:12:53.0449 6016 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:12:53.0474 6016 clr_optimization_v4.0.30319_64 - ok
00:12:53.0519 6016 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:12:53.0555 6016 CmBatt - ok
00:12:53.0605 6016 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
00:12:53.0631 6016 cmdide - ok
00:12:53.0692 6016 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
00:12:53.0772 6016 CNG - ok
00:12:53.0786 6016 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:12:53.0807 6016 Compbatt - ok
00:12:53.0826 6016 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
00:12:53.0853 6016 CompositeBus - ok
00:12:53.0857 6016 COMSysApp - ok
00:12:53.0874 6016 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:12:53.0889 6016 crcdisk - ok
00:12:53.0933 6016 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:12:53.0977 6016 CryptSvc - ok
00:12:54.0106 6016 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:12:54.0148 6016 cvhsvc - ok
00:12:54.0178 6016 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:12:54.0244 6016 DcomLaunch - ok
00:12:54.0272 6016 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:12:54.0320 6016 defragsvc - ok
00:12:54.0355 6016 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:12:54.0402 6016 DfsC - ok
00:12:54.0433 6016 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
00:12:54.0545 6016 Dhcp - ok
00:12:54.0571 6016 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:12:54.0631 6016 discache - ok
00:12:54.0660 6016 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:12:54.0673 6016 Disk - ok
00:12:54.0710 6016 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:12:54.0764 6016 Dnscache - ok
00:12:54.0785 6016 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
00:12:54.0857 6016 dot3svc - ok
00:12:54.0912 6016 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
00:12:54.0954 6016 Dot4 - ok
00:12:55.0007 6016 [ 85135AD27E79B689335C08167D917CDE ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:12:55.0050 6016 Dot4Print - ok
00:12:55.0066 6016 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
00:12:55.0098 6016 dot4usb - ok
00:12:55.0114 6016 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
00:12:55.0173 6016 DPS - ok
00:12:55.0192 6016 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:12:55.0209 6016 drmkaud - ok
00:12:55.0245 6016 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:12:55.0296 6016 DXGKrnl - ok
00:12:55.0321 6016 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:12:55.0379 6016 EapHost - ok
00:12:55.0462 6016 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:12:55.0554 6016 ebdrv - ok
00:12:55.0581 6016 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
00:12:55.0615 6016 EFS - ok
00:12:55.0682 6016 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:12:55.0734 6016 ehRecvr - ok
00:12:55.0760 6016 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:12:55.0789 6016 ehSched - ok
00:12:55.0818 6016 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:12:55.0858 6016 elxstor - ok
00:12:55.0871 6016 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
00:12:55.0884 6016 ErrDev - ok
00:12:55.0919 6016 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:12:55.0973 6016 EventSystem - ok
00:12:56.0002 6016 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:12:56.0059 6016 exfat - ok
00:12:56.0075 6016 ezSharedSvc - ok
00:12:56.0090 6016 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:12:56.0151 6016 fastfat - ok
00:12:56.0183 6016 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
00:12:56.0239 6016 Fax - ok
00:12:56.0250 6016 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:12:56.0280 6016 fdc - ok
00:12:56.0292 6016 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:12:56.0339 6016 fdPHost - ok
00:12:56.0364 6016 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:12:56.0408 6016 FDResPub - ok
00:12:56.0420 6016 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:12:56.0433 6016 FileInfo - ok
00:12:56.0443 6016 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:12:56.0487 6016 Filetrace - ok
00:12:56.0501 6016 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:12:56.0513 6016 flpydisk - ok
00:12:56.0546 6016 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:12:56.0578 6016 FltMgr - ok
00:12:56.0613 6016 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
00:12:56.0695 6016 FontCache - ok
00:12:56.0730 6016 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:12:56.0740 6016 FontCache3.0.0.0 - ok
00:12:56.0751 6016 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:12:56.0765 6016 FsDepends - ok
00:12:56.0822 6016 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
00:12:56.0843 6016 fssfltr - ok
00:12:56.0957 6016 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:12:57.0034 6016 fsssvc - ok
00:12:57.0072 6016 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:12:57.0085 6016 Fs_Rec - ok
00:12:57.0117 6016 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:12:57.0138 6016 fvevol - ok
00:12:57.0158 6016 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:12:57.0173 6016 gagp30kx - ok
00:12:57.0235 6016 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
00:12:57.0263 6016 GameConsoleService - ok
00:12:57.0304 6016 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
00:12:57.0358 6016 gpsvc - ok
00:12:57.0414 6016 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:12:57.0425 6016 gupdate - ok
00:12:57.0439 6016 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:12:57.0449 6016 gupdatem - ok
00:12:57.0504 6016 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
00:12:57.0524 6016 hamachi - ok
00:12:57.0653 6016 [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
00:12:57.0713 6016 Hamachi2Svc - ok
00:12:57.0731 6016 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:12:57.0764 6016 hcw85cir - ok
00:12:57.0791 6016 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:12:57.0824 6016 HdAudAddService - ok
00:12:57.0849 6016 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:12:57.0881 6016 HDAudBus - ok
00:12:57.0916 6016 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
00:12:57.0928 6016 HECIx64 - ok
00:12:57.0945 6016 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:12:57.0969 6016 HidBatt - ok
00:12:57.0990 6016 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:12:58.0020 6016 HidBth - ok
00:12:58.0035 6016 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:12:58.0067 6016 HidIr - ok
00:12:58.0094 6016 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:12:58.0177 6016 hidserv - ok
00:12:58.0202 6016 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:12:58.0226 6016 HidUsb - ok
00:12:58.0245 6016 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:12:58.0304 6016 hkmsvc - ok
00:12:58.0325 6016 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:12:58.0352 6016 HomeGroupListener - ok
00:12:58.0373 6016 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:12:58.0390 6016 HomeGroupProvider - ok
00:12:58.0473 6016 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
00:12:58.0495 6016 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
00:12:58.0495 6016 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
00:12:58.0544 6016 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
00:12:58.0561 6016 HP Wireless Assistant Service - ok
00:12:58.0673 6016 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:12:58.0697 6016 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
00:12:58.0697 6016 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
00:12:58.0721 6016 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:12:58.0738 6016 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
00:12:58.0738 6016 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
00:12:58.0812 6016 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
00:12:58.0865 6016 hpqwmiex - ok
00:12:58.0891 6016 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
00:12:58.0905 6016 HpSAMD - ok
00:12:58.0962 6016 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
00:12:59.0026 6016 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
00:12:59.0027 6016 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
00:12:59.0098 6016 [ 9DF9CF7840A3A99F2FFD614F0A13F2F9 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
00:12:59.0115 6016 HPWMISVC - ok
00:12:59.0143 6016 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:12:59.0218 6016 HTTP - ok
00:12:59.0241 6016 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:12:59.0252 6016 hwpolicy - ok
00:12:59.0274 6016 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:12:59.0294 6016 i8042prt - ok
00:12:59.0318 6016 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:12:59.0337 6016 iaStor - ok
00:12:59.0384 6016 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
00:12:59.0395 6016 IAStorDataMgrSvc - ok
00:12:59.0433 6016 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:12:59.0460 6016 iaStorV - ok
00:12:59.0512 6016 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:12:59.0576 6016 idsvc - ok
00:12:59.0803 6016 [ FBACBED7A37B3223822470FF1D8EA00F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
00:13:00.0093 6016 igfx - ok
00:13:00.0119 6016 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:13:00.0132 6016 iirsp - ok
00:13:00.0175 6016 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
00:13:00.0281 6016 IKEEXT - ok
00:13:00.0356 6016 [ E76FDFFF07F8A2FA81FF250DDA0F6BBA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:13:00.0455 6016 IntcAzAudAddService - ok
00:13:00.0472 6016 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
00:13:00.0484 6016 intelide - ok
00:13:00.0675 6016 [ FBACBED7A37B3223822470FF1D8EA00F ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
00:13:00.0935 6016 intelkmd - ok
00:13:00.0953 6016 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:13:00.0979 6016 intelppm - ok
00:13:00.0995 6016 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:13:01.0047 6016 IPBusEnum - ok
00:13:01.0060 6016 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:13:01.0102 6016 IpFilterDriver - ok
00:13:01.0120 6016 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:13:01.0172 6016 iphlpsvc - ok
00:13:01.0183 6016 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:13:01.0197 6016 IPMIDRV - ok
00:13:01.0202 6016 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:13:01.0253 6016 IPNAT - ok
00:13:01.0276 6016 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:13:01.0294 6016 IRENUM - ok
00:13:01.0304 6016 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
00:13:01.0316 6016 isapnp - ok
00:13:01.0336 6016 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:13:01.0352 6016 iScsiPrt - ok
00:13:01.0373 6016 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:13:01.0386 6016 kbdclass - ok
00:13:01.0399 6016 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:13:01.0430 6016 kbdhid - ok
00:13:01.0447 6016 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
00:13:01.0461 6016 KeyIso - ok
00:13:01.0499 6016 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:13:01.0516 6016 KSecDD - ok
00:13:01.0538 6016 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:13:01.0554 6016 KSecPkg - ok
00:13:01.0574 6016 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:13:01.0627 6016 ksthunk - ok
00:13:01.0654 6016 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:13:01.0710 6016 KtmRm - ok
00:13:01.0750 6016 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:13:01.0790 6016 LanmanServer - ok
00:13:01.0821 6016 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:13:01.0901 6016 LanmanWorkstation - ok
00:13:01.0955 6016 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:13:01.0972 6016 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
00:13:01.0972 6016 LightScribeService - detected UnsignedFile.Multi.Generic (1)
00:13:01.0996 6016 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:13:02.0052 6016 lltdio - ok
00:13:02.0084 6016 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:13:02.0143 6016 lltdsvc - ok
00:13:02.0157 6016 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:13:02.0207 6016 lmhosts - ok
00:13:02.0260 6016 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:13:02.0284 6016 LMS - ok
00:13:02.0314 6016 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:13:02.0336 6016 LSI_FC - ok
00:13:02.0349 6016 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:13:02.0370 6016 LSI_SAS - ok
00:13:02.0382 6016 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:13:02.0399 6016 LSI_SAS2 - ok
00:13:02.0416 6016 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:13:02.0431 6016 LSI_SCSI - ok
00:13:02.0457 6016 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:13:02.0509 6016 luafv - ok
00:13:02.0548 6016 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
00:13:02.0568 6016 MBAMProtector - ok
00:13:02.0613 6016 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:13:02.0640 6016 MBAMScheduler - ok
00:13:02.0673 6016 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:13:02.0710 6016 MBAMService - ok
00:13:02.0728 6016 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:13:02.0745 6016 Mcx2Svc - ok
00:13:02.0761 6016 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:13:02.0775 6016 megasas - ok
00:13:02.0794 6016 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:13:02.0813 6016 MegaSR - ok
00:13:02.0838 6016 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:13:02.0883 6016 MMCSS - ok
00:13:02.0896 6016 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:13:02.0944 6016 Modem - ok
00:13:02.0966 6016 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:13:02.0999 6016 monitor - ok
00:13:03.0026 6016 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:13:03.0041 6016 mouclass - ok
00:13:03.0054 6016 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:13:03.0070 6016 mouhid - ok
00:13:03.0096 6016 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:13:03.0111 6016 mountmgr - ok
00:13:03.0118 6016 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
00:13:03.0135 6016 mpio - ok
00:13:03.0155 6016 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:13:03.0203 6016 mpsdrv - ok
00:13:03.0225 6016 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:13:03.0295 6016 MpsSvc - ok
00:13:03.0311 6016 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:13:03.0380 6016 MRxDAV - ok
00:13:03.0417 6016 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:13:03.0444 6016 mrxsmb - ok
00:13:03.0459 6016 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:13:03.0492 6016 mrxsmb10 - ok
00:13:03.0522 6016 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:13:03.0560 6016 mrxsmb20 - ok
00:13:03.0582 6016 [ 5E939CF91EA4A841DBAFE4627E0292BB ] msahci C:\Windows\system32\DRIVERS\msahci.sys
00:13:03.0601 6016 msahci - ok
00:13:03.0609 6016 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
00:13:03.0628 6016 msdsm - ok
00:13:03.0643 6016 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:13:03.0675 6016 MSDTC - ok
00:13:03.0693 6016 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:13:03.0737 6016 Msfs - ok
00:13:03.0762 6016 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:13:03.0841 6016 mshidkmdf - ok
00:13:03.0853 6016 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
00:13:03.0865 6016 msisadrv - ok
00:13:03.0892 6016 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:13:03.0938 6016 MSiSCSI - ok
00:13:03.0941 6016 msiserver - ok
00:13:03.0963 6016 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:13:04.0017 6016 MSKSSRV - ok
00:13:04.0028 6016 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:13:04.0082 6016 MSPCLOCK - ok
00:13:04.0096 6016 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:13:04.0151 6016 MSPQM - ok
00:13:04.0174 6016 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:13:04.0194 6016 MsRPC - ok
00:13:04.0210 6016 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:13:04.0222 6016 mssmbios - ok
00:13:04.0235 6016 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:13:04.0288 6016 MSTEE - ok
00:13:04.0307 6016 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:13:04.0330 6016 MTConfig - ok
00:13:04.0343 6016 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:13:04.0357 6016 Mup - ok
00:13:04.0386 6016 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
00:13:04.0453 6016 napagent - ok
00:13:04.0489 6016 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:13:04.0529 6016 NativeWifiP - ok
00:13:04.0559 6016 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
00:13:04.0606 6016 NDIS - ok
00:13:04.0618 6016 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:13:04.0674 6016 NdisCap - ok
00:13:04.0697 6016 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:13:04.0741 6016 NdisTapi - ok
00:13:04.0751 6016 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:13:04.0796 6016 Ndisuio - ok
00:13:04.0806 6016 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:13:04.0852 6016 NdisWan - ok
00:13:04.0866 6016 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:13:04.0921 6016 NDProxy - ok
00:13:04.0958 6016 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:13:04.0973 6016 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:13:04.0973 6016 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:13:04.0990 6016 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:13:05.0049 6016 NetBIOS - ok
00:13:05.0065 6016 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:13:05.0110 6016 NetBT - ok
00:13:05.0136 6016 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
00:13:05.0147 6016 Netlogon - ok
00:13:05.0183 6016 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:13:05.0269 6016 Netman - ok
00:13:05.0292 6016 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:13:05.0356 6016 netprofm - ok
00:13:05.0383 6016 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:13:05.0396 6016 NetTcpPortSharing - ok
00:13:05.0522 6016 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
00:13:05.0705 6016 netw5v64 - ok
00:13:05.0731 6016 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:13:05.0745 6016 nfrd960 - ok
00:13:05.0760 6016 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:13:05.0817 6016 NlaSvc - ok
00:13:05.0836 6016 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:13:05.0880 6016 Npfs - ok
00:13:05.0902 6016 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:13:05.0943 6016 nsi - ok
00:13:05.0947 6016 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:13:06.0005 6016 nsiproxy - ok
00:13:06.0073 6016 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:13:06.0160 6016 Ntfs - ok
00:13:06.0168 6016 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:13:06.0220 6016 Null - ok
00:13:06.0262 6016 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:13:06.0294 6016 nvraid - ok
00:13:06.0334 6016 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:13:06.0354 6016 nvstor - ok
00:13:06.0366 6016 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
00:13:06.0384 6016 nv_agp - ok
00:13:06.0401 6016 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
00:13:06.0419 6016 ohci1394 - ok
00:13:06.0455 6016 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:13:06.0472 6016 ose - ok
00:13:06.0631 6016 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:13:06.0750 6016 osppsvc - ok
00:13:06.0782 6016 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:13:06.0826 6016 p2pimsvc - ok
00:13:06.0845 6016 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:13:06.0867 6016 p2psvc - ok
00:13:06.0883 6016 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:13:06.0900 6016 Parport - ok
00:13:06.0937 6016 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:13:06.0952 6016 partmgr - ok
00:13:06.0967 6016 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:13:07.0007 6016 PcaSvc - ok
00:13:07.0022 6016 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
00:13:07.0040 6016 pci - ok
00:13:07.0051 6016 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
00:13:07.0065 6016 pciide - ok
00:13:07.0077 6016 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:13:07.0096 6016 pcmcia - ok
00:13:07.0106 6016 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:13:07.0119 6016 pcw - ok
00:13:07.0137 6016 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:13:07.0198 6016 PEAUTH - ok
00:13:07.0263 6016 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:13:07.0279 6016 PerfHost - ok
00:13:07.0321 6016 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
00:13:07.0414 6016 pla - ok
00:13:07.0463 6016 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:13:07.0519 6016 PlugPlay - ok
00:13:07.0545 6016 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:13:07.0561 6016 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:13:07.0561 6016 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:13:07.0577 6016 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:13:07.0594 6016 PNRPAutoReg - ok
00:13:07.0608 6016 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:13:07.0626 6016 PNRPsvc - ok
00:13:07.0658 6016 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:13:07.0711 6016 PolicyAgent - ok
00:13:07.0737 6016 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:13:07.0790 6016 Power - ok
00:13:07.0819 6016 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:13:07.0899 6016 PptpMiniport - ok
00:13:07.0913 6016 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:13:07.0937 6016 Processor - ok
00:13:07.0975 6016 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
00:13:08.0031 6016 ProfSvc - ok
00:13:08.0040 6016 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:13:08.0055 6016 ProtectedStorage - ok
00:13:08.0073 6016 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:13:08.0122 6016 Psched - ok
00:13:08.0161 6016 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:13:08.0224 6016 ql2300 - ok
00:13:08.0239 6016 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:13:08.0253 6016 ql40xx - ok
00:13:08.0273 6016 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:13:08.0296 6016 QWAVE - ok
00:13:08.0304 6016 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:13:08.0332 6016 QWAVEdrv - ok
00:13:08.0348 6016 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:13:08.0389 6016 RasAcd - ok
00:13:08.0419 6016 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:13:08.0460 6016 RasAgileVpn - ok
00:13:08.0476 6016 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:13:08.0528 6016 RasAuto - ok
00:13:08.0539 6016 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:13:08.0596 6016 Rasl2tp - ok
00:13:08.0648 6016 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
00:13:08.0739 6016 RasMan - ok
00:13:08.0753 6016 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:13:08.0796 6016 RasPppoe - ok
00:13:08.0811 6016 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:13:08.0864 6016 RasSstp - ok
00:13:08.0883 6016 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:13:08.0938 6016 rdbss - ok
00:13:08.0956 6016 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:13:08.0973 6016 rdpbus - ok
00:13:08.0989 6016 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:13:09.0029 6016 RDPCDD - ok
00:13:09.0050 6016 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:13:09.0102 6016 RDPENCDD - ok
00:13:09.0116 6016 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:13:09.0173 6016 RDPREFMP - ok
00:13:09.0206 6016 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:13:09.0243 6016 RDPWD - ok
00:13:09.0253 6016 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:13:09.0271 6016 rdyboost - ok
00:13:09.0290 6016 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:13:09.0334 6016 RemoteAccess - ok
00:13:09.0360 6016 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:13:09.0414 6016 RemoteRegistry - ok
00:13:09.0432 6016 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:13:09.0487 6016 RpcEptMapper - ok
00:13:09.0513 6016 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:13:09.0554 6016 RpcLocator - ok
00:13:09.0584 6016 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
00:13:09.0641 6016 RpcSs - ok
00:13:09.0650 6016 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:13:09.0701 6016 rspndr - ok
00:13:09.0758 6016 [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
00:13:09.0786 6016 RSUSBSTOR - ok
00:13:09.0819 6016 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:13:09.0840 6016 RTL8167 - ok
00:13:09.0890 6016 [ FEBFB5730E12F62CA38F86A066E7348D ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
00:13:09.0912 6016 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
00:13:09.0912 6016 RtVOsdService - detected UnsignedFile.Multi.Generic (1)
00:13:09.0929 6016 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
00:13:09.0953 6016 SamSs - ok
00:13:09.0964 6016 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
00:13:09.0978 6016 sbp2port - ok
00:13:10.0002 6016 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:13:10.0049 6016 SCardSvr - ok
00:13:10.0059 6016 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:13:10.0109 6016 scfilter - ok
00:13:10.0162 6016 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
00:13:10.0240 6016 Schedule - ok
00:13:10.0268 6016 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:13:10.0320 6016 SCPolicySvc - ok
00:13:10.0345 6016 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
00:13:10.0371 6016 sdbus - ok
00:13:10.0389 6016 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:13:10.0434 6016 SDRSVC - ok
00:13:10.0450 6016 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:13:10.0497 6016 secdrv - ok
00:13:10.0505 6016 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
00:13:10.0561 6016 seclogon - ok
00:13:10.0576 6016 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:13:10.0629 6016 SENS - ok
00:13:10.0653 6016 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:13:10.0678 6016 SensrSvc - ok
00:13:10.0694 6016 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:13:10.0709 6016 Serenum - ok
00:13:10.0721 6016 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:13:10.0738 6016 Serial - ok
00:13:10.0756 6016 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:13:10.0786 6016 sermouse - ok
00:13:10.0811 6016 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
00:13:10.0860 6016 SessionEnv - ok
00:13:10.0869 6016 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
00:13:10.0904 6016 sffdisk - ok
00:13:10.0922 6016 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:13:10.0943 6016 sffp_mmc - ok
00:13:10.0970 6016 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
00:13:10.0993 6016 sffp_sd - ok
00:13:11.0005 6016 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:13:11.0020 6016 sfloppy - ok
00:13:11.0060 6016 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
00:13:11.0098 6016 Sftfs - ok
00:13:11.0176 6016 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:13:11.0216 6016 sftlist - ok
00:13:11.0227 6016 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:13:11.0244 6016 Sftplay - ok
00:13:11.0258 6016 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:13:11.0269 6016 Sftredir - ok
00:13:11.0275 6016 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
00:13:11.0286 6016 Sftvol - ok
00:13:11.0297 6016 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:13:11.0312 6016 sftvsa - ok
00:13:11.0340 6016 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:13:11.0400 6016 SharedAccess - ok
00:13:11.0434 6016 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:13:11.0474 6016 ShellHWDetection - ok
00:13:11.0504 6016 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:13:11.0517 6016 SiSRaid2 - ok
00:13:11.0531 6016 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:13:11.0545 6016 SiSRaid4 - ok
00:13:11.0699 6016 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:13:11.0791 6016 Skype C2C Service - ok
00:13:11.0831 6016 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:13:11.0843 6016 SkypeUpdate - ok
00:13:11.0870 6016 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:13:11.0931 6016 Smb - ok
00:13:11.0970 6016 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:13:11.0998 6016 SNMPTRAP - ok
00:13:12.0013 6016 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:13:12.0026 6016 spldr - ok
00:13:12.0065 6016 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
00:13:12.0114 6016 Spooler - ok
00:13:12.0181 6016 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
00:13:12.0316 6016 sppsvc - ok
00:13:12.0331 6016 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:13:12.0388 6016 sppuinotify - ok
00:13:12.0432 6016 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:13:12.0481 6016 srv - ok
00:13:12.0509 6016 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:13:12.0544 6016 srv2 - ok
00:13:12.0580 6016 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:13:12.0600 6016 SrvHsfHDA - ok
00:13:12.0635 6016 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:13:12.0692 6016 SrvHsfV92 - ok
00:13:12.0713 6016 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:13:12.0756 6016 SrvHsfWinac - ok
00:13:12.0774 6016 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:13:12.0791 6016 srvnet - ok
00:13:12.0817 6016 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:13:12.0879 6016 SSDPSRV - ok
00:13:12.0894 6016 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:13:12.0938 6016 SstpSvc - ok
00:13:12.0954 6016 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:13:12.0968 6016 stexstor - ok
00:13:13.0000 6016 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
00:13:13.0076 6016 stisvc - ok
00:13:13.0089 6016 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:13:13.0102 6016 swenum - ok
00:13:13.0121 6016 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:13:13.0186 6016 swprv - ok
00:13:13.0229 6016 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:13:13.0266 6016 SynTP - ok
00:13:13.0312 6016 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
00:13:13.0388 6016 SysMain - ok
00:13:13.0404 6016 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:13:13.0440 6016 TabletInputService - ok
00:13:13.0487 6016 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
00:13:13.0498 6016 taphss - ok
00:13:13.0516 6016 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
00:13:13.0577 6016 TapiSrv - ok
00:13:13.0594 6016 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:13:13.0638 6016 TBS - ok
00:13:13.0712 6016 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:13:13.0808 6016 Tcpip - ok
00:13:13.0870 6016 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:13:13.0918 6016 TCPIP6 - ok
00:13:13.0945 6016 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:13:13.0988 6016 tcpipreg - ok
00:13:13.0999 6016 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:13:14.0018 6016 TDPIPE - ok
00:13:14.0048 6016 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:13:14.0091 6016 TDTCP - ok
00:13:14.0114 6016 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:13:14.0192 6016 tdx - ok
00:13:14.0203 6016 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:13:14.0216 6016 TermDD - ok
00:13:14.0242 6016 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
00:13:14.0308 6016 TermService - ok
00:13:14.0315 6016 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:13:14.0346 6016 Themes - ok
00:13:14.0364 6016 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:13:14.0407 6016 THREADORDER - ok
00:13:14.0434 6016 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:13:14.0490 6016 TrkWks - ok
00:13:14.0533 6016 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:13:14.0550 6016 TrustedInstaller - ok
00:13:14.0567 6016 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:13:14.0621 6016 tssecsrv - ok
00:13:14.0651 6016 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:13:14.0710 6016 tunnel - ok
00:13:14.0727 6016 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:13:14.0742 6016 uagp35 - ok
00:13:14.0771 6016 [ C06E6F4679CEB8F430B90A51D76D8D3C ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:13:14.0805 6016 udfs - ok
00:13:14.0821 6016 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:13:14.0839 6016 UI0Detect - ok
00:13:14.0855 6016 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
00:13:14.0870 6016 uliagpkx - ok
00:13:14.0886 6016 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:13:14.0902 6016 umbus - ok
00:13:14.0923 6016 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:13:14.0952 6016 UmPass - ok
00:13:15.0050 6016 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:13:15.0114 6016 UNS - ok
00:13:15.0127 6016 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:13:15.0178 6016 upnphost - ok
00:13:15.0212 6016 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:13:15.0232 6016 usbccgp - ok
00:13:15.0251 6016 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
00:13:15.0278 6016 usbcir - ok
00:13:15.0291 6016 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
00:13:15.0306 6016 usbehci - ok
00:13:15.0327 6016 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:13:15.0347 6016 usbhub - ok
00:13:15.0360 6016 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:13:15.0389 6016 usbohci - ok
00:13:15.0414 6016 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:13:15.0435 6016 usbprint - ok
00:13:15.0483 6016 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:13:15.0514 6016 usbscan - ok
00:13:15.0550 6016 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:13:15.0595 6016 USBSTOR - ok
00:13:15.0606 6016 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:13:15.0624 6016 usbuhci - ok
00:13:15.0683 6016 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
00:13:15.0730 6016 usbvideo - ok
00:13:15.0754 6016 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:13:15.0801 6016 UxSms - ok
00:13:15.0812 6016 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
00:13:15.0824 6016 VaultSvc - ok
00:13:15.0849 6016 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
00:13:15.0861 6016 vdrvroot - ok
00:13:15.0882 6016 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
00:13:15.0905 6016 vds - ok
00:13:15.0917 6016 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:13:15.0933 6016 vga - ok
00:13:15.0943 6016 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:13:15.0998 6016 VgaSave - ok
00:13:16.0019 6016 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
00:13:16.0035 6016 vhdmp - ok
00:13:16.0047 6016 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
00:13:16.0060 6016 viaide - ok
00:13:16.0071 6016 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
00:13:16.0085 6016 volmgr - ok
00:13:16.0103 6016 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:13:16.0123 6016 volmgrx - ok
00:13:16.0160 6016 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:13:16.0195 6016 volsnap - ok
00:13:16.0222 6016 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:13:16.0241 6016 vsmraid - ok
00:13:16.0276 6016 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
00:13:16.0330 6016 VSS - ok
00:13:16.0346 6016 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:13:16.0373 6016 vwifibus - ok
00:13:16.0406 6016 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:13:16.0450 6016 vwififlt - ok
00:13:16.0484 6016 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:13:16.0549 6016 W32Time - ok
00:13:16.0565 6016 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:13:16.0595 6016 WacomPen - ok
00:13:16.0627 6016 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:13:16.0673 6016 WANARP - ok
00:13:16.0676 6016 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:13:16.0719 6016 Wanarpv6 - ok
00:13:16.0791 6016 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:13:16.0862 6016 WatAdminSvc - ok
00:13:16.0903 6016 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
00:13:16.0980 6016 wbengine - ok
00:13:16.0993 6016 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:13:17.0017 6016 WbioSrvc - ok
00:13:17.0055 6016 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:13:17.0090 6016 wcncsvc - ok
00:13:17.0101 6016 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:13:17.0119 6016 WcsPlugInService - ok
00:13:17.0133 6016 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:13:17.0148 6016 Wd - ok
00:13:17.0198 6016 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:13:17.0259 6016 Wdf01000 - ok
00:13:17.0308 6016 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:13:17.0358 6016 WdiServiceHost - ok
00:13:17.0363 6016 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:13:17.0382 6016 WdiSystemHost - ok
00:13:17.0423 6016 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
00:13:17.0478 6016 WebClient - ok
00:13:17.0494 6016 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:13:17.0558 6016 Wecsvc - ok
00:13:17.0573 6016 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:13:17.0627 6016 wercplsupport - ok
00:13:17.0655 6016 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:13:17.0697 6016 WerSvc - ok
00:13:17.0716 6016 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:13:17.0757 6016 WfpLwf - ok
00:13:17.0774 6016 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:13:17.0786 6016 WIMMount - ok
00:13:17.0801 6016 WinDefend - ok
00:13:17.0807 6016 WinHttpAutoProxySvc - ok
00:13:17.0858 6016 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:13:17.0920 6016 Winmgmt - ok
00:13:17.0964 6016 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
00:13:18.0080 6016 WinRM - ok
00:13:18.0118 6016 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:13:18.0136 6016 WinUsb - ok
00:13:18.0164 6016 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:13:18.0212 6016 Wlansvc - ok
00:13:18.0276 6016 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:13:18.0296 6016 wlcrasvc - ok
00:13:18.0388 6016 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:13:18.0480 6016 wlidsvc - ok
00:13:18.0505 6016 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
00:13:18.0518 6016 WmiAcpi - ok
00:13:18.0530 6016 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:13:18.0561 6016 wmiApSrv - ok
00:13:18.0583 6016 WMPNetworkSvc - ok
00:13:18.0596 6016 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:13:18.0615 6016 WPCSvc - ok
00:13:18.0632 6016 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:13:18.0677 6016 WPDBusEnum - ok
00:13:18.0693 6016 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:13:18.0765 6016 ws2ifsl - ok
00:13:18.0800 6016 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
00:13:18.0831 6016 wscsvc - ok
00:13:18.0834 6016 WSearch - ok
00:13:18.0930 6016 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:13:19.0037 6016 wuauserv - ok
00:13:19.0069 6016 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:13:19.0105 6016 WudfPf - ok
00:13:19.0136 6016 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:13:19.0164 6016 WUDFRd - ok
00:13:19.0199 6016 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:13:19.0231 6016 wudfsvc - ok
00:13:19.0263 6016 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:13:19.0303 6016 WwanSvc - ok
00:13:19.0366 6016 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:13:19.0419 6016 YahooAUService - ok
00:13:19.0448 6016 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
00:13:19.0472 6016 yukonw7 - ok
00:13:19.0480 6016 ================ Scan global ===============================
00:13:19.0495 6016 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:13:19.0534 6016 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
00:13:19.0547 6016 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
00:13:19.0570 6016 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:13:19.0583 6016 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:13:19.0589 6016 [Global] - ok
00:13:19.0590 6016 ================ Scan MBR ==================================
00:13:19.0597 6016 [ CC9C5FAA77C441F50FBFFA1D2609ECAF ] \Device\Harddisk0\DR0
00:13:19.0973 6016 \Device\Harddisk0\DR0 - ok
00:13:19.0974 6016 ================ Scan VBR ==================================
00:13:19.0978 6016 [ 7C0A4A1D3C82E7A003BEB90C52503D01 ] \Device\Harddisk0\DR0\Partition1
00:13:19.0981 6016 \Device\Harddisk0\DR0\Partition1 - ok
00:13:20.0019 6016 [ 66DBABCDFD2D605F4D2CF3675A68BB66 ] \Device\Harddisk0\DR0\Partition2
00:13:20.0022 6016 \Device\Harddisk0\DR0\Partition2 - ok
00:13:20.0054 6016 [ B9D6E274A73EF2DBA69AB3291E5ACD3F ] \Device\Harddisk0\DR0\Partition3
00:13:20.0057 6016 \Device\Harddisk0\DR0\Partition3 - ok
00:13:20.0073 6016 [ 6CFAA3447CC7E26B32E3DEAD5B3E1125 ] \Device\Harddisk0\DR0\Partition4
00:13:20.0075 6016 \Device\Harddisk0\DR0\Partition4 - ok
00:13:20.0075 6016 ============================================================
00:13:20.0075 6016 Scan finished
00:13:20.0075 6016 ============================================================
00:13:20.0095 4448 Detected object count: 8
00:13:20.0095 4448 Actual detected object count: 8
00:14:39.0499 4448 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0499 4448 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:14:39.0503 4448 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0503 4448 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:14:39.0504 4448 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0504 4448 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:14:39.0506 4448 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0507 4448 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:14:39.0516 4448 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0516 4448 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:14:39.0517 4448 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0517 4448 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:14:39.0519 4448 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0519 4448 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:14:39.0520 4448 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0520 4448 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Danke und gute Nacht Geändert von buggerlux (08.01.2013 um 00:30 Uhr) |
|
08.01.2013, 19:38
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virenfunde in Quarantäne file von Avira Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.01.2013, 23:12
| #13 |
| | Virenfunde in Quarantäne file von Avira hallo Cosinus, hier die log Datei von Combofix.exe..allerdings gab es am Anfang eine Fehlermeldung von meinem Avira, obwohl ich dachte ich hätte alles ausgeschaltet, gab es wohl noch ein Administratorenprogramm von Avira, wenn es um Registry geht. Hoffe, das trotzdem alles durchsucht werden konnte. wenn nicht, lass es mich wissen und ich lasse Combofix nochmals durchlaufen,ok? Code:
ATTFilter ComboFix 13-01-08.01 - usuaria 08/01/2013 22:38:29.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.34.3082.18.3894.2407 [GMT 1:00]
Running from: c:\users\usuaria\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))
.
.
2013-01-08 21:47 . 2013-01-08 21:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-30 16:31 . 2012-12-30 16:31 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-12-28 05:40 . 2012-12-28 05:40 -------- d-----w- c:\users\usuaria\AppData\Roaming\Malwarebytes
2012-12-28 05:40 . 2012-12-28 05:40 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 05:40 . 2012-12-28 05:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-28 05:40 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 05:38 . 2012-12-28 05:38 -------- d-----w- c:\users\usuaria\AppData\Local\Programs
2012-12-28 04:51 . 2012-12-28 04:52 -------- d-----w- c:\program files (x86)\Google
2012-12-20 22:00 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-20 22:00 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-20 22:00 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-20 22:00 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 22:29 . 2012-12-16 22:29 -------- d-----w- c:\users\usuaria\aeat
2012-12-12 14:58 . 2012-11-02 05:27 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 14:58 . 2012-11-02 04:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-12 14:58 . 2012-09-06 17:38 295792 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-11 16:01 . 2012-12-11 16:01 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-06 20:19 . 2012-07-08 01:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-06 20:19 . 2011-12-07 14:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 22:02 . 2011-12-26 00:13 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 16:04 . 2012-12-02 22:28 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 16:04 . 2012-12-02 22:28 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-30 15:44 . 2012-11-30 15:44 0 ----a-w- c:\windows\SysWow64\shoAF2C.tmp
2012-11-28 12:54 . 2012-11-28 12:54 0 ----a-w- c:\windows\SysWow64\sho2147.tmp
2012-11-27 22:12 . 2012-11-27 22:12 0 ----a-w- c:\windows\SysWow64\shoA50A.tmp
2012-11-27 01:54 . 2012-11-27 01:54 0 ----a-w- c:\windows\SysWow64\sho79F3.tmp
2012-11-16 19:17 . 2012-12-02 22:28 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-08 17:24 . 2012-11-30 15:51 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13660B22-64E8-4978-B698-EE7E2D123D8D}\mpengine.dll
2012-10-16 21:20 . 2012-11-27 21:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-27 21:52 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-27 21:52 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-08-02 10:13 248936 ----a-w- c:\program files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll" [2012-08-02 274536]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-23 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-07-02 602680]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
c:\users\usuaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-2-4 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-22 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-22 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-07-02 27192]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-17 315392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-06-22 10342240]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 09:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 20:19]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28 04:51]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28 04:51]
.
2012-12-19 c:\windows\Tasks\HPCeeScheduleForUSUARIA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
2013-01-01 c:\windows\Tasks\HPCeeScheduleForusuaria.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=10&cc=
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{a060276a-53be-45ec-8ebe-b94b1e803179} - (no file)
BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
WebBrowser-{A060276A-53BE-45EC-8EBE-B94B1E803179} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-08 23:05:11
ComboFix-quarantined-files.txt 2013-01-08 22:05
.
Pre-Run: 13.193.875.456 bytes libres
Post-Run: 18.130.538.496 bytes libres
.
- - End Of File - - D6D0229EE1723B0DD8882E75816EDF6B
|
|
09.01.2013, 10:40
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virenfunde in Quarantäne file von Avira adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.01.2013, 18:30
| #15 |
| | Virenfunde in Quarantäne file von Avira HIER DIE LOGS VON ADWCLEANER Code:
ATTFilter # AdwCleaner v2.105 - Fichero creado el 09/01/2013 a 18:26:45
# Actualizado el 08/01/2013 por Xplode
# Sistema operativo : Windows 7 Home Premium (64 bits)
# Usuario : usuaria - USUARIA-HP
# Modo de inicio : Normal
# Ejecutado desde : C:\Users\usuaria\Desktop\adwcleaner.exe
# Opción [Búsqueda]
***** [Servicios] *****
***** [Ficheros / Carpetas] *****
Carpeta Presente : C:\Program Files (x86)\Conduit
Carpeta Presente : C:\Program Files (x86)\Softonic
Carpeta Presente : C:\ProgramData\Ask
Carpeta Presente : C:\Users\usuaria\AppData\Local\Conduit
Carpeta Presente : C:\Users\usuaria\AppData\LocalLow\Conduit
Carpeta Presente : C:\Users\usuaria\AppData\LocalLow\Softonic
Fichero Presente : C:\user.js
***** [Registro] *****
Clave Presente : HKCU\Software\AppDataLow\Software\Conduit
Clave Presente : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Presente : HKCU\Software\Softonic
Clave Presente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clave Presente : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clave Presente : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clave Presente : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clave Presente : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clave Presente : HKLM\SOFTWARE\Classes\escort.escortIEPane
Clave Presente : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Clave Presente : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Clave Presente : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Clave Presente : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Clave Presente : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Clave Presente : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Clave Presente : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Clave Presente : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Clave Presente : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Clave Presente : HKLM\SOFTWARE\Classes\Toolbar.CT2549263
Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clave Presente : HKLM\Software\Conduit
Clave Presente : HKLM\Software\Softonic
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Clave Presente : HKU\S-1-5-21-2051178920-43645615-1976691682-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Valor Presente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
***** [Navegadores] *****
-\\ Internet Explorer v8.0.7600.17153
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=10&cc=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=15&cc=
-\\ Google Chrome v23.0.1271.97
Fichero : C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] El fichero no contiene ninguna entrada ilegítima.
*************************
AdwCleaner[R1].txt - [8083 octets] - [09/01/2013 18:26:45]
########## EOF - C:\AdwCleaner[R1].txt - [8143 octets] ##########
|
|
| Themen zu Virenfunde in Quarantäne file von Avira |
| adware, antivirus, autorun, avira, bho, browser.exe, desktop, diner dash, email, error, failed, firefox, flash player, frage, gmer absturz, gmx.net, google, helper, home, homepage, igdpmd64.sys, install.exe, launch, logfile, microsoft office starter 2010, object, officejet, phishingversuch, phishingwarnungen, plug-in, realtek, registry, scan, security, software, tr/crypt xpack.gen, viren, warnung, wenig ahnung, windows, yahoo.com |
Linear-Darstellung
