Virenfunde in Quarantäne file von Avira

cosinus · 17.01.2013, 15:03

Den Fund kannst du ignorieren, ist nur in TMP
Leere die TEMPs mal mit TFC:

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

buggerlux · 17.01.2013, 17:19

Ok, hab ich gemacht. TFC ist gelaufen und ein Neustart wurde gemacht.

cosinus · 18.01.2013, 11:43

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

buggerlux · 20.01.2013, 03:06

Hi Cosinus, danke für den Tipp, werde ich in Zukunft mehr drauf achten.

In meinem Avira Quarantäne file sind noch immer die Virenfunde vom Anfang drin. Sollte ich die nicht löschen/löschen lassen??

Auch das Pishing ist noch / teilweise aktiv, denn immer wenn ich mich in die Lloydsbank einlogge und dann wieder auslogge, kommt ein Seite zum Relogin, und diese Seite ist dann nur noch Halbsicher, mit der Meldung, diese Seite enthält andere, unsichere und nicht sichere Resourcen, die während der Übertragung von anderen Nutzern angezeigt und von Angreifern bearbeitet werden, die das Layout dieser Seite verändern...oder so
Bedeutet das, das das Pishing noch immer aktiv ist??

Auch kann ich mich noch immer nicht sicher in das WOW (World of Warcraft) Konto einloggen, um Einzahlungen per Kreditkarte für meine Kids zu machen, da die sichere Seite einfach nicht mehr aufgeht und ich immer auf eine unsichere/offene Seite umgeleitet werde. Habe leider bis jetzt noch keinen sicheren Link gefunden, um ihn als Lesezeichen zu speichern (was ich mit allen wichtigen Programmen (auch LLoydsbank Login) gemacht habe.)

Wenn ich in Google z. B. einen Microsoft oder Mozilla link anklicke, werde ich IMMER auf offene nicht verschlüsselte Seiten geleitet, wie am Anfang, als ich hier bei euch anfragte. Das ist leider noch immer so. Deshalb auch zwischendurch die Frage nach einem sicheren Link, da ich zum Beispiel Mozilla auch nicht von einer verschlüsselten Seite runterladen kann, da die Seite die ich angezeigt bekomme so aussieht:

Linkanzeige bei Google (wobei Google verschlüsselt ist (https)):
www.mozilla.org/de/firefox/
gelinkte Seite:
hxxp://www.mozilla.org/de/firefox/new/ mit der Anzeige, Identität der Seite nicht bestätigt und unverschlüsselt.

Wenn ich jetzt von dieser Seite den Mozilla runterladen würde, denke ich, bekomme ich bestimmt wieder irgend ein Programm dazu, um mich auszuspionieren/Phishing oder sonst was. Liege ich da richtig??

MBAR und Gema sind abgestürzt am Anfang. Soll ich das noch mal wiederholen??

Also ich denke, das mein Problem noch besteht..

Danke erstmal und gute Nacht

cosinus · 20.01.2013, 19:48

Zitat:

In meinem Avira Quarantäne file sind noch immer die Virenfunde vom Anfang drin. Sollte ich die nicht löschen/löschen lassen??

Was habt ihr alle immer nur mit der Quarantäne?

Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

Zitat:

Also ich denke, das mein Problem noch besteht..

Eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

buggerlux · 20.01.2013, 21:24

Hi Cosinus, hier die Logfiles von OTL. Danke für deine Mühe.

Und wegen der Quarantäne files, da sind wohl ein paar dumme Sachen im Umlauf, die dann von solchen HTML Dummies wie mir geglaubt werden...

Code:

ATTFilter

OTL logfile created on: 20/01/2013 20:07:21 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\usuaria\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy
 
3,80 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 69,59% Memory free
7,60 Gb Paging File | 5,77 Gb Available in Paging File | 75,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281,05 Gb Total Space | 13,61 Gb Free Space | 4,84% Space Free | Partition Type: NTFS
Drive D: | 16,74 Gb Total Space | 2,42 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
 
Computer Name: USUARIA-HP | User Name: usuaria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\usuaria\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\25ee48eb497e73b0eaad5b8b4c365992\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c6fb88c8055653672314c29ca4b78a7e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cc19e0ff1b36ba7b634efdc5630a6926\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (wlcrasvc) -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (HP Wireless Assistant Service) -- C:\Archivos de programa\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (RtVOsdService) -- C:\Archivos de programa\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Archivos de programa\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/10
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes,DefaultScope = {60F87348-86E5-451B-9BF5-827962FDC2AA}
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes\{60F87348-86E5-451B-9BF5-827962FDC2AA}: "URL" = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes\{A5D006A4-2613-429B-9D18-7E69D1A47BBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\..\SearchScopes\{E3848119-4DC7-48D3-9206-9CB0B3FC721B}: "URL" = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\usuaria\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/16 11:04:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/13 03:59:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/16 11:04:29 | 000,000,000 | ---D | M]
 
[2013/01/13 04:00:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuaria\AppData\Roaming\mozilla\Extensions
[2013/01/13 03:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/01/05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/01/05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013/01/05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/01/05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/01/05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\usuaria\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\usuaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/01/10 16:45:47 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2051178920-43645615-1976691682-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - Startup: C:\Users\usuaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2051178920-43645615-1976691682-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{255B75DC-C912-48F5-A2E8-2DB43E870C9C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5586999B-4ED2-4C86-8077-0D81E07C6273}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/18 09:12:24 | 000,000,000 | ---D | C] -- C:\Users\usuaria\Desktop\Alte Firefox-Daten
[2013/01/17 17:12:36 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\usuaria\Desktop\TFC.exe
[2013/01/14 18:22:06 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{A175DB62-54AF-4664-A22E-D979D65933E6}
[2013/01/13 12:43:58 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{29A246F6-E75D-4B7B-82C6-1345186161B5}
[2013/01/13 03:59:51 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Roaming\Mozilla
[2013/01/13 03:59:51 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\Mozilla
[2013/01/13 03:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/01/13 03:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/01/12 19:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/01/12 19:38:51 | 002,322,184 | ---- | C] (ESET) -- C:\Users\usuaria\Desktop\esetsmartinstaller_enu.exe
[2013/01/10 16:45:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/10 10:45:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\usuaria\Desktop\OTL (1).exe
[2013/01/10 10:31:13 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/10 10:31:13 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 22:56:48 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{0736251E-37E9-44CF-9510-6DFA4C6E4202}
[2013/01/09 17:41:23 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 17:40:26 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 17:40:04 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 17:40:04 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 17:40:04 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 17:40:04 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 17:40:03 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 17:40:03 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 17:40:03 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 17:40:03 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 17:40:03 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 17:40:03 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 17:40:03 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 17:40:03 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 17:40:03 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 17:40:03 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 17:40:03 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 17:40:03 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 17:40:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 17:40:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 17:40:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 17:40:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 17:40:03 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 17:40:03 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 17:40:02 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 17:40:02 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 17:40:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 17:40:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 17:40:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 17:40:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 17:40:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 17:40:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 17:40:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 17:40:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 17:39:43 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 17:39:39 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 17:39:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 17:39:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 17:39:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 17:39:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 17:39:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 17:39:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 17:39:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 17:39:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 17:39:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 17:39:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 17:39:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 17:39:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 17:39:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 17:39:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 17:39:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 17:39:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 17:39:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 17:39:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 17:39:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 17:39:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 17:39:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 17:39:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 17:39:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 17:39:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 17:39:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 17:39:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 17:39:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 17:39:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 17:39:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 17:39:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/08 22:37:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/08 22:37:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/08 22:37:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/08 22:37:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/08 22:36:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/08 21:47:53 | 005,019,950 | R--- | C] (Swearware) -- C:\Users\usuaria\Desktop\ComboFix.exe
[2013/01/08 00:03:45 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\usuaria\Desktop\tdsskiller.exe
[2013/01/07 23:03:57 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\usuaria\Desktop\aswMBR.exe
[2013/01/04 00:43:28 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{8A4F1AA4-380E-45BD-B721-54A8CD167255}
[2012/12/30 17:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/12/30 17:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/12/29 18:30:31 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{97B0A534-45EA-49D5-88DD-40942E160041}
[2012/12/28 12:57:25 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\{2CB4DDF3-2864-4C29-9F8A-57ACAB5CC410}
[2012/12/28 06:40:42 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Roaming\Malwarebytes
[2012/12/28 06:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/28 06:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/28 06:40:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/28 06:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/28 06:38:39 | 000,000,000 | ---D | C] -- C:\Users\usuaria\AppData\Local\Programs
[2012/12/28 05:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/28 05:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2 C:\Users\usuaria\Desktop\*.tmp files -> C:\Users\usuaria\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/20 19:56:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 19:27:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 19:05:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/20 17:48:05 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 17:48:05 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 17:40:15 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/20 17:40:02 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/18 19:17:24 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUSUARIA-HP$.job
[2013/01/17 17:12:32 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\usuaria\Desktop\TFC.exe
[2013/01/14 18:46:43 | 001,557,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/14 18:46:43 | 000,704,518 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/01/14 18:46:43 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/14 18:46:43 | 000,138,226 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/01/14 18:46:43 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/14 10:29:29 | 000,002,255 | ---- | M] () -- C:\Users\usuaria\Desktop\Google Chrome.lnk
[2013/01/13 03:59:45 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/01/13 03:51:47 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForusuaria.job
[2013/01/12 19:38:45 | 002,322,184 | ---- | M] (ESET) -- C:\Users\usuaria\Desktop\esetsmartinstaller_enu.exe
[2013/01/12 16:39:58 | 000,011,976 | ---- | M] () -- C:\Users\usuaria\Desktop\215689_583354801681934_127937971_n.jpg
[2013/01/11 19:55:15 | 000,041,928 | ---- | M] () -- C:\Users\usuaria\Desktop\geburtstag-xl27.jpg
[2013/01/10 16:45:47 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/01/10 10:45:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\usuaria\Desktop\OTL (1).exe
[2013/01/10 10:26:27 | 000,303,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 18:24:23 | 000,554,087 | ---- | M] () -- C:\Users\usuaria\Desktop\adwcleaner.exe
[2013/01/08 23:27:45 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/08 23:27:45 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/08 21:46:53 | 005,019,950 | R--- | M] (Swearware) -- C:\Users\usuaria\Desktop\ComboFix.exe
[2013/01/08 00:03:02 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\usuaria\Desktop\tdsskiller.exe
[2013/01/07 23:03:48 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\usuaria\Desktop\aswMBR.exe
[2013/01/07 22:47:58 | 013,485,902 | ---- | M] () -- C:\Users\usuaria\Desktop\mbar-1.01.0.1011.zip
[2013/01/04 18:39:19 | 000,000,000 | ---- | M] () -- C:\Users\usuaria\defogger_reenable
[2012/12/30 17:34:02 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/12/28 06:40:32 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2 C:\Users\usuaria\Desktop\*.tmp files -> C:\Users\usuaria\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/13 03:59:45 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/13 03:59:45 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/01/12 16:39:57 | 000,011,976 | ---- | C] () -- C:\Users\usuaria\Desktop\215689_583354801681934_127937971_n.jpg
[2013/01/11 19:55:14 | 000,041,928 | ---- | C] () -- C:\Users\usuaria\Desktop\geburtstag-xl27.jpg
[2013/01/09 18:24:21 | 000,554,087 | ---- | C] () -- C:\Users\usuaria\Desktop\adwcleaner.exe
[2013/01/08 22:37:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/08 22:37:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/08 22:37:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/08 22:37:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/08 22:37:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/07 22:48:51 | 013,485,902 | ---- | C] () -- C:\Users\usuaria\Desktop\mbar-1.01.0.1011.zip
[2013/01/04 18:39:19 | 000,000,000 | ---- | C] () -- C:\Users\usuaria\defogger_reenable
[2012/12/30 17:34:02 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/12/28 06:40:32 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/28 05:52:54 | 000,002,255 | ---- | C] () -- C:\Users\usuaria\Desktop\Google Chrome.lnk
[2012/12/28 05:51:33 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/28 05:51:29 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/15 00:51:20 | 000,006,144 | ---- | C] () -- C:\Users\usuaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/03 02:13:04 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/01/03 16:29:57 | 001,584,422 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/19 01:33:05 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/12/16 11:00:14 | 000,244,490 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/12/16 11:00:14 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/12/07 15:33:22 | 000,017,408 | ---- | C] () -- C:\Users\usuaria\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Ist das die 2. logfile?

Code:

ATTFilter

OTL Extras logfile created on: 20/01/2013 20:07:21 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\usuaria\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy
 
3,80 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 69,59% Memory free
7,60 Gb Paging File | 5,77 Gb Available in Paging File | 75,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281,05 Gb Total Space | 13,61 Gb Free Space | 4,84% Space Free | Partition Type: NTFS
Drive D: | 16,74 Gb Total Space | 2,42 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
 
Computer Name: USUARIA-HP | User Name: usuaria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2051178920-43645615-1976691682-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08AC2105-1106-47D6-A7C6-9451FC4D790D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{12395484-D3B7-4D2D-B108-77EDA9F7F476}" = rport=137 | protocol=17 | dir=out | app=system | 
"{14406CF3-5995-4943-8AF2-7B73273DAC1F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{14B461CE-7382-42B7-8D6B-35EE0161F71C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2274A369-1028-4CAF-B39B-4C94119DA22F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{44379B13-2E51-4B40-B9A4-BE379853DEC2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4E2C07BE-DCD9-4321-B2EF-FB06A300E869}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{4F183B8B-D3DD-4BB6-8E08-8D4E0C2E76C5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{52CBFE9E-7D62-440E-BC04-877DD8FCD64B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7125DEF4-B4F3-4A2C-AB95-1E12FBF341AE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{73C9C0CA-9597-47BC-A7C0-8A2E7B4C416E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{76F12180-8944-4007-92DE-55A016A880F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{78A47875-D195-4E35-8069-7F6A22B06575}" = lport=138 | protocol=17 | dir=in | app=system | 
"{86A5379A-E36D-4360-A994-05BAA7AF603F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{96BA09F8-1D92-4275-AA6F-F805A6FD0096}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A1BC049-421F-41BC-AF47-44B0F380C53D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A9A81CEF-F7E4-46A9-8DD6-9FF605FD2D14}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AE473711-8E10-4C77-A4F4-EEF6191E82E0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B82B5744-F8D7-460E-97DA-76752554608B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C455599B-A223-4A2D-A9B1-933D9347A81E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CA4440CD-B369-4C13-896C-8880C830A63C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CCAFDF77-1ECD-4EA6-AC52-84EE2767CF13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D5560FFD-B1F8-4927-AECC-6BCCB6EF9605}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D94ACBB1-3A7D-4EFE-B554-F0CD6B82055A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E840FEAF-438D-496A-B070-DE9C0716A5D4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EEF137C6-214B-42F7-A1CA-D56759DE80CC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F2AFFE59-2472-4138-A64F-122CC76CEDEB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B38825-DC17-450C-94FA-DCE7878F23F5}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{05FD4F0E-58CC-4CD3-8E0B-30C962A3BE89}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0EF403D4-07C4-4D56-A579-5F8469044FA3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{10EE6459-51CF-45D6-92DC-5731F5C63C0D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{12C0C214-FBAF-48DC-ADFB-897A07D91B33}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{13101B93-E636-4F54-A12D-824F41D3C6D0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{13638D79-CCAD-491A-92E9-391B38329750}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{15255DA5-434A-4786-9836-29C832B0B50D}" = protocol=58 | dir=in | app=system | 
"{1BF19B1B-A047-4A6B-95CE-D94D4C919CB2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1DA964F6-1551-48A5-A405-063188612903}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E2632A3-420A-47D9-A60C-05EF81EDFE1C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{1EEE8CF0-8B96-4E63-B00B-296BE3E4C73C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{21583109-B642-4969-A008-319E103950C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{2517D0B3-4078-4207-BDA2-89D364E78F43}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{27466975-7AB7-45D4-B435-CA7B0853C3AD}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{274736CA-DF9E-4866-BC3D-1D322DFD9FA9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{34112EAB-1410-47F6-858D-C4E0A1EC5798}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{37682735-E95C-4D26-A21C-F1593FD3FBBD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3D4F8FD0-4CBA-4216-870D-5DD675D2C860}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4D121459-ED07-4408-9F78-99FF14A1DA50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{4DA4C203-C47B-489D-A324-DC89B6D3FC93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{59A8A70B-5CC0-4D30-A5B9-847D2376C763}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{630D70FE-116C-4DC4-AF1A-19B91A25CD69}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{6B31CD0D-5BF2-46FE-8B18-30852A258A55}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{6E083F55-16B6-4203-8420-44BF2C9F8379}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{769F4D23-3BBC-4BF7-8F00-80B93033E278}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{84C98A09-C759-4DD4-9E2A-4E206D7E9903}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DB05E65-3D25-4F7D-A18D-3729A1F30B37}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8DD2A18B-0605-4D95-B185-DEE21D410BEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8FF88F84-7B4A-4D0F-88CC-9320C3C97103}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{92FC2579-C1C6-494D-B8F3-5E35C18A08A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{95834211-9C21-4F39-AC8F-BD895513CF51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{9C2E032A-A163-457C-904F-0B7FB9DCE203}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{9CEBC2E0-20BC-473B-B55C-A74F766DC701}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9E34B6B7-4096-42B7-BFCA-C6DB0DF6ED59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{A237B703-B061-4917-9CED-66DBBA6179DF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC55B16E-BF4D-46EA-A1A3-BD3622F1D586}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{B4CD46C4-F0B6-429C-B24F-BABB03F0CB00}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B63A085B-A0A1-43DA-A2AC-C647E21075F9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B855F89A-E487-4564-B1C9-B86B76267DBA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{BC3417DC-9463-4333-8C68-2572E21F1C99}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C0FE1E5D-40BA-4146-A86E-BB3254C4F0D0}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{C7631890-2EAF-4822-9CFE-D24134263ECD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{D424A0C8-70FE-47FA-A6A6-894C7A10FB4A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DDCA07EA-3C88-4018-9853-935F0A8EEF44}" = protocol=6 | dir=out | app=system | 
"{DE130FF7-DA25-45A0-BF00-D52D640E4ECE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{DEDB7083-768E-4B70-95BC-813643FBACAC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{E353446C-0D10-4A30-BF91-128785F67564}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E66C4D90-0EF5-452F-876D-F1C04F31E22F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{E8D7D97C-9A84-4670-9119-D8E3220447E7}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{F067FF26-8555-48E9-B31D-D5C26193FC3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F4C1D810-7D3F-49C1-AF41-FAAEE3A6F476}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{F71DDD05-1031-47D9-87AA-4F5813494034}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{F98C2737-FA3E-4F8C-B885-1458F8B8DB9E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{FEDBAB3A-11BD-461F-A1C4-4DCF48C55C4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{FF0DEC12-B896-4E87-BE7A-B348825696EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1795BAA8-65EC-66D0-9DA4-D4B1FBE7700E}" = ATI Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B72AB8-52E9-4D34-99A9-BC7377EB35DE}" = HP Wireless Assistant
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0C0A-1000-0000000FF1CE}" = Hacer clic y ejecutar de Microsoft Office 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B601929F-3A47-4F37-8D1E-EAD1481BE5EA}" = ccc-utility64
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{C3C912BB-BF4B-3788-8A19-DA5B999CE0C6}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02FC8489-58FB-2628-768A-2CE172A37D7D}" = Catalyst Control Center Graphics Previews Common
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08F1513E-2113-06C5-583A-FB1DE0E64AE6}" = CCC Help Chinese Standard
"{0AB910A1-042A-D781-3779-2A4DC383BF0F}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D619D56-854C-F5D1-A134-4EB72974E09E}" = CCC Help Thai
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{144AAC2E-410C-6F23-5EC4-CB96049DD1D4}" = CCC Help Finnish
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1AF5A6D6-266D-9A24-D13A-5A50B2182645}" = CCC Help Norwegian
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A54B824-C32C-A931-17CB-A74B54E28AAE}" = CCC Help Spanish
"{2BED1172-6F40-1090-C681-26FEEF383E14}" = ccc-core-static
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F1E1F4D-B5CC-CA5D-2035-3A464BB053C3}" = CCC Help English
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3234355B-963B-99FE-EECA-8A034781AF15}" = CCC Help Polish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C302D80-4540-BA36-7167-8B59EC0BB9F4}" = CCC Help Korean
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41136F4A-3C71-7F9F-7ECA-4E2C2D6C216F}" = CCC Help Dutch
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4D66BBCA-8E0A-5FF3-4206-3BEA432FB1E9}" = CCC Help Turkish
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{543F949F-2B95-448F-9F2E-56F0C5FF8E2C}" = Catalyst Control Center - Branding
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66E2396F-1392-BECA-37D7-6C4AECED9668}" = CCC Help Russian
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{76896231-3040-4D77-B0D4-87D2256AC0CB}" = OpenOffice.org 3.2
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}" = Microsoft Small Basic v1.0
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E918D75-2600-0674-ADC2-4722D7F37018}" = CCC Help Italian
"{824A35FE-EAB8-48E5-89EC-94D7D730C5FB}" = HP Software Framework
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0C0A-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Español
"{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0C0A-0000-0000000FF1CE}" = Visor de Microsoft PowerPoint
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C632E6D-C984-75B8-DE46-8E495E179314}" = CCC Help Portuguese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A1A5DA17-C6A6-897E-2EBB-8BACE074FA10}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A5EFB5BD-5B8C-813B-711E-4C068721281F}" = CCC Help Danish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{B0B3A2CE-C337-E33B-F24E-A8BDCA644D03}" = Catalyst Control Center Localization All
"{B360E24A-BF25-4353-AA79-1B54F509024A}" = HP Documentation
"{B635B0A0-8C8B-4492-E54A-85CA5DC5CAC2}" = CCC Help Japanese
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAB3C6F6-8C54-BFE0-A570-1E471ACE00B5}" = Catalyst Control Center Graphics Previews Vista
"{BB9344E4-C629-7E36-6248-EAF3F7AFCB95}" = CCC Help Chinese Traditional
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45DB0E4-E813-1584-9670-ADF85214596E}" = CCC Help French
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DB15EA7D-B263-1B9B-0C3E-25BE7D15C551}" = PX Profile Update
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EE07C46F-278A-412C-4687-54963CBC5862}" = CCC Help Hungarian
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFD35B3A-0296-864F-C78F-910CD41B1C32}" = CCC Help Greek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8504F00-2C61-0FA1-8E17-AADA786A164F}" = CCC Help German
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE363238-928A-113D-0318-4F7CEBB88715}" = Catalyst Control Center InstallProxy
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"EasyBits Magic Desktop" = Magic Desktop
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"jZip" = jZip
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Hacer clic y ejecutar de Microsoft Office 2010
"VLC media player" = VLC media player 1.1.11
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2051178920-43645615-1976691682-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23/09/2012 19:59:25 | Computer Name = usuaria-HP | Source = VSS | ID = 8193
Description = 
 
Error - 24/09/2012 3:51:17 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files 
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
 manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" en la línea 3.  El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 del atributo "version" del elemento "assemblyIdentity" no es válido.
 
Error - 24/09/2012 13:02:07 | Computer Name = usuaria-HP | Source = CVHSVC | ID = 100
Description = Solo información.  (Patch task for {90140011-0066-0C0A-0000-0000000FF1CE}):
 DownloadLatest Failed: No se pudo resolver el nombre de servidor o su dirección

 
Error - 25/09/2012 3:49:52 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files 
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
 manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" en la línea 3.  El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 del atributo "version" del elemento "assemblyIdentity" no es válido.
 
Error - 27/09/2012 4:33:15 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files 
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
 manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" en la línea 3.  El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 del atributo "version" del elemento "assemblyIdentity" no es válido.
 
Error - 29/09/2012 19:51:04 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files 
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
 manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" en la línea 3.  El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 del atributo "version" del elemento "assemblyIdentity" no es válido.
 
Error - 02/10/2012 5:39:13 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files 
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
 manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" en la línea 3.  El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 del atributo "version" del elemento "assemblyIdentity" no es válido.
 
Error - 05/10/2012 4:24:04 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files 
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
 manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" en la línea 3.  El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 del atributo "version" del elemento "assemblyIdentity" no es válido.
 
Error - 05/10/2012 18:31:20 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files 
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
 manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" en la línea 3.  El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 del atributo "version" del elemento "assemblyIdentity" no es válido.
 
Error - 08/10/2012 4:19:07 | Computer Name = usuaria-HP | Source = SideBySide | ID = 16842815
Description = Error al generar el contexto de activación para "c:\Program Files 
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Error en el archivo de
 manifiesto o directiva "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" en la línea 3.  El valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 del atributo "version" del elemento "assemblyIdentity" no es válido.
 
[ Hewlett-Packard Events ]
Error - 07/07/2012 7:11:52 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 21/07/2012 8:33:33 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 25/08/2012 10:30:14 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 01/09/2012 9:27:35 | Computer Name = usuaria-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   en HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   en HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 El objeto '/5724be89_fc37_4ff9_8720_2e995076e4d6/lzdfk24fml2qoonod_kyts6a_5.rem'
 se desconectó o no existe en el servidor.    Name: hpsa_service.exe  Version: 06.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe  Format:
 es-ES  RAM: 3893  Ram Utilization: 50  TargetSite: Void UpdateDetail(System.String)  
 
Error - 04/10/2012 2:18:36 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 10/11/2012 11:02:42 | Computer Name = usuaria-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   en HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     en HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   en HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 El objeto '/92d7dd3c_9a95_4855_8e81_d7ebe9a8b022/ok7x6zwn7rtup9jjswp7tequ_5.rem'
 se desconectó o no existe en el servidor.    Name: hpsa_service.exe  Version: 06.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe  Format:
 es-ES  RAM: 3893  Ram Utilization: 60  TargetSite: Void UpdateDetail(System.String)  
 
Error - 17/11/2012 4:11:17 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 01/12/2012 4:38:34 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 08/12/2012 7:16:37 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 30/12/2012 12:37:37 | Computer Name = usuaria-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   en HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Referencia a objeto no establecida como instancia de un objeto.  StackTrace:   en
 HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: es-ES  RAM: 3893
Ram
 Utilization: 50  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 
[ HP Wireless Assistant Events ]
Error - 06/09/2012 19:51:43 | Computer Name = usuaria-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    en HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     en HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 03/01/2013 12:22:33 | Computer Name = usuaria-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    en HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     en HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
[ System Events ]
Error - 13/01/2013 11:10:03 | Computer Name = usuaria-HP | Source = BROWSER | ID = 8032
Description = 
 
Error - 13/01/2013 12:03:23 | Computer Name = usuaria-HP | Source = bowser | ID = 8003
Description = 
 
Error - 13/01/2013 18:43:54 | Computer Name = usuaria-HP | Source = BROWSER | ID = 8032
Description = 
 
Error - 13/01/2013 20:40:48 | Computer Name = usuaria-HP | Source = bowser | ID = 8003
Description = 
 
Error - 15/01/2013 12:32:22 | Computer Name = usuaria-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 16/01/2013 18:50:58 | Computer Name = usuaria-HP | Source = Service Control Manager | ID = 7009
Description = Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio
 Skype C2C Service.
 
Error - 16/01/2013 18:51:01 | Computer Name = usuaria-HP | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio HPWMISVC.
 
Error - 18/01/2013 3:29:22 | Computer Name = usuaria-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 18/01/2013 22:52:32 | Computer Name = usuaria-HP | Source = EventLog | ID = 6008
Description = El cierre anterior del sistema a las 21:02:28 del ?18/?01/?2013 resultó
 inesperado.
 
Error - 19/01/2013 8:35:47 | Computer Name = usuaria-HP | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
 del servicio lmhosts.
 
 
< End of report >

buggerlux · 21.01.2013, 01:54

Hab ich wohl vergessen..

cosinus · 21.01.2013, 10:06

Zitat:

Zitat von buggerlux

Hab ich wohl vergessen..

Ähm, was hast du vergessen?

buggerlux · 22.01.2013, 08:22

die 2. logfile..

cosinus · 22.01.2013, 10:43

Ist für mich unauffällig. Mit welchen Browsern hast du das Problem, mit allen oder nur mit einem?

Wiederhol auch nochmal MBAR und GMER bitte

buggerlux · 22.01.2013, 15:22

Hi Cosinus, werde ich gleich machen.

Habe heute eine Fehlermeldung bekommen, als ich auf die offizielle Seite von HP zugreifen wollte, um mir einen Treiber runterzuladen, das ich auf die Seite umgeleitet werden soll:
a248.e.akamai.net..Kennst du diese Seite?? Passierte früher öfter, jetzt nur noch manchmal..

cosinus · 22.01.2013, 15:27

Guckst du! => Akamai

buggerlux · 22.01.2013, 23:40

ahhhh ok..

Gmer ist beim ersten Lauf gecrashed, aber beim 2. mal ist GMER durchgelaufen.. hier die Logfiles:

Code:

ATTFilter

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-22 23:37:14
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.0006 298,09GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\usuaria\AppData\Local\Temp\kxliikow.sys


---- User code sections - GMER 2.0 ----

.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                  0000000077101401 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                    0000000077101419 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                  0000000077101431 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                  000000007710144a 2 bytes [10, 77]
.text    ...                                                                                                                                                       * 9
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                     00000000771014dd 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                              00000000771014f5 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                     000000007710150d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                              0000000077101525 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                    000000007710153d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                         0000000077101555 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                  000000007710156d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                    0000000077101585 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                       000000007710159d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                    00000000771015b5 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                  00000000771015cd 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                              00000000771016b2 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                              00000000771016bd 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000077101401 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000077101419 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000077101431 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007710144a 2 bytes [10, 77]
.text    ...                                                                                                                                                       * 9
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000771014dd 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000771014f5 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007710150d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000077101525 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007710153d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000077101555 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007710156d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000077101585 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007710159d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000771015b5 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000771015cd 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000771016b2 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000771016bd 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                 0000000077101401 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                   0000000077101419 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                 0000000077101431 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                 000000007710144a 2 bytes [10, 77]
.text    ...                                                                                                                                                       * 9
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                    00000000771014dd 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                             00000000771014f5 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                    000000007710150d 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                             0000000077101525 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                   000000007710153d 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                        0000000077101555 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                 000000007710156d 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                   0000000077101585 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                      000000007710159d 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                   00000000771015b5 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                 00000000771015cd 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                             00000000771016b2 2 bytes [10, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                             00000000771016bd 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                              0000000077101401 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                0000000077101419 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                              0000000077101431 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                              000000007710144a 2 bytes [10, 77]
.text    ...                                                                                                                                                       * 9
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                 00000000771014dd 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                          00000000771014f5 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                 000000007710150d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                          0000000077101525 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                000000007710153d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                     0000000077101555 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                              000000007710156d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                0000000077101585 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                   000000007710159d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                00000000771015b5 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                              00000000771015cd 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                          00000000771016b2 2 bytes [10, 77]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                          00000000771016bd 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                  0000000077101401 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                    0000000077101419 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                  0000000077101431 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                  000000007710144a 2 bytes [10, 77]
.text    ...                                                                                                                                                       * 9
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                     00000000771014dd 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                              00000000771014f5 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                     000000007710150d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                              0000000077101525 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                    000000007710153d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                         0000000077101555 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                  000000007710156d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                    0000000077101585 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                       000000007710159d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                    00000000771015b5 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                  00000000771015cd 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                              00000000771016b2 2 bytes [10, 77]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                              00000000771016bd 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17              0000000077101401 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                0000000077101419 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17              0000000077101431 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42              000000007710144a 2 bytes [10, 77]
.text    ...                                                                                                                                                       * 9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                 00000000771014dd 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17          00000000771014f5 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                 000000007710150d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17          0000000077101525 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                000000007710153d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                     0000000077101555 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17              000000007710156d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                0000000077101585 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                   000000007710159d 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                00000000771015b5 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17              00000000771015cd 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20          00000000771016b2 2 bytes [10, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31          00000000771016bd 2 bytes [10, 77]

---- Threads - GMER 2.0 ----

Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1804:2644]                                                                                      00000000739ee2db
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1804:2828]                                                                                      0000000071ab8de0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1804:2904]                                                                                      0000000071ab8de0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1804:2924]                                                                                      0000000071ab8de0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1804:2928]                                                                                      0000000071ab4e00
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [4288:4364]                                                                                        000000006f8c8d07
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [4288:4368]                                                                                        000000006f8c8fdc
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [4288:4372]                                                                                        000000006f8c88f0
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [5808:5880]                                                                           000007fef0df2264
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [5808:5884]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [5808:5904]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [5808:5908]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [5808:5912]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [5808:5916]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [5808:5924]                                                                           000007fef0f1e43c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [5808:5928]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [5808:5932]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [5808:5936]                                                                           000007fef0f49754
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [5808:6092]                                                                           000007fef141af10
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [5808:5736]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:6040]                                                                           000007fef0df2264
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:6044]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:6068]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:6072]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:6076]                                                                           000007fef0f1e43c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:6080]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:6084]                                                                           000007fef141af10
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:6100]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:6104]                                                                           000007fefb852a88
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:6108]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:6112]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:6116]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:6120]                                                                           000007fef0f49754
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:6136]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:5160]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:2712]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:2860]                                                                           000007fef0ded73c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956:1700]                                                                           000007fef0ded73c
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1804]                                                                  0000000072fd0000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [1836]                                                       00000000734d0000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [4288]                                                                    0000000073e30000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [5808]                                                       000007fefe710000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5956]                                                       000007fefe710000
Library  ? (*** suspicious ***) @ C:\Windows\system32\sppsvc.exe [3324]                                                                                            000007feeba00000

---- Disk sectors - GMER 2.0 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                     unknown MBR code

---- EOF - GMER 2.0 ----

mbar.exe bringt eine Fehlermeldung:

Das Programm kann nicht gestartet werden weil QtGui4.dll auf Ihrem Computer fehlt. Bitte installieren sie dieses Programm, um dieses Problem zu beheben.

Zitat:

Zitat von cosinus

Mit welchen Browsern hast du das Problem, mit allen oder nur mit einem?

Soweit ich das einschätzen kann, mit Google/Chrome..der einzige Browser den ich regelmässig benutze. Habe den Mozilla ausprobiert, auch dort werde ich nicht immer auf verschlüsselte Seiten weitergeleitet..Mit dem Explorer bekomme ich ein HP Zeichen im Suchfenster, aber bei der Sicherheitsbestätigung bekomme ich gesagt, das die Seite undefiniert ist..Wahrscheinlich dann eben auch nicht die offizielle Seite von Hp..(z.B.)

So gesehen, dann wohl mit allen Browsern..

cosinus · 23.01.2013, 12:56

Ich glaub da ist noch was im MBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

buggerlux · 23.01.2013, 16:50

Hi Cosinus, die aswMBR.txt kann ich nicht öffnen, um sie zu posten..

Was ist den das fûr ein Programm, das ich brauche, um das Format zu öffnen???? Mano, auf dem neuen Laptop ist ja wirklich gar nichts drauf..

Wie kann man denn hier einen Anhang posten??? Wunder wunder..

22.01.2013, 10:43	#40
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virenfunde in Quarantäne file von Avira Ist für mich unauffällig. Mit welchen Browsern hast du das Problem, mit allen oder nur mit einem? Wiederhol auch nochmal MBAR und GMER bitte __________________ Logfiles bitte immer in CODE-Tags posten

22.01.2013, 15:27	#42
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virenfunde in Quarantäne file von Avira Guckst du! => Akamai __________________ Logfiles bitte immer in CODE-Tags posten

Virenfunde in Quarantäne file von Avira

Log-Analyse und Auswertung: Virenfunde in Quarantäne file von Avira