Virenfunde in Quarantäne file von Avira

cosinus · 09.01.2013, 23:48

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

buggerlux · 10.01.2013, 10:43

Hi Cosinus, hier die adwcleaner 2 und die OTL logs.

Code:

ATTFilter

# AdwCleaner v2.105 - Fichero creado el 10/01/2013 a 10:37:23
# Actualizado el 08/01/2013 por Xplode
# Sistema operativo : Windows 7 Home Premium  (64 bits)
# Usuario : usuaria - USUARIA-HP
# Modo de inicio : Normal
# Ejecutado desde : C:\Users\usuaria\Desktop\adwcleaner.exe
# Opción [Supresión]


***** [Servicios] *****


***** [Ficheros / Carpetas] *****

Carpeta Suprimido : C:\Program Files (x86)\Conduit
Carpeta Suprimido : C:\Program Files (x86)\Softonic
Carpeta Suprimido : C:\ProgramData\Ask
Carpeta Suprimido : C:\Users\usuaria\AppData\Local\Conduit
Carpeta Suprimido : C:\Users\usuaria\AppData\LocalLow\Conduit
Carpeta Suprimido : C:\Users\usuaria\AppData\LocalLow\Softonic
Fichero Suprimido : C:\user.js

***** [Registro] *****

Clave Supprimida : HKCU\Software\AppDataLow\Software\Conduit
Clave Supprimida : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Supprimida : HKCU\Software\Softonic
Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clave Supprimida : HKLM\SOFTWARE\Classes\escort.escortIEPane
Clave Supprimida : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Clave Supprimida : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Clave Supprimida : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Clave Supprimida : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Clave Supprimida : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Clave Supprimida : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Clave Supprimida : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Clave Supprimida : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Clave Supprimida : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Clave Supprimida : HKLM\SOFTWARE\Classes\Toolbar.CT2549263
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clave Supprimida : HKLM\Software\Conduit
Clave Supprimida : HKLM\Software\Softonic
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Valor Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]

***** [Navegadores] *****

-\\ Internet Explorer v8.0.7600.17153

Sustituido : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=10&cc= --> hxxp://www.google.com
Sustituido : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=15&cc= --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.97

Fichero : C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] El fichero no contiene ninguna entrada ilegítima.

*************************

AdwCleaner[R1].txt - [8182 octets] - [09/01/2013 18:26:45]
AdwCleaner[S1].txt - [8225 octets] - [10/01/2013 10:37:23]

########## EOF - C:\AdwCleaner[S1].txt - [8285 octets] ##########

Code:

ATTFilter

OTL logfile created on: 10/01/2013 10:49:12 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\usuaria\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy
 
3,80 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 61,67% Memory free
7,60 Gb Paging File | 5,74 Gb Available in Paging File | 75,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281,05 Gb Total Space | 15,38 Gb Free Space | 5,47% Space Free | Partition Type: NTFS
Drive D: | 16,74 Gb Total Space | 2,42 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
 
Computer Name: USUARIA-HP | User Name: usuaria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\usuaria\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\07e052b2219f181a8b3da6b7b26cff06\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c6fb88c8055653672314c29ca4b78a7e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cc19e0ff1b36ba7b634efdc5630a6926\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (wlcrasvc) -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (HP Wireless Assistant Service) -- C:\Archivos de programa\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (RtVOsdService) -- C:\Archivos de programa\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Archivos de programa\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/10
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes\{7055052C-AABD-4F87-86B2-2555CAB9A5D3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYES&apn_uid=1DFDDFE2-3A33-4AD4-80DC-D1525CA0ECF7&apn_sauid=9661D129-DF98-47F6-9778-07DA305D73DB
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes\{94F2CA5E-9D46-495A-8700-5EBDA1B10960}: "URL" = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\usuaria\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/16 11:04:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/16 11:04:29 | 000,000,000 | ---D | M]
 
[2012/02/29 21:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\usuaria\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2051178920-43645615-1976691682-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - Startup: C:\Users\usuaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{255B75DC-C912-48F5-A2E8-2DB43E870C9C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5586999B-4ED2-4C86-8077-0D81E07C6273}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/10 10:45:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\usuaria\Desktop\OTL (1).exe
[2013/01/10 10:31:13 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/10 10:31:13 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 22:56:48 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{0736251E-37E9-44CF-9510-6DFA4C6E4202}
[2013/01/09 17:41:23 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 17:40:26 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 17:40:04 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 17:40:04 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 17:40:04 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 17:40:04 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 17:40:03 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 17:40:03 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 17:40:03 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 17:40:03 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 17:40:03 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 17:40:03 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 17:40:03 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 17:40:03 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 17:40:03 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 17:40:03 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 17:40:03 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 17:40:03 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 17:40:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 17:40:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 17:40:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 17:40:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 17:40:03 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 17:40:03 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 17:40:02 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 17:40:02 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 17:40:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 17:40:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 17:40:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 17:40:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 17:40:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 17:40:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 17:40:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 17:40:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 17:39:43 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 17:39:39 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 17:39:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 17:39:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 17:39:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 17:39:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 17:39:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 17:39:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 17:39:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 17:39:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 17:39:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 17:39:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 17:39:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 17:39:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 17:39:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 17:39:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 17:39:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 17:39:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 17:39:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 17:39:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 17:39:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 17:39:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 17:39:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 17:39:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 17:39:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 17:39:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 17:39:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 17:39:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/08 22:37:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/08 22:37:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/08 22:37:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/08 22:37:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/08 22:36:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/08 21:47:53 | 005,019,950 | R--- | C] (Swearware) -- C:\Users\usuaria\Desktop\ComboFix.exe
[2013/01/08 00:03:45 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\usuaria\Desktop\tdsskiller.exe
[2013/01/07 23:03:57 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\usuaria\Desktop\aswMBR.exe
[2013/01/04 00:43:28 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{8A4F1AA4-380E-45BD-B721-54A8CD167255}
[2012/12/30 17:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/12/30 17:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/12/29 18:30:31 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{97B0A534-45EA-49D5-88DD-40942E160041}
[2012/12/28 12:57:25 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{2CB4DDF3-2864-4C29-9F8A-57ACAB5CC410}
[2012/12/28 06:40:42 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Roaming\Malwarebytes
[2012/12/28 06:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/28 06:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/28 06:40:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/28 06:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/28 06:38:39 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\Programs
[2012/12/28 05:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/28 05:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/12/20 23:00:49 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/20 23:00:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/20 23:00:47 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/20 23:00:47 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/20 21:58:43 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{C1D01EAC-C83B-4C88-9300-4302DE776D47}
[2012/12/20 21:49:36 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{7980638D-EAEF-466D-BB63-FA0248460A01}
[2012/12/20 21:40:04 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{74DCB271-F49D-4B82-B575-3C8A846DE6D0}
[2012/12/20 21:38:09 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{C01AF3A6-D141-453D-ADBE-CB13DB45B32D}
[2012/12/20 18:48:55 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{171327EB-539E-46AE-B45A-B00EC92B1D34}
[2012/12/20 18:20:28 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{02817BBC-0514-43F4-9812-ABC7D01425D5}
[2012/12/20 18:04:00 | 000,000,000 | ---D | C] -- C:\Users\usuaria\Desktop\fotos tarjeta 16 gb
[2012/12/20 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{A53B79E6-37C5-4D9E-A94D-DF5E49F60F72}
[2012/12/20 16:54:56 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{14C06D40-6601-4D93-877A-8BFA4ACD22A3}
[2012/12/16 23:29:27 | 000,000,000 | ---D | C] -- C:\Users\usuaria\aeat
[2012/12/12 15:59:24 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 15:59:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 15:59:23 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/12/12 15:59:23 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/12/12 15:59:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 15:59:23 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 15:59:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 15:59:23 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 15:59:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 15:59:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/12/12 15:59:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/12/12 15:59:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/12/12 15:59:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/12/12 15:59:22 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/12/12 15:59:22 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/12/12 15:58:22 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 15:58:22 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/11 17:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/12/11 17:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[26 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\usuaria\Desktop\*.tmp files -> C:\Users\usuaria\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/10 10:47:00 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 10:47:00 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 10:45:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\usuaria\Desktop\OTL (1).exe
[2013/01/10 10:40:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/10 10:38:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/10 10:38:28 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/10 10:27:08 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/10 10:26:27 | 000,303,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/10 00:56:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/09 23:06:43 | 001,580,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/09 23:06:43 | 000,704,518 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/01/09 23:06:43 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/09 23:06:43 | 000,138,226 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/01/09 23:06:43 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/09 18:24:23 | 000,554,087 | ---- | M] () -- C:\Users\usuaria\Desktop\adwcleaner.exe
[2013/01/08 23:27:45 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/08 23:27:45 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/08 21:46:53 | 005,019,950 | R--- | M] (Swearware) -- C:\Users\usuaria\Desktop\ComboFix.exe
[2013/01/08 00:03:02 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\usuaria\Desktop\tdsskiller.exe
[2013/01/07 23:31:56 | 000,000,512 | ---- | M] () -- C:\Users\usuaria\Desktop\MBR.dat
[2013/01/07 23:03:48 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\usuaria\Desktop\aswMBR.exe
[2013/01/07 22:47:58 | 013,485,902 | ---- | M] () -- C:\Users\usuaria\Desktop\mbar-1.01.0.1011.zip
[2013/01/04 18:39:19 | 000,000,000 | ---- | M] () -- C:\Users\usuaria\defogger_reenable
[2013/01/01 19:29:52 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForusuaria.job
[2012/12/30 17:34:02 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/12/28 06:40:32 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/28 05:52:54 | 000,002,281 | ---- | M] () -- C:\Users\usuaria\Desktop\Google Chrome.lnk
[2012/12/20 17:33:53 | 000,006,144 | ---- | M] () -- C:\Users\usuaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/19 19:17:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUSUARIA-HP$.job
[2012/12/16 17:52:02 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 15:40:45 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 15:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 15:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/11 17:04:34 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/12/11 17:04:34 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[26 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\usuaria\Desktop\*.tmp files -> C:\Users\usuaria\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/09 18:24:21 | 000,554,087 | ---- | C] () -- C:\Users\usuaria\Desktop\adwcleaner.exe
[2013/01/08 22:37:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/08 22:37:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/08 22:37:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/08 22:37:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/08 22:37:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/07 23:31:56 | 000,000,512 | ---- | C] () -- C:\Users\usuaria\Desktop\MBR.dat
[2013/01/07 22:48:51 | 013,485,902 | ---- | C] () -- C:\Users\usuaria\Desktop\mbar-1.01.0.1011.zip
[2013/01/04 18:39:19 | 000,000,000 | ---- | C] () -- C:\Users\usuaria\defogger_reenable
[2012/12/30 17:34:02 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/12/28 06:40:32 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/28 05:52:54 | 000,002,281 | ---- | C] () -- C:\Users\usuaria\Desktop\Google Chrome.lnk
[2012/12/28 05:51:33 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/28 05:51:29 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/15 00:51:20 | 000,006,144 | ---- | C] () -- C:\Users\usuaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/03 02:13:04 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/01/03 16:29:57 | 001,584,422 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/19 01:33:05 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/12/16 11:00:14 | 000,244,490 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/12/16 11:00:14 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/12/07 15:33:22 | 000,017,408 | ---- | C] () -- C:\Users\usuaria\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/10/11 17:47:49 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\.minecraft
[2012/05/26 15:14:02 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\OpenOffice.org
[2013/01/10 10:49:10 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\SoftGrid Client
[2012/01/03 16:30:46 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\TP
[2012/01/15 13:01:47 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\WildTangent
[2013/01/04 00:43:35 | 000,000,000 | ---D | M] -- C:\Users\usuaria\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >

cosinus · 10.01.2013, 16:38

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes\{7055052C-AABD-4F87-86B2-2555CAB9A5D3}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYES&apn_uid=1DFDDFE2-3A33-4AD4-80DC-D1525CA0ECF7&apn_sauid=9661D129-DF98-47F6-9778-07DA305D73DB
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes\{94F2CA5E-9D46-495A-8700-5EBDA1B10960}: "URL" = http://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc=
:Files
C:\Users\usuaria\aeat
C:\Users\usuaria\Desktop\MBR.dat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

buggerlux · 10.01.2013, 16:50

Hi Cosinus, hier die OTL logs:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2051178920-43645615-1976691682-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7055052C-AABD-4F87-86B2-2555CAB9A5D3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7055052C-AABD-4F87-86B2-2555CAB9A5D3}\ not found.
Registry key HKEY_USERS\S-1-5-21-2051178920-43645615-1976691682-1000\Software\Microsoft\Internet Explorer\SearchScopes\{94F2CA5E-9D46-495A-8700-5EBDA1B10960}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94F2CA5E-9D46-495A-8700-5EBDA1B10960}\ not found.
========== FILES ==========
C:\Users\usuaria\aeat\log folder moved successfully.
C:\Users\usuaria\aeat folder moved successfully.
C:\Users\usuaria\Desktop\MBR.dat moved successfully.
< ipconfig /flushdns /c >
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
C:\Users\usuaria\Desktop\cmd.bat deleted successfully.
C:\Users\usuaria\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
 
User: Public
->Temp folder emptied: 0 bytes
 
User: usuaria
->Temp folder emptied: 32250089 bytes
->Temporary Internet Files folder emptied: 52941998 bytes
->Java cache emptied: 1423341 bytes
->Google Chrome cache emptied: 256827881 bytes
->Flash cache emptied: 9919 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28892352 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68042 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 355,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 01102013_164504

Files\Folders moved on Reboot...
C:\Users\usuaria\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 10.01.2013, 21:04

Eine neue Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

buggerlux · 10.01.2013, 23:33

Hier die logs der neuen Kontrolle mit OTL.exe

Code:

ATTFilter

OTL logfile created on: 10/01/2013 23:20:01 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\usuaria\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy
 
3,80 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 63,64% Memory free
7,60 Gb Paging File | 5,50 Gb Available in Paging File | 72,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281,05 Gb Total Space | 14,52 Gb Free Space | 5,16% Space Free | Partition Type: NTFS
Drive D: | 16,74 Gb Total Space | 2,42 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
 
Computer Name: USUARIA-HP | User Name: usuaria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\usuaria\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\25ee48eb497e73b0eaad5b8b4c365992\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c6fb88c8055653672314c29ca4b78a7e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cc19e0ff1b36ba7b634efdc5630a6926\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (wlcrasvc) -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (HP Wireless Assistant Service) -- C:\Archivos de programa\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (RtVOsdService) -- C:\Archivos de programa\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Archivos de programa\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/10
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\usuaria\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/16 11:04:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/16 11:04:29 | 000,000,000 | ---D | M]
 
[2012/02/29 21:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\usuaria\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/01/10 16:45:47 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2051178920-43645615-1976691682-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - Startup: C:\Users\usuaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{255B75DC-C912-48F5-A2E8-2DB43E870C9C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5586999B-4ED2-4C86-8077-0D81E07C6273}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/10 16:45:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/10 10:45:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\usuaria\Desktop\OTL (1).exe
[2013/01/10 10:31:13 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/10 10:31:13 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 22:56:48 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{0736251E-37E9-44CF-9510-6DFA4C6E4202}
[2013/01/09 17:41:23 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 17:40:26 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 17:40:04 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 17:40:04 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 17:40:04 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 17:40:04 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 17:40:03 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 17:40:03 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 17:40:03 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 17:40:03 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 17:40:03 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 17:40:03 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 17:40:03 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 17:40:03 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 17:40:03 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 17:40:03 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 17:40:03 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 17:40:03 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 17:40:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 17:40:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 17:40:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 17:40:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 17:40:03 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 17:40:03 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 17:40:02 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 17:40:02 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 17:40:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 17:40:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 17:40:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 17:40:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 17:40:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 17:40:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 17:40:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 17:40:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 17:39:43 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 17:39:39 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 17:39:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 17:39:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 17:39:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 17:39:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 17:39:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 17:39:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 17:39:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 17:39:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 17:39:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 17:39:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 17:39:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 17:39:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 17:39:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 17:39:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 17:39:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 17:39:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 17:39:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 17:39:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 17:39:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 17:39:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 17:39:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 17:39:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 17:39:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 17:39:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 17:39:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 17:39:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/08 22:37:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/08 22:37:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/08 22:37:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/08 22:37:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/08 22:36:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/08 21:47:53 | 005,019,950 | R--- | C] (Swearware) -- C:\Users\usuaria\Desktop\ComboFix.exe
[2013/01/08 00:03:45 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\usuaria\Desktop\tdsskiller.exe
[2013/01/07 23:03:57 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\usuaria\Desktop\aswMBR.exe
[2013/01/04 00:43:28 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{8A4F1AA4-380E-45BD-B721-54A8CD167255}
[2012/12/30 17:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/12/30 17:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/12/29 18:30:31 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{97B0A534-45EA-49D5-88DD-40942E160041}
[2012/12/28 12:57:25 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{2CB4DDF3-2864-4C29-9F8A-57ACAB5CC410}
[2012/12/28 06:40:42 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Roaming\Malwarebytes
[2012/12/28 06:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/28 06:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/28 06:40:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/28 06:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/28 06:38:39 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\Programs
[2012/12/28 05:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/28 05:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/12/20 23:00:49 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/20 23:00:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/20 23:00:47 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/20 23:00:47 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/20 21:58:43 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{C1D01EAC-C83B-4C88-9300-4302DE776D47}
[2012/12/20 21:49:36 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{7980638D-EAEF-466D-BB63-FA0248460A01}
[2012/12/20 21:40:04 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{74DCB271-F49D-4B82-B575-3C8A846DE6D0}
[2012/12/20 21:38:09 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{C01AF3A6-D141-453D-ADBE-CB13DB45B32D}
[2012/12/20 18:48:55 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{171327EB-539E-46AE-B45A-B00EC92B1D34}
[2012/12/20 18:20:28 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{02817BBC-0514-43F4-9812-ABC7D01425D5}
[2012/12/20 18:04:00 | 000,000,000 | ---D | C] -- C:\Users\usuaria\Desktop\fotos tarjeta 16 gb
[2012/12/20 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{A53B79E6-37C5-4D9E-A94D-DF5E49F60F72}
[2012/12/20 16:54:56 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{14C06D40-6601-4D93-877A-8BFA4ACD22A3}
[2012/12/12 15:59:24 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 15:59:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 15:59:23 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/12/12 15:59:23 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/12/12 15:59:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 15:59:23 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 15:59:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 15:59:23 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 15:59:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 15:59:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/12/12 15:59:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/12/12 15:59:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/12/12 15:59:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/12/12 15:59:22 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/12/12 15:59:22 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/12/12 15:58:22 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 15:58:22 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2 C:\Users\usuaria\Desktop\*.tmp files -> C:\Users\usuaria\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/10 22:56:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/10 22:33:26 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 22:33:26 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 22:27:03 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/10 22:25:30 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/10 22:25:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/10 22:25:16 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/10 16:45:47 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/01/10 10:45:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\usuaria\Desktop\OTL (1).exe
[2013/01/10 10:26:27 | 000,303,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 23:06:43 | 001,580,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/09 23:06:43 | 000,704,518 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/01/09 23:06:43 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/09 23:06:43 | 000,138,226 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/01/09 23:06:43 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/09 18:24:23 | 000,554,087 | ---- | M] () -- C:\Users\usuaria\Desktop\adwcleaner.exe
[2013/01/08 23:27:45 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/08 23:27:45 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/08 21:46:53 | 005,019,950 | R--- | M] (Swearware) -- C:\Users\usuaria\Desktop\ComboFix.exe
[2013/01/08 00:03:02 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\usuaria\Desktop\tdsskiller.exe
[2013/01/07 23:03:48 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\usuaria\Desktop\aswMBR.exe
[2013/01/07 22:47:58 | 013,485,902 | ---- | M] () -- C:\Users\usuaria\Desktop\mbar-1.01.0.1011.zip
[2013/01/04 18:39:19 | 000,000,000 | ---- | M] () -- C:\Users\usuaria\defogger_reenable
[2013/01/01 19:29:52 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForusuaria.job
[2012/12/30 17:34:02 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/12/28 06:40:32 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/28 05:52:54 | 000,002,281 | ---- | M] () -- C:\Users\usuaria\Desktop\Google Chrome.lnk
[2012/12/20 17:33:53 | 000,006,144 | ---- | M] () -- C:\Users\usuaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/19 19:17:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUSUARIA-HP$.job
[2012/12/16 17:52:02 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 15:40:45 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 15:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 15:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Users\usuaria\Desktop\*.tmp files -> C:\Users\usuaria\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/09 18:24:21 | 000,554,087 | ---- | C] () -- C:\Users\usuaria\Desktop\adwcleaner.exe
[2013/01/08 22:37:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/08 22:37:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/08 22:37:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/08 22:37:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/08 22:37:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/07 22:48:51 | 013,485,902 | ---- | C] () -- C:\Users\usuaria\Desktop\mbar-1.01.0.1011.zip
[2013/01/04 18:39:19 | 000,000,000 | ---- | C] () -- C:\Users\usuaria\defogger_reenable
[2012/12/30 17:34:02 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/12/28 06:40:32 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/28 05:52:54 | 000,002,281 | ---- | C] () -- C:\Users\usuaria\Desktop\Google Chrome.lnk
[2012/12/28 05:51:33 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/28 05:51:29 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/15 00:51:20 | 000,006,144 | ---- | C] () -- C:\Users\usuaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/03 02:13:04 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/01/03 16:29:57 | 001,584,422 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/19 01:33:05 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/12/16 11:00:14 | 000,244,490 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/12/16 11:00:14 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/12/07 15:33:22 | 000,017,408 | ---- | C] () -- C:\Users\usuaria\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

cosinus · 11.01.2013, 00:11

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

buggerlux · 12.01.2013, 01:14

Hier die Logs von Malwarebytes, nichts drin..allerdings hatte dieses Programm auch am Anfang nichts gefunden, obwohl 5 Funde im Avira Quarantänefile waren..

mache jetzt weiter mit ESET..

habe heute mal versucht in mein LLoydsbankaccount einzulocken, aber das Phishing ist noch aktiv, die verschlüsselte Seite hat immer wieder umgeleitet auf eine halb verschlüsselte Seite..müsste ich jetzt schon eine Verbesserung sehen, oder ist es noch zu früh und ich muss einfach noch Geduld haben?

Vielen Dank für deine Mühe und deine Zeit Sissy

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.11.15

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
usuaria :: USUARIA-HP [Administrator]

12/01/2013 1:04:14
mbam-log-2013-01-12 (01-04-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219291
Laufzeit: 2 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 12.01.2013, 01:19

Erstell dir mal ein neues Profil und teste => Firefox-Profile erstellen und löschen | Hilfe zu Firefox

buggerlux · 12.01.2013, 01:33

Danke schön, werde ich morgen gleich ausprobieren..

Gute Nacht Sissy

Ps: Hast du einen sicheren Link wo ich mir Firefox runterladen kann? Ich habe nur Google Chrome und Internet Explorer drauf..

cosinus · 12.01.2013, 14:02

Wie wärs mit der OFFIZIELLEN Seite?!
Oder lädst du Software vom erstebesten Link?

Hier gibt es den Firefox! => Mozilla Firefox Web Browser

buggerlux · 12.01.2013, 15:44

Danke schön.. Natürlich lade ich mir Programme nicht vom erstbesten link, da ich aber fast überall auf unverschlüsselte Seiten weitergeleitet werde, was ja Teil meines Problems ist, habe ich dich nach einem sicheren Link gefragt..

Mach mich jetzt an die "Hausaufgaben" von dir..
Bis dann Sissy

Habe Eset laufen lassen..fast 6 h hat das gedauert..
hat eine infizierte Datei gefunden..dann nach Finish habe ich versucht die logs im Explorer zu finden..leider ohne Erfolg.. werde immer auf die Yahoo Seite umgeleitet (???) nach der Eingabe von C:\Programme\Eset\EsetOnlineScanner\log.txt..habe es 1 h lang versucht, auch mit der Schreibweise "C:\Programme\Eset\EsetOnlineScanner\log.txt" und C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt..bekomme immer die Fehlermeldung auf der Yahoo Seite, das Windows diese Seite nicht anzeigen kann..Habe das Gleiche auch im Startmenue probiert, immer mit der Fehlermeldung, Windows kann dieses Programm nicht finden, bitte überprüfen sie die Schreibweise.. weiss nicht weiter.. schade, da ja eine Datei gefunden wurde..mach erst mal Schluss und Morgen weiter..Gute Nacht

Habe Eset laufen lassen..fast 6 h hat das gedauert..
hat eine infizierte Datei gefunden..dann nach Finish habe ich versucht die logs im Explorer zu finden..leider ohne Erfolg.. werde immer auf die Yahoo Seite umgeleitet (???) nach der Eingabe von C:\Programme\Eset\EsetOnlineScanner\log.txt..habe es 1 h lang versucht, auch mit der Schreibweise "C:\Programme\Eset\EsetOnlineScanner\log.txt" und C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt..bekomme immer die Fehlermeldung auf der Yahoo Seite, das Windows diese Seite nicht anzeigen kann..Habe das Gleiche auch im Startmenue probiert, immer mit der Fehlermeldung, Windows kann dieses Programm nicht finden, bitte überprüfen sie die Schreibweise.. weiss nicht weiter.. schade, da ja eine Datei gefunden wurde..mach erst mal Schluss und Morgen weiter..Gute Nacht

Ich weiss nicht was los ist, aber ich kann meine Themen nicht mehr editieren??? Deshalb auch der Doppelte Beitrag, kann ihn nicht editieren..

buggerlux · 15.01.2013, 21:58

Hi Cosinus, hab dich schon ein paar Tage nicht online gesehen, hoffe es geht dir gut. Lass mich wissen wie es weitergehen soll,ok? Sissy

Habe Eset laufen lassen..fast 6 h hat das gedauert..
hat eine infizierte Datei gefunden..dann nach Finish habe ich versucht die logs im Explorer zu finden..leider ohne Erfolg.. werde immer auf die Yahoo Seite umgeleitet (???) nach der Eingabe von C:\Programme\Eset\EsetOnlineScanner\log.txt..habe es 1 h lang versucht, auch mit der Schreibweise "C:\Programme\Eset\EsetOnlineScanner\log.txt" und C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt..bekomme immer die Fehlermeldung auf der Yahoo Seite, das Windows diese Seite nicht anzeigen kann..Habe das Gleiche auch im Startmenue probiert, immer mit der Fehlermeldung, Windows kann dieses Programm nicht finden, bitte überprüfen sie die Schreibweise.. weiss nicht weiter.. schade, da ja eine Datei gefunden wurde..mach erst mal Schluss und Morgen weiter..Gute Nacht

cosinus · 16.01.2013, 14:40

Es ist doch sogar bebildert! Da muss man das doch hinkriegen!

buggerlux · 17.01.2013, 00:07

Hi Cosinus, ein Bekannter hat mir geholfen und wir haben ein Logfile auf meinem Laptop gefunden. Ob das die Richtige ist, keine Ahnung. Bin eigentlich nicht dumm..

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=1d1202d48d5cb2478782c407f99fac40
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-13 12:15:41
# local_time=2013-01-13 01:15:41 (+0100, Hora estándar romance)
# country="Spain"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 96 35456 223459431 28240 0
# compatibility_mode=5893 16776574 100 94 3749065 109665991 0 0
# scanned=370415
# found=1
# cleaned=0
# scan_time=19828
H:\Users\Usuario\AppData\Local\Temp\is2063840535\YontooSetup-DropDownDeals-SilentInstaller.exe	multiple threats (unable to clean)	9974203F4B01A56D0BF8DDA08F205E244DB37744	I

12.01.2013, 01:19	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virenfunde in Quarantäne file von Avira Erstell dir mal ein neues Profil und teste => Firefox-Profile erstellen und löschen \| Hilfe zu Firefox __________________ Logfiles bitte immer in CODE-Tags posten

12.01.2013, 14:02	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virenfunde in Quarantäne file von Avira Wie wärs mit der OFFIZIELLEN Seite?! Oder lädst du Software vom erstebesten Link? Hier gibt es den Firefox! => Mozilla Firefox Web Browser __________________ Logfiles bitte immer in CODE-Tags posten

16.01.2013, 14:40	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virenfunde in Quarantäne file von Avira Es ist doch sogar bebildert! Da muss man das doch hinkriegen! __________________ Logfiles bitte immer in CODE-Tags posten

Virenfunde in Quarantäne file von Avira

Log-Analyse und Auswertung: Virenfunde in Quarantäne file von Avira