Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virenfunde in Quarantäne file von Avira

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.01.2013, 19:07   #1
buggerlux
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



Hi liebe Admins,
ich bin neu hier und habe wenig Ahnung von der Materie, leider. Ich gebe mir aber alle Mühe, alles richtig zu machen und euch die Arbeit, für die ich euch sehr sehr dankbar bin, so leicht wie möglich zu machen.

Mein Laptop ist infiziert mit 4 verschiedenen Viren und Phishingprogrammen (und die Laptops meiner beiden Kinder ebenfalls, insgesamt 3 Laptops).

Habe Avira als Antivirus programm. Dort sind die folgenden Dateien im Quarantäne file:

1.TR/Crypt.XPACK.Gen

2.PHISH/Lloydstsb.B.2

3.ADWARE/Adware.Gen

4.ADWARE/Zugo.C.1

Ich werde ausschliesslich auf unverschlüsselte Webseiten weitergeleitet und kann keine Hyperlinks aus einer email öffnen. Erhalte dann immer eine Warnung, Vorsicht unverschlüsselte Seite.

Mein Emailprogramm ist auch unverschlüsselt und jemand hat versucht, eine Subemail einzurichten, was ich im Internetcafe verhindern konnte, indem ich mein Passwort geändert habe ( ich hoffe es jedenfalls, das das etwas gebracht hat ) (yahoo.com und gmx.net).

Habe dann Malwarebytes runtergeladen und laufen lassen. Hat leider nichts gefunden.

Defogger ist nur eine Sekunde lang gelaufen, ohne weitere Meldungen.

Dann habe ich OTL laufen lassen, hier sind die Logdateien, hoffe ich jedenfalls, denn ich habe sie sicherheitshalber in ein Worddoc. kopiert:

OTL logfile created on: 04/01/2013 18:42:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\usuaria\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

3,80 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 58,97% Memory free
7,60 Gb Paging File | 5,58 Gb Available in Paging File | 73,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281,05 Gb Total Space | 12,15 Gb Free Space | 4,32% Space Free | Partition Type: NTFS
Drive D: | 16,74 Gb Total Space | 2,42 Gb Free Space | 14,45% Space Free | Partition Type: NTFS

Computer Name: USUARIA-HP | User Name: usuaria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\usuaria\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\usuaria\Downloads\Defogger.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\usuaria\Downloads\Defogger.exe ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7e8f414bc6515c5c0ac668b66c54d0e9\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ea188a15ceb1b2cd23b5d1001851415f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1a91709f9ee4c8f482e39a7edab66a82\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\afd41059ca83fef0dcd7fa7153c584f3\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\235eaf1990f51bf13f28330ebaade5c3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f99b0632adee947c24ac2e46826d794f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (wlcrasvc) -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (HP Wireless Assistant Service) -- C:\Archivos de programa\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (RtVOsdService) -- C:\Archivos de programa\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Archivos de programa\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A5D006A4-2613-429B-9D18-7E69D1A47BBE}
IE:64bit: - HKLM\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/10
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2549263
IE - HKLM\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=10&cc=
IE - HKCU\..\URLSearchHook: {a060276a-53be-45ec-8ebe-b94b1e803179} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {94F2CA5E-9D46-495A-8700-5EBDA1B10960}
IE - HKCU\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{7055052C-AABD-4F87-86B2-2555CAB9A5D3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYES&apn_uid=1DFDDFE2-3A33-4AD4-80DC-D1525CA0ECF7&apn_sauid=9661D129-DF98-47F6-9778-07DA305D73DB
IE - HKCU\..\SearchScopes\{94F2CA5E-9D46-495A-8700-5EBDA1B10960}: "URL" = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKCU\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2549263
IE - HKCU\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\usuaria\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/16 11:04:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/16 11:04:29 | 000,000,000 | ---D | M]

[2012/02/29 21:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\usuaria\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A060276A-53BE-45EC-8EBE-B94B1E803179} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - Startup: C:\Users\usuaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{255B75DC-C912-48F5-A2E8-2DB43E870C9C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5586999B-4ED2-4C86-8077-0D81E07C6273}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/04 18:12:08 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013/01/04 00:43:28 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{8A4F1AA4-380E-45BD-B721-54A8CD167255}
[2012/12/30 17:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/12/30 17:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/12/29 18:30:31 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{97B0A534-45EA-49D5-88DD-40942E160041}
[2012/12/28 12:57:25 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{2CB4DDF3-2864-4C29-9F8A-57ACAB5CC410}
[2012/12/28 06:40:42 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Roaming\Malwarebytes
[2012/12/28 06:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/28 06:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/28 06:40:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/28 06:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/28 06:38:39 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\Programs
[2012/12/28 05:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/28 05:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/12/20 21:58:43 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{C1D01EAC-C83B-4C88-9300-4302DE776D47}
[2012/12/20 21:49:36 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{7980638D-EAEF-466D-BB63-FA0248460A01}
[2012/12/20 21:40:04 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{74DCB271-F49D-4B82-B575-3C8A846DE6D0}
[2012/12/20 21:38:09 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{C01AF3A6-D141-453D-ADBE-CB13DB45B32D}
[2012/12/20 18:48:55 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{171327EB-539E-46AE-B45A-B00EC92B1D34}
[2012/12/20 18:20:28 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{02817BBC-0514-43F4-9812-ABC7D01425D5}
[2012/12/20 18:04:00 | 000,000,000 | ---D | C] -- C:\Users\usuaria\Desktop\fotos tarjeta 16 gb
[2012/12/20 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{A53B79E6-37C5-4D9E-A94D-DF5E49F60F72}
[2012/12/20 16:54:56 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{14C06D40-6601-4D93-877A-8BFA4ACD22A3}
[2012/12/16 23:29:27 | 000,000,000 | ---D | C] -- C:\Users\usuaria\aeat
[2012/12/11 17:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/12/11 17:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[26 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\usuaria\Desktop\*.tmp files -> C:\Users\usuaria\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/04 18:42:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/04 18:42:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/04 18:39:19 | 000,000,000 | ---- | M] () -- C:\Users\usuaria\defogger_reenable
[2013/01/04 18:34:57 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/04 18:34:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/04 18:34:42 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/04 18:27:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/04 17:56:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/01 19:29:52 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForusuaria.job
[2012/12/30 17:34:02 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/12/28 06:40:32 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/28 05:52:54 | 000,002,281 | ---- | M] () -- C:\Users\usuaria\Desktop\Google Chrome.lnk
[2012/12/23 05:15:43 | 001,557,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/23 05:15:43 | 000,704,518 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/12/23 05:15:43 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/23 05:15:43 | 000,138,226 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/12/23 05:15:43 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/20 23:18:19 | 000,303,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/20 17:33:53 | 000,006,144 | ---- | M] () -- C:\Users\usuaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/19 19:17:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUSUARIA-HP$.job
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/11 17:04:34 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/12/11 17:04:34 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[26 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\usuaria\Desktop\*.tmp files -> C:\Users\usuaria\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/04 18:39:19 | 000,000,000 | ---- | C] () -- C:\Users\usuaria\defogger_reenable
[2012/12/30 17:34:02 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/12/28 06:40:32 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/28 05:52:54 | 000,002,281 | ---- | C] () -- C:\Users\usuaria\Desktop\Google Chrome.lnk
[2012/12/28 05:51:33 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/28 05:51:29 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/15 00:51:20 | 000,006,144 | ---- | C] () -- C:\Users\usuaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/03 02:13:04 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/01/03 16:29:57 | 001,584,422 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/19 01:33:05 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/12/16 11:00:14 | 000,244,490 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/12/16 11:00:14 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/12/07 15:33:22 | 000,017,408 | ---- | C] () -- C:\Users\usuaria\AppData\Local\WebpageIcons.db

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/11 17:47:49 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\.minecraft
[2012/05/26 15:14:02 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\OpenOffice.org
[2013/01/01 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\SoftGrid Client
[2012/01/03 16:30:46 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\TP
[2012/01/15 13:01:47 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\WildTangent
[2013/01/04 00:43:35 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 04/01/2013 18:42:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\usuaria\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

3,80 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 58,97% Memory free
7,60 Gb Paging File | 5,58 Gb Available in Paging File | 73,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281,05 Gb Total Space | 12,15 Gb Free Space | 4,32% Space Free | Partition Type: NTFS
Drive D: | 16,74 Gb Total Space | 2,42 Gb Free Space | 14,45% Space Free | Partition Type: NTFS

Computer Name: USUARIA-HP | User Name: usuaria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08AC2105-1106-47D6-A7C6-9451FC4D790D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12395484-D3B7-4D2D-B108-77EDA9F7F476}" = rport=137 | protocol=17 | dir=out | app=system |
"{14406CF3-5995-4943-8AF2-7B73273DAC1F}" = lport=137 | protocol=17 | dir=in | app=system |
"{14B461CE-7382-42B7-8D6B-35EE0161F71C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2274A369-1028-4CAF-B39B-4C94119DA22F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{44379B13-2E51-4B40-B9A4-BE379853DEC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4E2C07BE-DCD9-4321-B2EF-FB06A300E869}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4F183B8B-D3DD-4BB6-8E08-8D4E0C2E76C5}" = lport=445 | protocol=6 | dir=in | app=system |
"{52CBFE9E-7D62-440E-BC04-877DD8FCD64B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7125DEF4-B4F3-4A2C-AB95-1E12FBF341AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{73C9C0CA-9597-47BC-A7C0-8A2E7B4C416E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76F12180-8944-4007-92DE-55A016A880F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{78A47875-D195-4E35-8069-7F6A22B06575}" = lport=138 | protocol=17 | dir=in | app=system |
"{86A5379A-E36D-4360-A994-05BAA7AF603F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96BA09F8-1D92-4275-AA6F-F805A6FD0096}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A1BC049-421F-41BC-AF47-44B0F380C53D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A9A81CEF-F7E4-46A9-8DD6-9FF605FD2D14}" = rport=138 | protocol=17 | dir=out | app=system |
"{AE473711-8E10-4C77-A4F4-EEF6191E82E0}" = rport=445 | protocol=6 | dir=out | app=system |
"{B82B5744-F8D7-460E-97DA-76752554608B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C455599B-A223-4A2D-A9B1-933D9347A81E}" = rport=139 | protocol=6 | dir=out | app=system |
"{CA4440CD-B369-4C13-896C-8880C830A63C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CCAFDF77-1ECD-4EA6-AC52-84EE2767CF13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5560FFD-B1F8-4927-AECC-6BCCB6EF9605}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D94ACBB1-3A7D-4EFE-B554-F0CD6B82055A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E840FEAF-438D-496A-B070-DE9C0716A5D4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EEF137C6-214B-42F7-A1CA-D56759DE80CC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2AFFE59-2472-4138-A64F-122CC76CEDEB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B38825-DC17-450C-94FA-DCE7878F23F5}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{05FD4F0E-58CC-4CD3-8E0B-30C962A3BE89}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0EF403D4-07C4-4D56-A579-5F8469044FA3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{10EE6459-51CF-45D6-92DC-5731F5C63C0D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{12C0C214-FBAF-48DC-ADFB-897A07D91B33}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{13101B93-E636-4F54-A12D-824F41D3C6D0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{13638D79-CCAD-491A-92E9-391B38329750}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{1BF19B1B-A047-4A6B-95CE-D94D4C919CB2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1DA964F6-1551-48A5-A405-063188612903}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E2632A3-420A-47D9-A60C-05EF81EDFE1C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{1EEE8CF0-8B96-4E63-B00B-296BE3E4C73C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{21583109-B642-4969-A008-319E103950C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{2517D0B3-4078-4207-BDA2-89D364E78F43}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{27466975-7AB7-45D4-B435-CA7B0853C3AD}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{274736CA-DF9E-4866-BC3D-1D322DFD9FA9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{34112EAB-1410-47F6-858D-C4E0A1EC5798}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{37682735-E95C-4D26-A21C-F1593FD3FBBD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3D4F8FD0-4CBA-4216-870D-5DD675D2C860}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4D121459-ED07-4408-9F78-99FF14A1DA50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{4DA4C203-C47B-489D-A324-DC89B6D3FC93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59A8A70B-5CC0-4D30-A5B9-847D2376C763}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AE544C0-82FF-45F8-8926-A1FC2DC5327D}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{630D70FE-116C-4DC4-AF1A-19B91A25CD69}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{6B31CD0D-5BF2-46FE-8B18-30852A258A55}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{6E083F55-16B6-4203-8420-44BF2C9F8379}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{769F4D23-3BBC-4BF7-8F00-80B93033E278}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{84C98A09-C759-4DD4-9E2A-4E206D7E9903}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DB05E65-3D25-4F7D-A18D-3729A1F30B37}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8DD2A18B-0605-4D95-B185-DEE21D410BEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FF88F84-7B4A-4D0F-88CC-9320C3C97103}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{92FC2579-C1C6-494D-B8F3-5E35C18A08A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{95834211-9C21-4F39-AC8F-BD895513CF51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{9C2E032A-A163-457C-904F-0B7FB9DCE203}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{9CEBC2E0-20BC-473B-B55C-A74F766DC701}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E34B6B7-4096-42B7-BFCA-C6DB0DF6ED59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{A237B703-B061-4917-9CED-66DBBA6179DF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC55B16E-BF4D-46EA-A1A3-BD3622F1D586}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{B4CD46C4-F0B6-429C-B24F-BABB03F0CB00}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B63A085B-A0A1-43DA-A2AC-C647E21075F9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B855F89A-E487-4564-B1C9-B86B76267DBA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{BC3417DC-9463-4333-8C68-2572E21F1C99}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C0FE1E5D-40BA-4146-A86E-BB3254C4F0D0}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{C7631890-2EAF-4822-9CFE-D24134263ECD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{D424A0C8-70FE-47FA-A6A6-894C7A10FB4A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DDBE7AD5-ED24-4BF9-BEB0-9862D95407DC}" = protocol=58 | dir=in | app=system |
"{DDCA07EA-3C88-4018-9853-935F0A8EEF44}" = protocol=6 | dir=out | app=system |
"{DE130FF7-DA25-45A0-BF00-D52D640E4ECE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{DEDB7083-768E-4B70-95BC-813643FBACAC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{E353446C-0D10-4A30-BF91-128785F67564}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E66C4D90-0EF5-452F-876D-F1C04F31E22F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{F067FF26-8555-48E9-B31D-D5C26193FC3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4C1D810-7D3F-49C1-AF41-FAAEE3A6F476}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{F71DDD05-1031-47D9-87AA-4F5813494034}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{F98C2737-FA3E-4F8C-B885-1458F8B8DB9E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{FEDBAB3A-11BD-461F-A1C4-4DCF48C55C4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{FF0DEC12-B896-4E87-BE7A-B348825696EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1795BAA8-65EC-66D0-9DA4-D4B1FBE7700E}" = ATI Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B72AB8-52E9-4D34-99A9-BC7377EB35DE}" = HP Wireless Assistant
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0C0A-1000-0000000FF1CE}" = Hacer clic y ejecutar de Microsoft Office 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B601929F-3A47-4F37-8D1E-EAD1481BE5EA}" = ccc-utility64
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{C3C912BB-BF4B-3788-8A19-DA5B999CE0C6}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02FC8489-58FB-2628-768A-2CE172A37D7D}" = Catalyst Control Center Graphics Previews Common
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08F1513E-2113-06C5-583A-FB1DE0E64AE6}" = CCC Help Chinese Standard
"{0AB910A1-042A-D781-3779-2A4DC383BF0F}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D619D56-854C-F5D1-A134-4EB72974E09E}" = CCC Help Thai
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{144AAC2E-410C-6F23-5EC4-CB96049DD1D4}" = CCC Help Finnish
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1AF5A6D6-266D-9A24-D13A-5A50B2182645}" = CCC Help Norwegian
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A54B824-C32C-A931-17CB-A74B54E28AAE}" = CCC Help Spanish
"{2BED1172-6F40-1090-C681-26FEEF383E14}" = ccc-core-static
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F1E1F4D-B5CC-CA5D-2035-3A464BB053C3}" = CCC Help English
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3234355B-963B-99FE-EECA-8A034781AF15}" = CCC Help Polish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C302D80-4540-BA36-7167-8B59EC0BB9F4}" = CCC Help Korean
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41136F4A-3C71-7F9F-7ECA-4E2C2D6C216F}" = CCC Help Dutch
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4D66BBCA-8E0A-5FF3-4206-3BEA432FB1E9}" = CCC Help Turkish
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{543F949F-2B95-448F-9F2E-56F0C5FF8E2C}" = Catalyst Control Center - Branding
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66E2396F-1392-BECA-37D7-6C4AECED9668}" = CCC Help Russian
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{76896231-3040-4D77-B0D4-87D2256AC0CB}" = OpenOffice.org 3.2
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}" = Microsoft Small Basic v1.0
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E918D75-2600-0674-ADC2-4722D7F37018}" = CCC Help Italian
"{824A35FE-EAB8-48E5-89EC-94D7D730C5FB}" = HP Software Framework
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0C0A-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Español
"{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0C0A-0000-0000000FF1CE}" = Visor de Microsoft PowerPoint
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C632E6D-C984-75B8-DE46-8E495E179314}" = CCC Help Portuguese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A1A5DA17-C6A6-897E-2EBB-8BACE074FA10}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A5EFB5BD-5B8C-813B-711E-4C068721281F}" = CCC Help Danish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{B0B3A2CE-C337-E33B-F24E-A8BDCA644D03}" = Catalyst Control Center Localization All
"{B360E24A-BF25-4353-AA79-1B54F509024A}" = HP Documentation
"{B635B0A0-8C8B-4492-E54A-85CA5DC5CAC2}" = CCC Help Japanese
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAB3C6F6-8C54-BFE0-A570-1E471ACE00B5}" = Catalyst Control Center Graphics Previews Vista
"{BB9344E4-C629-7E36-6248-EAF3F7AFCB95}" = CCC Help Chinese Traditional
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45DB0E4-E813-1584-9670-ADF85214596E}" = CCC Help French
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DB15EA7D-B263-1B9B-0C3E-25BE7D15C551}" = PX Profile Update
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EE07C46F-278A-412C-4687-54963CBC5862}" = CCC Help Hungarian
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFD35B3A-0296-864F-C78F-910CD41B1C32}" = CCC Help Greek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8504F00-2C61-0FA1-8E17-AADA786A164F}" = CCC Help German
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE363238-928A-113D-0318-4F7CEBB88715}" = Catalyst Control Center InstallProxy
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"EasyBits Magic Desktop" = Magic Desktop
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"jZip" = jZip
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Hacer clic y ejecutar de Microsoft Office 2010
"Softonic" = Softonic toolbar on IE
"VLC media player" = VLC media player 1.1.11
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/09/2012 19:59:25 | Computer Name = usuaria-HP | Source = VSS | ID = 8193
Description =

Error - 24/09/2012 3:51:17 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
del atributo "version" del elemento "assemblyIdentity" no es válido.

Error - 24/09/2012 13:02:07 | Computer Name = usuaria-HP | Source = CVHSVC | ID = 100
Description = Solo información. (Patch task for {90140011-0066-0C0A-0000-0000000FF1CE}):
DownloadLatest Failed: No se pudo resolver el nombre de servidor o su dirección


Error - 25/09/2012 3:49:52 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
del atributo "version" del elemento "assemblyIdentity" no es válido.

Error - 27/09/2012 4:33:15 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
del atributo "version" del elemento "assemblyIdentity" no es válido.

Error - 29/09/2012 19:51:04 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
del atributo "version" del elemento "assemblyIdentity" no es válido.

Error - 02/10/2012 5:39:13 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
del atributo "version" del elemento "assemblyIdentity" no es válido.

Error - 05/10/2012 4:24:04 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
del atributo "version" del elemento "assemblyIdentity" no es válido.

Error - 05/10/2012 18:31:20 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
del atributo "version" del elemento "assemblyIdentity" no es válido.

Error - 08/10/2012 4:19:07 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" en la línea 3. El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
del atributo "version" del elemento "assemblyIdentity" no es válido.

[ Hewlett-Packard Events ]
Error - 07/07/2012 7:11:52 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 21/07/2012 8:33:33 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 25/08/2012 10:30:14 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 01/09/2012 9:27:35 | Computer Name = usuaria-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

en HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

en HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
El objeto '/5724be89_fc37_4ff9_8720_2e995076e4d6/lzdfk24fml2qoonod_kyts6a_5.rem'
se desconectó o no existe en el servidor. Name: hpsa_service.exe Version: 06.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
es-ES RAM: 3893 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

Error - 04/10/2012 2:18:36 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/11/2012 11:02:42 | Computer Name = usuaria-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

en HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

en HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
El objeto '/92d7dd3c_9a95_4855_8e81_d7ebe9a8b022/ok7x6zwn7rtup9jjswp7tequ_5.rem'
se desconectó o no existe en el servidor. Name: hpsa_service.exe Version: 06.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
es-ES RAM: 3893 Ram Utilization: 60 TargetSite: Void UpdateDetail(System.String)

Error - 17/11/2012 4:11:17 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 01/12/2012 4:38:34 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 08/12/2012 7:16:37 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 30/12/2012 12:37:37 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 en HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Referencia a objeto no establecida como instancia de un objeto. StackTrace: en
HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: es-ES RAM: 3893
Ram
Utilization: 50 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


[ HP Wireless Assistant Events ]
Error - 06/09/2012 19:51:43 | Computer Name = usuaria-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 en HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) en HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 03/01/2013 12:22:33 | Computer Name = usuaria-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 en HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) en HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]
Error - 02/01/2013 17:54:27 | Computer Name = usuaria-HP | Source = BROWSER | ID = 8032
Description =

Error - 03/01/2013 12:22:13 | Computer Name = usuaria-HP | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
del servicio iphlpsvc.

Error - 03/01/2013 19:37:52 | Computer Name = usuaria-HP | Source = bowser | ID = 8003
Description =

Error - 03/01/2013 19:40:43 | Computer Name = usuaria-HP | Source = bowser | ID = 8003
Description =

Error - 03/01/2013 20:07:19 | Computer Name = usuaria-HP | Source = EventLog | ID = 6008
Description = El cierre anterior del sistema a las 1:06:04 del ?04/?01/?2013 resultó
inesperado.

Error - 03/01/2013 22:44:12 | Computer Name = usuaria-HP | Source = bowser | ID = 8003
Description =

Error - 04/01/2013 11:32:15 | Computer Name = usuaria-HP | Source = DCOM | ID = 10010
Description =

Error - 04/01/2013 11:32:46 | Computer Name = usuaria-HP | Source = DCOM | ID = 10010
Description =

Error - 04/01/2013 11:40:19 | Computer Name = usuaria-HP | Source = bowser | ID = 8003
Description =

Error - 04/01/2013 13:34:48 | Computer Name = usuaria-HP | Source = EventLog | ID = 6008
Description = El cierre anterior del sistema a las 18:33:38 del ?04/?01/?2013 resultó
inesperado.


< End of report >

Danach habe ich GMER runtergeladen, bin offline gegangen, habe Avira deaktiviert und GMER laufen lassen. Leider ist nach kurzer Zeit, ca. 2 min. alles gecrashed und ein Notfall Reboot gelaufen, ohne das ich etwas tun konnte (ohne Frage yes or no meine ich). Was soll ich jetzt tun? Gmer noch mal laufen lassen??

Danke im voraus Sissy

Alt 04.01.2013, 20:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



Hallo und

Zitat:
Habe Avira als Antivirus programm. Dort sind die folgenden Dateien im Quarantäne file:
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 06.01.2013, 00:54   #3
buggerlux
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



Hallo Cosinus,
wow ihr seit echt schnell..erst mal vielen Dank für die schnelle..ehmm Rüge.. ..tut mir echt leid, habe ich offensichtlich nicht gleich verstanden, das ich die Aviralogs auch posten soll.. sorry, tut mir leid..ich gebe mir alle Mühe , aber ich bin etwas schwerfällig mit dieser Materie..hab bitte Geduld mit mir,ok?

Habe jetzt hoffentlich die Logs von Avira als Text Datei, hoffe, das ist ok??

Habe noch keinen Zipper auf meinem neuen Laptop, noch nicht geschafft zu downloaden..hoffe, das macht nicht noch mehr Arbeit für dich..

Die Frage jetzt, soll ich die Textdatei als Anhang oder copy paste senden???
Ahhhh, sorry als Code tag.. bin blond, sorry

Hoffe, das hat richtig funktioniert..

Vielen Dank und ach ja..gesundes und erfolgreiches neues Jahr Cosinus
_________________________________________________________________

Code:
ATTFilter
Exportierte Ereignisse:

28/12/2012 12:51 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\usuaria\Desktop\Sissy\Store n go\Magic Ball 
      2\MagicBall2.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
      Die Quelldatei konnte nicht gefunden werden.
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
      Die Datei existiert nicht!

28/12/2012 12:48 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\usuaria\Desktop\Sissy\Store n go\Magic Ball 
      2\MagicBall2.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5a2417b6.qua' 
      verschoben!

28/12/2012 7:24 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\usuaria\Desktop\Sissy\Store n go\Magic Ball 
      2\MagicBall2.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

08/12/2012 21:32 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\usuaria\Downloads\ONLINE.LLOYDSTSB.CO.UK-PERSONAL-LOGON-LOGIN.JSPWT.AC
      =HPIBLOGON.HTML'
      enthielt einen Virus oder unerwünschtes Programm 'PHISH/Lloydstsb.B.2' 
      [phishing].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58173a31.qua' 
      verschoben!

08/12/2012 21:31 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\Users\usuaria\Downloads\ONLINE.LLOYDSTSB.CO.UK-PERSONAL-LOGON-LOGIN.JSPWT.AC
      =HPIBLOGON.HTML'
      wurde ein Virus oder unerwünschtes Programm 'PHISH/Lloydstsb.B.2' [phishing] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         
__________________

Geändert von buggerlux (06.01.2013 um 01:08 Uhr)

Alt 06.01.2013, 01:24   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



Code:
ATTFilter
C:\Users\usuaria\Desktop\Sissy\Store n go\Magic Ball 2\MagicBall2.exe
C:\Users\usuaria\Downloads\ONLINE.LLOYDSTSB.CO.UK-PERSONAL-LOGON-LOGIN.JSPWT.AC
         
Was genau soll das sein? Quelle?
Was hat das zweite im Downloadordner zu suchen? Wenn es da ist, müsstest du es ja selbst runtergeladen haben
__________________
Logs bitte immer in CODE-Tags posten

Alt 06.01.2013, 20:09   #5
buggerlux
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



Hi Cosinus,
ich glaube das ist ein USB stick, store n go, von dem wir ein Spiel runtergeladen haben, Magic ball 2. Jetzt verstehe ich auch warum alle unsere Laptops infiziert wurden, obwohl wir alle Avira / Mc Affee auf dem Laptop haben, da wir alle das Spiel von dem USB runtergeladen haben.

Wie kann ich den infizierten USB stick behandeln, um den Virus zu löschen??

Zum Thema Downloads, ich weiss nicht wann und wie ich das Programm runtergeladen habe..leider..eigentlich bin ich sehr vorsichtig mit Downloads..vielleicht war das als Anhang irgendwo dabei??

Danke erstmal Sissy


Geändert von buggerlux (06.01.2013 um 20:14 Uhr)

Alt 07.01.2013, 20:28   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Virenfunde in Quarantäne file von Avira

Alt 07.01.2013, 21:57   #7
buggerlux
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



Hallo Cosinus,

ich habe das Malwarebytes Antirootkit runtergeladen, gespeichert auf dem Desktop und mbar.exe gestartet und folgende Fehlermeldung bekommen:

mbar.exe-Systemfehler

Das Programm kann leider nicht gestartet werden, da QtGui4.dll im Computer fehlt. Bitte reinstallieren Sie dieses Programm, um dieses Problem zu korrigieren..oder so ähnlich, ist leider in spanisch..

Was nun?
Gruss Sissy

Alt 07.01.2013, 21:59   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



Überspringen wir MBAR erstmal

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logs bitte immer in CODE-Tags posten

Alt 07.01.2013, 22:13   #9
buggerlux
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



während des scans von aswmbr online bleiben oder offline? wegen dem ausgeschalteten avira, weisst du?

Alt 07.01.2013, 22:22   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



Online bleiben! Schädlinge fliegen nicht einfach so auf deinem Rechner
__________________
Logs bitte immer in CODE-Tags posten

Alt 07.01.2013, 22:38   #11
buggerlux
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-07 23:08:04
-----------------------------
23:08:04.386    OS Version: Windows x64 6.1.7600 
23:08:04.386    Number of processors: 4 586 0x2505
23:08:04.388    ComputerName: USUARIA-HP  UserName: usuaria
23:08:09.485    Initialize success
23:10:25.040    AVAST engine defs: 13010700
23:10:44.986    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:10:44.991    Disk 0 Vendor: ST932042 0006 Size: 305245MB BusType: 3
23:10:45.005    Disk 0 MBR read successfully
23:10:45.009    Disk 0 MBR scan
23:10:45.016    Disk 0 unknown MBR code
23:10:45.023    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
23:10:45.038    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       287800 MB offset 409600
23:10:45.073    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        17141 MB offset 589824000
23:10:45.092    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 624928768
23:10:45.133    Disk 0 scanning C:\Windows\system32\drivers
23:10:56.102    Service scanning
23:11:18.379    Modules scanning
23:11:18.396    Disk 0 trace - called modules:
23:11:18.750    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
23:11:18.760    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fdd060]
23:11:18.770    3 CLASSPNP.SYS[fffff88001ae943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f3e050]
23:11:22.292    AVAST engine scan C:\Windows
23:11:24.455    AVAST engine scan C:\Windows\system32
23:14:35.778    AVAST engine scan C:\Windows\system32\drivers
23:14:48.790    AVAST engine scan C:\Users\usuaria
23:28:09.388    AVAST engine scan C:\ProgramData
23:31:21.169    Scan finished successfully
23:31:56.432    Disk 0 MBR has been saved successfully to "C:\Users\usuaria\Desktop\MBR.dat"
23:31:56.437    The log file has been saved successfully to "C:\Users\usuaria\Desktop\aswMBR.txt"
         
Code:
ATTFilter
00:10:40.0754 7060  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:10:42.0760 7060  ============================================================
00:10:42.0761 7060  Current date / time: 2013/01/08 00:10:42.0760
00:10:42.0761 7060  SystemInfo:
00:10:42.0761 7060  
00:10:42.0761 7060  OS Version: 6.1.7600 ServicePack: 0.0
00:10:42.0761 7060  Product type: Workstation
00:10:42.0761 7060  ComputerName: USUARIA-HP
00:10:42.0761 7060  UserName: usuaria
00:10:42.0761 7060  Windows directory: C:\Windows
00:10:42.0761 7060  System windows directory: C:\Windows
00:10:42.0761 7060  Running under WOW64
00:10:42.0761 7060  Processor architecture: Intel x64
00:10:42.0761 7060  Number of processors: 4
00:10:42.0761 7060  Page size: 0x1000
00:10:42.0761 7060  Boot type: Normal boot
00:10:42.0761 7060  ============================================================
00:10:43.0416 7060  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:10:43.0513 7060  ============================================================
00:10:43.0513 7060  \Device\Harddisk0\DR0:
00:10:43.0523 7060  MBR partitions:
00:10:43.0523 7060  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
00:10:43.0523 7060  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x2321C000
00:10:43.0523 7060  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23280000, BlocksNum 0x217A800
00:10:43.0523 7060  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
00:10:43.0523 7060  ============================================================
00:10:43.0575 7060  C: <-> \Device\Harddisk0\DR0\Partition2
00:10:43.0622 7060  D: <-> \Device\Harddisk0\DR0\Partition3
00:10:43.0622 7060  ============================================================
00:10:43.0622 7060  Initialize success
00:10:43.0622 7060  ============================================================
00:12:47.0472 6016  ============================================================
00:12:47.0472 6016  Scan started
00:12:47.0472 6016  Mode: Manual; SigCheck; TDLFS; 
00:12:47.0472 6016  ============================================================
00:12:47.0870 6016  ================ Scan system memory ========================
00:12:47.0870 6016  System memory - ok
00:12:47.0870 6016  ================ Scan services =============================
00:12:48.0018 6016  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
00:12:48.0150 6016  1394ohci - ok
00:12:48.0172 6016  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
00:12:48.0196 6016  ACPI - ok
00:12:48.0209 6016  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
00:12:48.0269 6016  AcpiPmi - ok
00:12:48.0425 6016  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:12:48.0450 6016  AdobeFlashPlayerUpdateSvc - ok
00:12:48.0501 6016  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
00:12:48.0529 6016  adp94xx - ok
00:12:48.0562 6016  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
00:12:48.0597 6016  adpahci - ok
00:12:48.0641 6016  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
00:12:48.0658 6016  adpu320 - ok
00:12:48.0677 6016  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:12:48.0831 6016  AeLookupSvc - ok
00:12:48.0913 6016  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
00:12:48.0934 6016  AERTFilters - ok
00:12:49.0002 6016  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
00:12:49.0069 6016  AFD - ok
00:12:49.0126 6016  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
00:12:49.0224 6016  AgereSoftModem - ok
00:12:49.0250 6016  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
00:12:49.0272 6016  agp440 - ok
00:12:49.0312 6016  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
00:12:49.0370 6016  ALG - ok
00:12:49.0405 6016  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
00:12:49.0422 6016  aliide - ok
00:12:49.0442 6016  [ CC180E1E0700995340C838BC1A729577 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:12:49.0474 6016  AMD External Events Utility - ok
00:12:49.0499 6016  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
00:12:49.0515 6016  amdide - ok
00:12:49.0532 6016  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
00:12:49.0564 6016  AmdK8 - ok
00:12:49.0724 6016  [ 8155EA1864D1FA8B168C46C41ED97A76 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
00:12:49.0928 6016  amdkmdag - ok
00:12:49.0953 6016  [ 4841C7AF2BAC05AE23955D65B4336446 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
00:12:49.0993 6016  amdkmdap - ok
00:12:50.0012 6016  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
00:12:50.0029 6016  AmdPPM - ok
00:12:50.0072 6016  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:12:50.0101 6016  amdsata - ok
00:12:50.0126 6016  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
00:12:50.0155 6016  amdsbs - ok
00:12:50.0184 6016  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:12:50.0210 6016  amdxata - ok
00:12:50.0323 6016  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:12:50.0342 6016  AntiVirSchedulerService - ok
00:12:50.0353 6016  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:12:50.0367 6016  AntiVirService - ok
00:12:50.0390 6016  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
00:12:50.0480 6016  AppID - ok
00:12:50.0505 6016  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:12:50.0577 6016  AppIDSvc - ok
00:12:50.0595 6016  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
00:12:50.0631 6016  Appinfo - ok
00:12:50.0652 6016  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
00:12:50.0666 6016  arc - ok
00:12:50.0685 6016  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
00:12:50.0700 6016  arcsas - ok
00:12:50.0721 6016  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:12:50.0786 6016  AsyncMac - ok
00:12:50.0813 6016  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
00:12:50.0825 6016  atapi - ok
00:12:50.0862 6016  [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
00:12:50.0882 6016  AtiHdmiService - ok
00:12:50.0921 6016  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:12:51.0030 6016  AudioEndpointBuilder - ok
00:12:51.0052 6016  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:12:51.0098 6016  AudioSrv - ok
00:12:51.0127 6016  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
00:12:51.0139 6016  avgntflt - ok
00:12:51.0170 6016  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
00:12:51.0198 6016  avipbb - ok
00:12:51.0225 6016  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
00:12:51.0247 6016  avkmgr - ok
00:12:51.0287 6016  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:12:51.0335 6016  AxInstSV - ok
00:12:51.0376 6016  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
00:12:51.0428 6016  b06bdrv - ok
00:12:51.0449 6016  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:12:51.0481 6016  b57nd60a - ok
00:12:51.0595 6016  [ 810BE94A9E42309B3F74217AC28BC6AC ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
00:12:51.0708 6016  BCM43XX - ok
00:12:51.0742 6016  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:12:51.0790 6016  BDESVC - ok
00:12:51.0813 6016  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:12:51.0878 6016  Beep - ok
00:12:51.0912 6016  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
00:12:51.0989 6016  BFE - ok
00:12:52.0038 6016  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
00:12:52.0131 6016  BITS - ok
00:12:52.0166 6016  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:12:52.0195 6016  blbdrive - ok
00:12:52.0241 6016  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:12:52.0298 6016  bowser - ok
00:12:52.0317 6016  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:12:52.0356 6016  BrFiltLo - ok
00:12:52.0368 6016  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:12:52.0387 6016  BrFiltUp - ok
00:12:52.0425 6016  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
00:12:52.0472 6016  Browser - ok
00:12:52.0499 6016  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:12:52.0539 6016  Brserid - ok
00:12:52.0552 6016  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:12:52.0588 6016  BrSerWdm - ok
00:12:52.0602 6016  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:12:52.0626 6016  BrUsbMdm - ok
00:12:52.0640 6016  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:12:52.0664 6016  BrUsbSer - ok
00:12:52.0676 6016  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
00:12:52.0697 6016  BTHMODEM - ok
00:12:52.0729 6016  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
00:12:52.0790 6016  bthserv - ok
00:12:52.0808 6016  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:12:52.0852 6016  cdfs - ok
00:12:52.0887 6016  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:12:52.0927 6016  cdrom - ok
00:12:52.0958 6016  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
00:12:53.0023 6016  CertPropSvc - ok
00:12:53.0036 6016  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
00:12:53.0063 6016  circlass - ok
00:12:53.0092 6016  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
00:12:53.0113 6016  CLFS - ok
00:12:53.0179 6016  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:12:53.0202 6016  clr_optimization_v2.0.50727_32 - ok
00:12:53.0268 6016  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:12:53.0293 6016  clr_optimization_v2.0.50727_64 - ok
00:12:53.0380 6016  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:12:53.0407 6016  clr_optimization_v4.0.30319_32 - ok
00:12:53.0449 6016  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:12:53.0474 6016  clr_optimization_v4.0.30319_64 - ok
00:12:53.0519 6016  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:12:53.0555 6016  CmBatt - ok
00:12:53.0605 6016  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
00:12:53.0631 6016  cmdide - ok
00:12:53.0692 6016  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
00:12:53.0772 6016  CNG - ok
00:12:53.0786 6016  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:12:53.0807 6016  Compbatt - ok
00:12:53.0826 6016  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
00:12:53.0853 6016  CompositeBus - ok
00:12:53.0857 6016  COMSysApp - ok
00:12:53.0874 6016  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
00:12:53.0889 6016  crcdisk - ok
00:12:53.0933 6016  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:12:53.0977 6016  CryptSvc - ok
00:12:54.0106 6016  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:12:54.0148 6016  cvhsvc - ok
00:12:54.0178 6016  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:12:54.0244 6016  DcomLaunch - ok
00:12:54.0272 6016  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
00:12:54.0320 6016  defragsvc - ok
00:12:54.0355 6016  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:12:54.0402 6016  DfsC - ok
00:12:54.0433 6016  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:12:54.0545 6016  Dhcp - ok
00:12:54.0571 6016  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
00:12:54.0631 6016  discache - ok
00:12:54.0660 6016  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
00:12:54.0673 6016  Disk - ok
00:12:54.0710 6016  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:12:54.0764 6016  Dnscache - ok
00:12:54.0785 6016  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
00:12:54.0857 6016  dot3svc - ok
00:12:54.0912 6016  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
00:12:54.0954 6016  Dot4 - ok
00:12:55.0007 6016  [ 85135AD27E79B689335C08167D917CDE ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:12:55.0050 6016  Dot4Print - ok
00:12:55.0066 6016  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
00:12:55.0098 6016  dot4usb - ok
00:12:55.0114 6016  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
00:12:55.0173 6016  DPS - ok
00:12:55.0192 6016  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:12:55.0209 6016  drmkaud - ok
00:12:55.0245 6016  [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:12:55.0296 6016  DXGKrnl - ok
00:12:55.0321 6016  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
00:12:55.0379 6016  EapHost - ok
00:12:55.0462 6016  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
00:12:55.0554 6016  ebdrv - ok
00:12:55.0581 6016  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
00:12:55.0615 6016  EFS - ok
00:12:55.0682 6016  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:12:55.0734 6016  ehRecvr - ok
00:12:55.0760 6016  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
00:12:55.0789 6016  ehSched - ok
00:12:55.0818 6016  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
00:12:55.0858 6016  elxstor - ok
00:12:55.0871 6016  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
00:12:55.0884 6016  ErrDev - ok
00:12:55.0919 6016  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
00:12:55.0973 6016  EventSystem - ok
00:12:56.0002 6016  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
00:12:56.0059 6016  exfat - ok
00:12:56.0075 6016  ezSharedSvc - ok
00:12:56.0090 6016  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:12:56.0151 6016  fastfat - ok
00:12:56.0183 6016  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
00:12:56.0239 6016  Fax - ok
00:12:56.0250 6016  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
00:12:56.0280 6016  fdc - ok
00:12:56.0292 6016  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:12:56.0339 6016  fdPHost - ok
00:12:56.0364 6016  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:12:56.0408 6016  FDResPub - ok
00:12:56.0420 6016  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:12:56.0433 6016  FileInfo - ok
00:12:56.0443 6016  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:12:56.0487 6016  Filetrace - ok
00:12:56.0501 6016  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:12:56.0513 6016  flpydisk - ok
00:12:56.0546 6016  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:12:56.0578 6016  FltMgr - ok
00:12:56.0613 6016  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache       C:\Windows\system32\FntCache.dll
00:12:56.0695 6016  FontCache - ok
00:12:56.0730 6016  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:12:56.0740 6016  FontCache3.0.0.0 - ok
00:12:56.0751 6016  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:12:56.0765 6016  FsDepends - ok
00:12:56.0822 6016  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
00:12:56.0843 6016  fssfltr - ok
00:12:56.0957 6016  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:12:57.0034 6016  fsssvc - ok
00:12:57.0072 6016  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:12:57.0085 6016  Fs_Rec - ok
00:12:57.0117 6016  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:12:57.0138 6016  fvevol - ok
00:12:57.0158 6016  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
00:12:57.0173 6016  gagp30kx - ok
00:12:57.0235 6016  [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
00:12:57.0263 6016  GameConsoleService - ok
00:12:57.0304 6016  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
00:12:57.0358 6016  gpsvc - ok
00:12:57.0414 6016  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:12:57.0425 6016  gupdate - ok
00:12:57.0439 6016  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:12:57.0449 6016  gupdatem - ok
00:12:57.0504 6016  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
00:12:57.0524 6016  hamachi - ok
00:12:57.0653 6016  [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
00:12:57.0713 6016  Hamachi2Svc - ok
00:12:57.0731 6016  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:12:57.0764 6016  hcw85cir - ok
00:12:57.0791 6016  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:12:57.0824 6016  HdAudAddService - ok
00:12:57.0849 6016  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:12:57.0881 6016  HDAudBus - ok
00:12:57.0916 6016  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
00:12:57.0928 6016  HECIx64 - ok
00:12:57.0945 6016  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
00:12:57.0969 6016  HidBatt - ok
00:12:57.0990 6016  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
00:12:58.0020 6016  HidBth - ok
00:12:58.0035 6016  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
00:12:58.0067 6016  HidIr - ok
00:12:58.0094 6016  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
00:12:58.0177 6016  hidserv - ok
00:12:58.0202 6016  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:12:58.0226 6016  HidUsb - ok
00:12:58.0245 6016  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:12:58.0304 6016  hkmsvc - ok
00:12:58.0325 6016  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:12:58.0352 6016  HomeGroupListener - ok
00:12:58.0373 6016  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:12:58.0390 6016  HomeGroupProvider - ok
00:12:58.0473 6016  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
00:12:58.0495 6016  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
00:12:58.0495 6016  HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
00:12:58.0544 6016  [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
00:12:58.0561 6016  HP Wireless Assistant Service - ok
00:12:58.0673 6016  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:12:58.0697 6016  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
00:12:58.0697 6016  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
00:12:58.0721 6016  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:12:58.0738 6016  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
00:12:58.0738 6016  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
00:12:58.0812 6016  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
00:12:58.0865 6016  hpqwmiex - ok
00:12:58.0891 6016  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
00:12:58.0905 6016  HpSAMD - ok
00:12:58.0962 6016  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
00:12:59.0026 6016  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
00:12:59.0027 6016  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
00:12:59.0098 6016  [ 9DF9CF7840A3A99F2FFD614F0A13F2F9 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
00:12:59.0115 6016  HPWMISVC - ok
00:12:59.0143 6016  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:12:59.0218 6016  HTTP - ok
00:12:59.0241 6016  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:12:59.0252 6016  hwpolicy - ok
00:12:59.0274 6016  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
00:12:59.0294 6016  i8042prt - ok
00:12:59.0318 6016  [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
00:12:59.0337 6016  iaStor - ok
00:12:59.0384 6016  [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
00:12:59.0395 6016  IAStorDataMgrSvc - ok
00:12:59.0433 6016  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:12:59.0460 6016  iaStorV - ok
00:12:59.0512 6016  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:12:59.0576 6016  idsvc - ok
00:12:59.0803 6016  [ FBACBED7A37B3223822470FF1D8EA00F ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
00:13:00.0093 6016  igfx - ok
00:13:00.0119 6016  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
00:13:00.0132 6016  iirsp - ok
00:13:00.0175 6016  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
00:13:00.0281 6016  IKEEXT - ok
00:13:00.0356 6016  [ E76FDFFF07F8A2FA81FF250DDA0F6BBA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:13:00.0455 6016  IntcAzAudAddService - ok
00:13:00.0472 6016  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
00:13:00.0484 6016  intelide - ok
00:13:00.0675 6016  [ FBACBED7A37B3223822470FF1D8EA00F ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
00:13:00.0935 6016  intelkmd - ok
00:13:00.0953 6016  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:13:00.0979 6016  intelppm - ok
00:13:00.0995 6016  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:13:01.0047 6016  IPBusEnum - ok
00:13:01.0060 6016  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:13:01.0102 6016  IpFilterDriver - ok
00:13:01.0120 6016  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:13:01.0172 6016  iphlpsvc - ok
00:13:01.0183 6016  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:13:01.0197 6016  IPMIDRV - ok
00:13:01.0202 6016  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:13:01.0253 6016  IPNAT - ok
00:13:01.0276 6016  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:13:01.0294 6016  IRENUM - ok
00:13:01.0304 6016  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
00:13:01.0316 6016  isapnp - ok
00:13:01.0336 6016  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
00:13:01.0352 6016  iScsiPrt - ok
00:13:01.0373 6016  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:13:01.0386 6016  kbdclass - ok
00:13:01.0399 6016  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:13:01.0430 6016  kbdhid - ok
00:13:01.0447 6016  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
00:13:01.0461 6016  KeyIso - ok
00:13:01.0499 6016  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:13:01.0516 6016  KSecDD - ok
00:13:01.0538 6016  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:13:01.0554 6016  KSecPkg - ok
00:13:01.0574 6016  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:13:01.0627 6016  ksthunk - ok
00:13:01.0654 6016  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:13:01.0710 6016  KtmRm - ok
00:13:01.0750 6016  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:13:01.0790 6016  LanmanServer - ok
00:13:01.0821 6016  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:13:01.0901 6016  LanmanWorkstation - ok
00:13:01.0955 6016  [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:13:01.0972 6016  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
00:13:01.0972 6016  LightScribeService - detected UnsignedFile.Multi.Generic (1)
00:13:01.0996 6016  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:13:02.0052 6016  lltdio - ok
00:13:02.0084 6016  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:13:02.0143 6016  lltdsvc - ok
00:13:02.0157 6016  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:13:02.0207 6016  lmhosts - ok
00:13:02.0260 6016  [ DBC1136A62BD4DECC3632DF650284C2E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:13:02.0284 6016  LMS - ok
00:13:02.0314 6016  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
00:13:02.0336 6016  LSI_FC - ok
00:13:02.0349 6016  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
00:13:02.0370 6016  LSI_SAS - ok
00:13:02.0382 6016  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:13:02.0399 6016  LSI_SAS2 - ok
00:13:02.0416 6016  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:13:02.0431 6016  LSI_SCSI - ok
00:13:02.0457 6016  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
00:13:02.0509 6016  luafv - ok
00:13:02.0548 6016  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
00:13:02.0568 6016  MBAMProtector - ok
00:13:02.0613 6016  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:13:02.0640 6016  MBAMScheduler - ok
00:13:02.0673 6016  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:13:02.0710 6016  MBAMService - ok
00:13:02.0728 6016  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:13:02.0745 6016  Mcx2Svc - ok
00:13:02.0761 6016  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
00:13:02.0775 6016  megasas - ok
00:13:02.0794 6016  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
00:13:02.0813 6016  MegaSR - ok
00:13:02.0838 6016  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
00:13:02.0883 6016  MMCSS - ok
00:13:02.0896 6016  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
00:13:02.0944 6016  Modem - ok
00:13:02.0966 6016  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:13:02.0999 6016  monitor - ok
00:13:03.0026 6016  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:13:03.0041 6016  mouclass - ok
00:13:03.0054 6016  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:13:03.0070 6016  mouhid - ok
00:13:03.0096 6016  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:13:03.0111 6016  mountmgr - ok
00:13:03.0118 6016  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
00:13:03.0135 6016  mpio - ok
00:13:03.0155 6016  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:13:03.0203 6016  mpsdrv - ok
00:13:03.0225 6016  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:13:03.0295 6016  MpsSvc - ok
00:13:03.0311 6016  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:13:03.0380 6016  MRxDAV - ok
00:13:03.0417 6016  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:13:03.0444 6016  mrxsmb - ok
00:13:03.0459 6016  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:13:03.0492 6016  mrxsmb10 - ok
00:13:03.0522 6016  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:13:03.0560 6016  mrxsmb20 - ok
00:13:03.0582 6016  [ 5E939CF91EA4A841DBAFE4627E0292BB ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
00:13:03.0601 6016  msahci - ok
00:13:03.0609 6016  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
00:13:03.0628 6016  msdsm - ok
00:13:03.0643 6016  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
00:13:03.0675 6016  MSDTC - ok
00:13:03.0693 6016  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:13:03.0737 6016  Msfs - ok
00:13:03.0762 6016  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:13:03.0841 6016  mshidkmdf - ok
00:13:03.0853 6016  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
00:13:03.0865 6016  msisadrv - ok
00:13:03.0892 6016  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:13:03.0938 6016  MSiSCSI - ok
00:13:03.0941 6016  msiserver - ok
00:13:03.0963 6016  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:13:04.0017 6016  MSKSSRV - ok
00:13:04.0028 6016  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:13:04.0082 6016  MSPCLOCK - ok
00:13:04.0096 6016  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:13:04.0151 6016  MSPQM - ok
00:13:04.0174 6016  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:13:04.0194 6016  MsRPC - ok
00:13:04.0210 6016  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:13:04.0222 6016  mssmbios - ok
00:13:04.0235 6016  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:13:04.0288 6016  MSTEE - ok
00:13:04.0307 6016  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
00:13:04.0330 6016  MTConfig - ok
00:13:04.0343 6016  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:13:04.0357 6016  Mup - ok
00:13:04.0386 6016  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
00:13:04.0453 6016  napagent - ok
00:13:04.0489 6016  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:13:04.0529 6016  NativeWifiP - ok
00:13:04.0559 6016  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:13:04.0606 6016  NDIS - ok
00:13:04.0618 6016  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:13:04.0674 6016  NdisCap - ok
00:13:04.0697 6016  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:13:04.0741 6016  NdisTapi - ok
00:13:04.0751 6016  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:13:04.0796 6016  Ndisuio - ok
00:13:04.0806 6016  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:13:04.0852 6016  NdisWan - ok
00:13:04.0866 6016  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:13:04.0921 6016  NDProxy - ok
00:13:04.0958 6016  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:13:04.0973 6016  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:13:04.0973 6016  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:13:04.0990 6016  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:13:05.0049 6016  NetBIOS - ok
00:13:05.0065 6016  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:13:05.0110 6016  NetBT - ok
00:13:05.0136 6016  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
00:13:05.0147 6016  Netlogon - ok
00:13:05.0183 6016  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
00:13:05.0269 6016  Netman - ok
00:13:05.0292 6016  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
00:13:05.0356 6016  netprofm - ok
00:13:05.0383 6016  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:13:05.0396 6016  NetTcpPortSharing - ok
00:13:05.0522 6016  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
00:13:05.0705 6016  netw5v64 - ok
00:13:05.0731 6016  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
00:13:05.0745 6016  nfrd960 - ok
00:13:05.0760 6016  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:13:05.0817 6016  NlaSvc - ok
00:13:05.0836 6016  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:13:05.0880 6016  Npfs - ok
00:13:05.0902 6016  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
00:13:05.0943 6016  nsi - ok
00:13:05.0947 6016  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:13:06.0005 6016  nsiproxy - ok
00:13:06.0073 6016  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:13:06.0160 6016  Ntfs - ok
00:13:06.0168 6016  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
00:13:06.0220 6016  Null - ok
00:13:06.0262 6016  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:13:06.0294 6016  nvraid - ok
00:13:06.0334 6016  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:13:06.0354 6016  nvstor - ok
00:13:06.0366 6016  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
00:13:06.0384 6016  nv_agp - ok
00:13:06.0401 6016  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
00:13:06.0419 6016  ohci1394 - ok
00:13:06.0455 6016  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:13:06.0472 6016  ose - ok
00:13:06.0631 6016  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:13:06.0750 6016  osppsvc - ok
00:13:06.0782 6016  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:13:06.0826 6016  p2pimsvc - ok
00:13:06.0845 6016  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:13:06.0867 6016  p2psvc - ok
00:13:06.0883 6016  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
00:13:06.0900 6016  Parport - ok
00:13:06.0937 6016  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:13:06.0952 6016  partmgr - ok
00:13:06.0967 6016  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:13:07.0007 6016  PcaSvc - ok
00:13:07.0022 6016  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
00:13:07.0040 6016  pci - ok
00:13:07.0051 6016  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
00:13:07.0065 6016  pciide - ok
00:13:07.0077 6016  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
00:13:07.0096 6016  pcmcia - ok
00:13:07.0106 6016  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:13:07.0119 6016  pcw - ok
00:13:07.0137 6016  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:13:07.0198 6016  PEAUTH - ok
00:13:07.0263 6016  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:13:07.0279 6016  PerfHost - ok
00:13:07.0321 6016  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
00:13:07.0414 6016  pla - ok
00:13:07.0463 6016  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:13:07.0519 6016  PlugPlay - ok
00:13:07.0545 6016  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:13:07.0561 6016  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:13:07.0561 6016  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:13:07.0577 6016  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:13:07.0594 6016  PNRPAutoReg - ok
00:13:07.0608 6016  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:13:07.0626 6016  PNRPsvc - ok
00:13:07.0658 6016  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:13:07.0711 6016  PolicyAgent - ok
00:13:07.0737 6016  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
00:13:07.0790 6016  Power - ok
00:13:07.0819 6016  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:13:07.0899 6016  PptpMiniport - ok
00:13:07.0913 6016  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
00:13:07.0937 6016  Processor - ok
00:13:07.0975 6016  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
00:13:08.0031 6016  ProfSvc - ok
00:13:08.0040 6016  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:13:08.0055 6016  ProtectedStorage - ok
00:13:08.0073 6016  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:13:08.0122 6016  Psched - ok
00:13:08.0161 6016  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
00:13:08.0224 6016  ql2300 - ok
00:13:08.0239 6016  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
00:13:08.0253 6016  ql40xx - ok
00:13:08.0273 6016  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
00:13:08.0296 6016  QWAVE - ok
00:13:08.0304 6016  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:13:08.0332 6016  QWAVEdrv - ok
00:13:08.0348 6016  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:13:08.0389 6016  RasAcd - ok
00:13:08.0419 6016  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:13:08.0460 6016  RasAgileVpn - ok
00:13:08.0476 6016  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
00:13:08.0528 6016  RasAuto - ok
00:13:08.0539 6016  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:13:08.0596 6016  Rasl2tp - ok
00:13:08.0648 6016  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
00:13:08.0739 6016  RasMan - ok
00:13:08.0753 6016  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:13:08.0796 6016  RasPppoe - ok
00:13:08.0811 6016  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:13:08.0864 6016  RasSstp - ok
00:13:08.0883 6016  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:13:08.0938 6016  rdbss - ok
00:13:08.0956 6016  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:13:08.0973 6016  rdpbus - ok
00:13:08.0989 6016  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:13:09.0029 6016  RDPCDD - ok
00:13:09.0050 6016  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:13:09.0102 6016  RDPENCDD - ok
00:13:09.0116 6016  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:13:09.0173 6016  RDPREFMP - ok
00:13:09.0206 6016  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:13:09.0243 6016  RDPWD - ok
00:13:09.0253 6016  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:13:09.0271 6016  rdyboost - ok
00:13:09.0290 6016  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:13:09.0334 6016  RemoteAccess - ok
00:13:09.0360 6016  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:13:09.0414 6016  RemoteRegistry - ok
00:13:09.0432 6016  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:13:09.0487 6016  RpcEptMapper - ok
00:13:09.0513 6016  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
00:13:09.0554 6016  RpcLocator - ok
00:13:09.0584 6016  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
00:13:09.0641 6016  RpcSs - ok
00:13:09.0650 6016  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:13:09.0701 6016  rspndr - ok
00:13:09.0758 6016  [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
00:13:09.0786 6016  RSUSBSTOR - ok
00:13:09.0819 6016  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
00:13:09.0840 6016  RTL8167 - ok
00:13:09.0890 6016  [ FEBFB5730E12F62CA38F86A066E7348D ] RtVOsdService   C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
00:13:09.0912 6016  RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
00:13:09.0912 6016  RtVOsdService - detected UnsignedFile.Multi.Generic (1)
00:13:09.0929 6016  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
00:13:09.0953 6016  SamSs - ok
00:13:09.0964 6016  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
00:13:09.0978 6016  sbp2port - ok
00:13:10.0002 6016  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:13:10.0049 6016  SCardSvr - ok
00:13:10.0059 6016  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:13:10.0109 6016  scfilter - ok
00:13:10.0162 6016  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
00:13:10.0240 6016  Schedule - ok
00:13:10.0268 6016  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:13:10.0320 6016  SCPolicySvc - ok
00:13:10.0345 6016  [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
00:13:10.0371 6016  sdbus - ok
00:13:10.0389 6016  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:13:10.0434 6016  SDRSVC - ok
00:13:10.0450 6016  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:13:10.0497 6016  secdrv - ok
00:13:10.0505 6016  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
00:13:10.0561 6016  seclogon - ok
00:13:10.0576 6016  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
00:13:10.0629 6016  SENS - ok
00:13:10.0653 6016  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:13:10.0678 6016  SensrSvc - ok
00:13:10.0694 6016  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:13:10.0709 6016  Serenum - ok
00:13:10.0721 6016  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:13:10.0738 6016  Serial - ok
00:13:10.0756 6016  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
00:13:10.0786 6016  sermouse - ok
00:13:10.0811 6016  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
00:13:10.0860 6016  SessionEnv - ok
00:13:10.0869 6016  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
00:13:10.0904 6016  sffdisk - ok
00:13:10.0922 6016  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:13:10.0943 6016  sffp_mmc - ok
00:13:10.0970 6016  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
00:13:10.0993 6016  sffp_sd - ok
00:13:11.0005 6016  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
00:13:11.0020 6016  sfloppy - ok
00:13:11.0060 6016  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
00:13:11.0098 6016  Sftfs - ok
00:13:11.0176 6016  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:13:11.0216 6016  sftlist - ok
00:13:11.0227 6016  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:13:11.0244 6016  Sftplay - ok
00:13:11.0258 6016  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:13:11.0269 6016  Sftredir - ok
00:13:11.0275 6016  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
00:13:11.0286 6016  Sftvol - ok
00:13:11.0297 6016  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:13:11.0312 6016  sftvsa - ok
00:13:11.0340 6016  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:13:11.0400 6016  SharedAccess - ok
00:13:11.0434 6016  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:13:11.0474 6016  ShellHWDetection - ok
00:13:11.0504 6016  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:13:11.0517 6016  SiSRaid2 - ok
00:13:11.0531 6016  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
00:13:11.0545 6016  SiSRaid4 - ok
00:13:11.0699 6016  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:13:11.0791 6016  Skype C2C Service - ok
00:13:11.0831 6016  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
00:13:11.0843 6016  SkypeUpdate - ok
00:13:11.0870 6016  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:13:11.0931 6016  Smb - ok
00:13:11.0970 6016  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:13:11.0998 6016  SNMPTRAP - ok
00:13:12.0013 6016  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:13:12.0026 6016  spldr - ok
00:13:12.0065 6016  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
00:13:12.0114 6016  Spooler - ok
00:13:12.0181 6016  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
00:13:12.0316 6016  sppsvc - ok
00:13:12.0331 6016  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:13:12.0388 6016  sppuinotify - ok
00:13:12.0432 6016  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:13:12.0481 6016  srv - ok
00:13:12.0509 6016  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:13:12.0544 6016  srv2 - ok
00:13:12.0580 6016  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:13:12.0600 6016  SrvHsfHDA - ok
00:13:12.0635 6016  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:13:12.0692 6016  SrvHsfV92 - ok
00:13:12.0713 6016  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:13:12.0756 6016  SrvHsfWinac - ok
00:13:12.0774 6016  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:13:12.0791 6016  srvnet - ok
00:13:12.0817 6016  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:13:12.0879 6016  SSDPSRV - ok
00:13:12.0894 6016  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:13:12.0938 6016  SstpSvc - ok
00:13:12.0954 6016  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
00:13:12.0968 6016  stexstor - ok
00:13:13.0000 6016  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
00:13:13.0076 6016  stisvc - ok
00:13:13.0089 6016  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:13:13.0102 6016  swenum - ok
00:13:13.0121 6016  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
00:13:13.0186 6016  swprv - ok
00:13:13.0229 6016  [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
00:13:13.0266 6016  SynTP - ok
00:13:13.0312 6016  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
00:13:13.0388 6016  SysMain - ok
00:13:13.0404 6016  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:13:13.0440 6016  TabletInputService - ok
00:13:13.0487 6016  [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
00:13:13.0498 6016  taphss - ok
00:13:13.0516 6016  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:13:13.0577 6016  TapiSrv - ok
00:13:13.0594 6016  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
00:13:13.0638 6016  TBS - ok
00:13:13.0712 6016  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:13:13.0808 6016  Tcpip - ok
00:13:13.0870 6016  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:13:13.0918 6016  TCPIP6 - ok
00:13:13.0945 6016  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:13:13.0988 6016  tcpipreg - ok
00:13:13.0999 6016  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:13:14.0018 6016  TDPIPE - ok
00:13:14.0048 6016  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:13:14.0091 6016  TDTCP - ok
00:13:14.0114 6016  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:13:14.0192 6016  tdx - ok
00:13:14.0203 6016  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:13:14.0216 6016  TermDD - ok
00:13:14.0242 6016  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
00:13:14.0308 6016  TermService - ok
00:13:14.0315 6016  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
00:13:14.0346 6016  Themes - ok
00:13:14.0364 6016  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
00:13:14.0407 6016  THREADORDER - ok
00:13:14.0434 6016  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
00:13:14.0490 6016  TrkWks - ok
00:13:14.0533 6016  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:13:14.0550 6016  TrustedInstaller - ok
00:13:14.0567 6016  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:13:14.0621 6016  tssecsrv - ok
00:13:14.0651 6016  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:13:14.0710 6016  tunnel - ok
00:13:14.0727 6016  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
00:13:14.0742 6016  uagp35 - ok
00:13:14.0771 6016  [ C06E6F4679CEB8F430B90A51D76D8D3C ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:13:14.0805 6016  udfs - ok
00:13:14.0821 6016  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:13:14.0839 6016  UI0Detect - ok
00:13:14.0855 6016  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
00:13:14.0870 6016  uliagpkx - ok
00:13:14.0886 6016  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:13:14.0902 6016  umbus - ok
00:13:14.0923 6016  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
00:13:14.0952 6016  UmPass - ok
00:13:15.0050 6016  [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:13:15.0114 6016  UNS - ok
00:13:15.0127 6016  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
00:13:15.0178 6016  upnphost - ok
00:13:15.0212 6016  [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:13:15.0232 6016  usbccgp - ok
00:13:15.0251 6016  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
00:13:15.0278 6016  usbcir - ok
00:13:15.0291 6016  [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
00:13:15.0306 6016  usbehci - ok
00:13:15.0327 6016  [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:13:15.0347 6016  usbhub - ok
00:13:15.0360 6016  [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:13:15.0389 6016  usbohci - ok
00:13:15.0414 6016  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:13:15.0435 6016  usbprint - ok
00:13:15.0483 6016  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:13:15.0514 6016  usbscan - ok
00:13:15.0550 6016  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:13:15.0595 6016  USBSTOR - ok
00:13:15.0606 6016  [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
00:13:15.0624 6016  usbuhci - ok
00:13:15.0683 6016  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
00:13:15.0730 6016  usbvideo - ok
00:13:15.0754 6016  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
00:13:15.0801 6016  UxSms - ok
00:13:15.0812 6016  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
00:13:15.0824 6016  VaultSvc - ok
00:13:15.0849 6016  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
00:13:15.0861 6016  vdrvroot - ok
00:13:15.0882 6016  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
00:13:15.0905 6016  vds - ok
00:13:15.0917 6016  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:13:15.0933 6016  vga - ok
00:13:15.0943 6016  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:13:15.0998 6016  VgaSave - ok
00:13:16.0019 6016  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
00:13:16.0035 6016  vhdmp - ok
00:13:16.0047 6016  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
00:13:16.0060 6016  viaide - ok
00:13:16.0071 6016  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
00:13:16.0085 6016  volmgr - ok
00:13:16.0103 6016  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:13:16.0123 6016  volmgrx - ok
00:13:16.0160 6016  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:13:16.0195 6016  volsnap - ok
00:13:16.0222 6016  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
00:13:16.0241 6016  vsmraid - ok
00:13:16.0276 6016  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
00:13:16.0330 6016  VSS - ok
00:13:16.0346 6016  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
00:13:16.0373 6016  vwifibus - ok
00:13:16.0406 6016  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
00:13:16.0450 6016  vwififlt - ok
00:13:16.0484 6016  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
00:13:16.0549 6016  W32Time - ok
00:13:16.0565 6016  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
00:13:16.0595 6016  WacomPen - ok
00:13:16.0627 6016  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:13:16.0673 6016  WANARP - ok
00:13:16.0676 6016  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:13:16.0719 6016  Wanarpv6 - ok
00:13:16.0791 6016  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
00:13:16.0862 6016  WatAdminSvc - ok
00:13:16.0903 6016  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
00:13:16.0980 6016  wbengine - ok
00:13:16.0993 6016  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:13:17.0017 6016  WbioSrvc - ok
00:13:17.0055 6016  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:13:17.0090 6016  wcncsvc - ok
00:13:17.0101 6016  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:13:17.0119 6016  WcsPlugInService - ok
00:13:17.0133 6016  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
00:13:17.0148 6016  Wd - ok
00:13:17.0198 6016  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:13:17.0259 6016  Wdf01000 - ok
00:13:17.0308 6016  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:13:17.0358 6016  WdiServiceHost - ok
00:13:17.0363 6016  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:13:17.0382 6016  WdiSystemHost - ok
00:13:17.0423 6016  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
00:13:17.0478 6016  WebClient - ok
00:13:17.0494 6016  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:13:17.0558 6016  Wecsvc - ok
00:13:17.0573 6016  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:13:17.0627 6016  wercplsupport - ok
00:13:17.0655 6016  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:13:17.0697 6016  WerSvc - ok
00:13:17.0716 6016  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:13:17.0757 6016  WfpLwf - ok
00:13:17.0774 6016  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:13:17.0786 6016  WIMMount - ok
00:13:17.0801 6016  WinDefend - ok
00:13:17.0807 6016  WinHttpAutoProxySvc - ok
00:13:17.0858 6016  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:13:17.0920 6016  Winmgmt - ok
00:13:17.0964 6016  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
00:13:18.0080 6016  WinRM - ok
00:13:18.0118 6016  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
00:13:18.0136 6016  WinUsb - ok
00:13:18.0164 6016  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:13:18.0212 6016  Wlansvc - ok
00:13:18.0276 6016  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:13:18.0296 6016  wlcrasvc - ok
00:13:18.0388 6016  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:13:18.0480 6016  wlidsvc - ok
00:13:18.0505 6016  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
00:13:18.0518 6016  WmiAcpi - ok
00:13:18.0530 6016  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:13:18.0561 6016  wmiApSrv - ok
00:13:18.0583 6016  WMPNetworkSvc - ok
00:13:18.0596 6016  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:13:18.0615 6016  WPCSvc - ok
00:13:18.0632 6016  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:13:18.0677 6016  WPDBusEnum - ok
00:13:18.0693 6016  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:13:18.0765 6016  ws2ifsl - ok
00:13:18.0800 6016  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
00:13:18.0831 6016  wscsvc - ok
00:13:18.0834 6016  WSearch - ok
00:13:18.0930 6016  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:13:19.0037 6016  wuauserv - ok
00:13:19.0069 6016  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:13:19.0105 6016  WudfPf - ok
00:13:19.0136 6016  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:13:19.0164 6016  WUDFRd - ok
00:13:19.0199 6016  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:13:19.0231 6016  wudfsvc - ok
00:13:19.0263 6016  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:13:19.0303 6016  WwanSvc - ok
00:13:19.0366 6016  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:13:19.0419 6016  YahooAUService - ok
00:13:19.0448 6016  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
00:13:19.0472 6016  yukonw7 - ok
00:13:19.0480 6016  ================ Scan global ===============================
00:13:19.0495 6016  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:13:19.0534 6016  [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
00:13:19.0547 6016  [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
00:13:19.0570 6016  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:13:19.0583 6016  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:13:19.0589 6016  [Global] - ok
00:13:19.0590 6016  ================ Scan MBR ==================================
00:13:19.0597 6016  [ CC9C5FAA77C441F50FBFFA1D2609ECAF ] \Device\Harddisk0\DR0
00:13:19.0973 6016  \Device\Harddisk0\DR0 - ok
00:13:19.0974 6016  ================ Scan VBR ==================================
00:13:19.0978 6016  [ 7C0A4A1D3C82E7A003BEB90C52503D01 ] \Device\Harddisk0\DR0\Partition1
00:13:19.0981 6016  \Device\Harddisk0\DR0\Partition1 - ok
00:13:20.0019 6016  [ 66DBABCDFD2D605F4D2CF3675A68BB66 ] \Device\Harddisk0\DR0\Partition2
00:13:20.0022 6016  \Device\Harddisk0\DR0\Partition2 - ok
00:13:20.0054 6016  [ B9D6E274A73EF2DBA69AB3291E5ACD3F ] \Device\Harddisk0\DR0\Partition3
00:13:20.0057 6016  \Device\Harddisk0\DR0\Partition3 - ok
00:13:20.0073 6016  [ 6CFAA3447CC7E26B32E3DEAD5B3E1125 ] \Device\Harddisk0\DR0\Partition4
00:13:20.0075 6016  \Device\Harddisk0\DR0\Partition4 - ok
00:13:20.0075 6016  ============================================================
00:13:20.0075 6016  Scan finished
00:13:20.0075 6016  ============================================================
00:13:20.0095 4448  Detected object count: 8
00:13:20.0095 4448  Actual detected object count: 8
00:14:39.0499 4448  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0499 4448  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:14:39.0503 4448  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0503 4448  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:14:39.0504 4448  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0504 4448  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:14:39.0506 4448  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0507 4448  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:14:39.0516 4448  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0516 4448  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:14:39.0517 4448  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0517 4448  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:14:39.0519 4448  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0519 4448  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:14:39.0520 4448  RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:39.0520 4448  RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Hoffe, das sind die richtigen Daten??
Danke und gute Nacht

Geändert von buggerlux (07.01.2013 um 23:30 Uhr)

Alt 08.01.2013, 18:38   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logs bitte immer in CODE-Tags posten

Alt 08.01.2013, 22:12   #13
buggerlux
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



hallo Cosinus, hier die log Datei von Combofix.exe..allerdings gab es am Anfang eine Fehlermeldung von meinem Avira, obwohl ich dachte ich hätte alles ausgeschaltet, gab es wohl noch ein Administratorenprogramm von Avira, wenn es um Registry geht. Hoffe, das trotzdem alles durchsucht werden konnte. wenn nicht, lass es mich wissen und ich lasse Combofix nochmals durchlaufen,ok?

Code:
ATTFilter
ComboFix 13-01-08.01 - usuaria 08/01/2013  22:38:29.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.34.3082.18.3894.2407 [GMT 1:00]
Running from: c:\users\usuaria\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2012-12-08 to 2013-01-08  )))))))))))))))))))))))))))))))
.
.
2013-01-08 21:47 . 2013-01-08 21:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-30 16:31 . 2012-12-30 16:31	--------	d-----w-	c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-12-28 05:40 . 2012-12-28 05:40	--------	d-----w-	c:\users\usuaria\AppData\Roaming\Malwarebytes
2012-12-28 05:40 . 2012-12-28 05:40	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-28 05:40 . 2012-12-28 05:40	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-28 05:40 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-28 05:38 . 2012-12-28 05:38	--------	d-----w-	c:\users\usuaria\AppData\Local\Programs
2012-12-28 04:51 . 2012-12-28 04:52	--------	d-----w-	c:\program files (x86)\Google
2012-12-20 22:00 . 2012-12-16 16:52	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-20 22:00 . 2012-12-16 14:25	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-20 22:00 . 2012-12-16 14:40	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-20 22:00 . 2012-12-16 14:25	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 22:29 . 2012-12-16 22:29	--------	d-----w-	c:\users\usuaria\aeat
2012-12-12 14:58 . 2012-11-02 05:27	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 14:58 . 2012-11-02 04:48	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-12 14:58 . 2012-09-06 17:38	295792	----a-w-	c:\windows\system32\drivers\volsnap.sys
2012-12-11 16:01 . 2012-12-11 16:01	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-06 20:19 . 2012-07-08 01:52	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-06 20:19 . 2011-12-07 14:27	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 22:02 . 2011-12-26 00:13	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-11 16:04 . 2012-12-02 22:28	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-11 16:04 . 2012-12-02 22:28	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-30 15:44 . 2012-11-30 15:44	0	----a-w-	c:\windows\SysWow64\shoAF2C.tmp
2012-11-28 12:54 . 2012-11-28 12:54	0	----a-w-	c:\windows\SysWow64\sho2147.tmp
2012-11-27 22:12 . 2012-11-27 22:12	0	----a-w-	c:\windows\SysWow64\shoA50A.tmp
2012-11-27 01:54 . 2012-11-27 01:54	0	----a-w-	c:\windows\SysWow64\sho79F3.tmp
2012-11-16 19:17 . 2012-12-02 22:28	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-08 17:24 . 2012-11-30 15:51	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{13660B22-64E8-4978-B698-EE7E2D123D8D}\mpengine.dll
2012-10-16 21:20 . 2012-11-27 21:52	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-27 21:52	347648	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-27 21:52	559104	----a-w-	c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-08-02 10:13	248936	----a-w-	c:\program files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll" [2012-08-02 274536]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-23 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-07-02 602680]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
c:\users\usuaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-2-4 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-22 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-22 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-07-02 27192]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-17 315392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-06-22 10342240]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 09:36	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 20:19]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28 04:51]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28 04:51]
.
2012-12-19 c:\windows\Tasks\HPCeeScheduleForUSUARIA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
2013-01-01 c:\windows\Tasks\HPCeeScheduleForusuaria.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=10&cc=
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{a060276a-53be-45ec-8ebe-b94b1e803179} - (no file)
BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
WebBrowser-{A060276A-53BE-45EC-8EBE-B94B1E803179} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-08  23:05:11
ComboFix-quarantined-files.txt  2013-01-08 22:05
.
Pre-Run: 13.193.875.456 bytes libres
Post-Run: 18.130.538.496 bytes libres
.
- - End Of File - - D6D0229EE1723B0DD8882E75816EDF6B
         

Alt 09.01.2013, 09:40   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logs bitte immer in CODE-Tags posten

Alt 09.01.2013, 17:30   #15
buggerlux
 
Virenfunde in Quarantäne file von Avira - Standard

Virenfunde in Quarantäne file von Avira



HIER DIE LOGS VON ADWCLEANER

Code:
ATTFilter
# AdwCleaner v2.105 - Fichero creado el 09/01/2013 a 18:26:45
# Actualizado el 08/01/2013 por Xplode
# Sistema operativo : Windows 7 Home Premium  (64 bits)
# Usuario : usuaria - USUARIA-HP
# Modo de inicio : Normal
# Ejecutado desde : C:\Users\usuaria\Desktop\adwcleaner.exe
# Opción [Búsqueda]


***** [Servicios] *****


***** [Ficheros / Carpetas] *****

Carpeta Presente : C:\Program Files (x86)\Conduit
Carpeta Presente : C:\Program Files (x86)\Softonic
Carpeta Presente : C:\ProgramData\Ask
Carpeta Presente : C:\Users\usuaria\AppData\Local\Conduit
Carpeta Presente : C:\Users\usuaria\AppData\LocalLow\Conduit
Carpeta Presente : C:\Users\usuaria\AppData\LocalLow\Softonic
Fichero Presente : C:\user.js

***** [Registro] *****

Clave Presente : HKCU\Software\AppDataLow\Software\Conduit
Clave Presente : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Clave Presente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Presente : HKCU\Software\Softonic
Clave Presente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clave Presente : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clave Presente : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clave Presente : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clave Presente : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clave Presente : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clave Presente : HKLM\SOFTWARE\Classes\escort.escortIEPane
Clave Presente : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Clave Presente : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Clave Presente : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Clave Presente : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Clave Presente : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Clave Presente : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Clave Presente : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Clave Presente : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Clave Presente : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Clave Presente : HKLM\SOFTWARE\Classes\Toolbar.CT2549263
Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Clave Presente : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clave Presente : HKLM\Software\Conduit
Clave Presente : HKLM\Software\Softonic
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Presente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Clave Presente : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Clave Presente : HKU\S-1-5-21-2051178920-43645615-1976691682-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Valor Presente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]

***** [Navegadores] *****

-\\ Internet Explorer v8.0.7600.17153

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=10&cc=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=15&cc=

-\\ Google Chrome v23.0.1271.97

Fichero : C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] El fichero no contiene ninguna entrada ilegítima.

*************************

AdwCleaner[R1].txt - [8083 octets] - [09/01/2013 18:26:45]

########## EOF - C:\AdwCleaner[R1].txt - [8143 octets] ##########
         

Antwort

Themen zu Virenfunde in Quarantäne file von Avira
adware, antivirus, autorun, avira, bho, browser.exe, desktop, diner dash, email, error, failed, firefox, flash player, frage, gmer absturz, gmx.net, google, helper, home, homepage, igdpmd64.sys, install.exe, launch, logfile, microsoft office starter 2010, object, officejet, phishingversuch, phishingwarnungen, plug-in, realtek, registry, scan, security, software, tr/crypt xpack.gen, viren, warnung, wenig ahnung, windows, yahoo.com



Ähnliche Themen: Virenfunde in Quarantäne file von Avira


  1. Pua/somoto.gen2 bei Avira in Quarantäne verschieben. Reicht das aus?
    Log-Analyse und Auswertung - 31.03.2015 (5)
  2. 2 Trojaner in der Avira Quarantäne, Was tun ?
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (10)
  3. Avira meldet Fund und stellt ihn nicht in Quarantäne
    Log-Analyse und Auswertung - 04.11.2014 (7)
  4. TR/Tropper.Gen in Avira Quarantäne Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 04.03.2014 (11)
  5. 2 Virenfunde Avira /gmer funktioniert nicht
    Log-Analyse und Auswertung - 24.01.2014 (10)
  6. Avira-Scan Auswertung und Quarantäne nicht verständlich?
    Log-Analyse und Auswertung - 03.01.2014 (10)
  7. Überall öffnen sich Werbungsfenster und avira meldet mir zwischendurch Virenfunde. Was kann ich tun?
    Log-Analyse und Auswertung - 11.12.2013 (3)
  8. Win7; Avira-Fund:TR/Mevade.A.95 (143 Virenfunde laut Avira)
    Log-Analyse und Auswertung - 06.10.2013 (11)
  9. 21 Objekte in Avira Quarantäne
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (15)
  10. Avira / Quarantäne: adware/installcore.gen
    Log-Analyse und Auswertung - 26.09.2013 (34)
  11. TR/Crypt/ZPACK.Gen8 in Avira Quarantäne
    Log-Analyse und Auswertung - 04.03.2013 (20)
  12. 10 Viruse bei Avira in Quarantäne gefunden.
    Plagegeister aller Art und deren Bekämpfung - 16.01.2013 (17)
  13. avira antivir zeigt virenfunde bei systemscan
    Log-Analyse und Auswertung - 16.03.2012 (3)
  14. Trojaner TR/ADH.2.4490 in Quarantäne bei Avira
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (33)
  15. Avira startet nicht, verschiedene Virenfunde
    Plagegeister aller Art und deren Bekämpfung - 05.10.2010 (6)
  16. Bei AV Security Suite dummerweise Avira Quarantäne gelöscht
    Plagegeister aller Art und deren Bekämpfung - 01.09.2010 (1)
  17. Avira Quarantäne
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (3)

Zum Thema Virenfunde in Quarantäne file von Avira - Hi liebe Admins, ich bin neu hier und habe wenig Ahnung von der Materie, leider. Ich gebe mir aber alle Mühe, alles richtig zu machen und euch die Arbeit, für - Virenfunde in Quarantäne file von Avira...
Archiv
Du betrachtest: Virenfunde in Quarantäne file von Avira auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.