Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Alle PC's im Netz sehr langsam, hohe CPU Auslastung

Alle PC's im Netz sehr langsam, hohe CPU Auslastung


Log-Analyse und Auswertung: Alle PC's im Netz sehr langsam, hohe CPU Auslastung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.09.2011, 13:45   #1
Santelmo
 
Alle PC's im Netz sehr langsam, hohe CPU Auslastung - Standard

Alle PC's im Netz sehr langsam, hohe CPU Auslastung


Hallo,

habe nun die tools aus dem Leitfaden ausgeführt und füge hier nun die Logfiles mit auf.

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05/09/2011 10:44:26 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Documents and Settings\osane\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,06% Memory free
3,85 Gb Paging File | 3,24 Gb Available in Paging File | 84,14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 111,78 Gb Total Space | 68,40 Gb Free Space | 61,19% Space Free | Partition Type: NTFS
Drive D: | 142,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PCOSANE | User Name: osane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/09/05 10:27:26 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\osane\Escritorio\OTL.exe
PRC - [2011/09/01 13:17:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/01 13:17:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/17 11:35:44 | 000,667,136 | ---- | M] () -- C:\TS\DAT\CLICM1AES.exe
PRC - [2010/11/17 11:35:42 | 000,451,072 | ---- | M] (Amadeus) -- C:\TS\DAT\CLICM1AESexec.exe
PRC - [2010/09/14 16:59:26 | 000,232,368 | ---- | M] (AMADEUS) -- C:\Archivos de programa\Automatic Update\AutoUpdateGUI.exe
PRC - [2010/09/14 16:59:14 | 000,218,024 | ---- | M] (Amadeus) -- C:\Archivos de programa\Automatic Update\AutoUpdate.exe
PRC - [2010/08/17 13:38:24 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:07 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/11 18:25:50 | 000,078,848 | ---- | M] () -- C:\TS\DAT\CLICM1AESService.exe
PRC - [2009/10/14 14:33:00 | 000,470,016 | ---- | M] (Terminal Systems, S.A.) -- C:\TS\DAT\SaviaUpd.exe
PRC - [2009/09/22 18:12:38 | 000,052,888 | ---- | M] () -- C:\Archivos de programa\VIA\RAID\vialogsv.exe
PRC - [2008/04/14 08:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Archivos de programa\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/04/25 12:18:30 | 000,065,536 | ---- | M] () -- C:\TS\DAT\Supdsrc.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/06/06 12:55:32 | 000,301,056 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.ESP
MOD - [2010/11/17 11:35:44 | 000,667,136 | ---- | M] () -- C:\TS\DAT\CLICM1AES.exe
MOD - [2010/06/17 15:27:42 | 000,355,688 | ---- | M] () -- C:\Archivos de programa\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/03/12 13:17:39 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_30df5992\mscorlib.dll
MOD - [2010/03/12 13:17:35 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_8e2992b9\system.drawing.dll
MOD - [2010/03/12 13:17:05 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_7a774de0\system.xml.dll
MOD - [2010/03/12 13:12:35 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_b9b45223\system.windows.forms.dll
MOD - [2010/03/12 13:12:05 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_faddcb8e\system.dll
MOD - [2010/03/12 13:11:49 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/03/12 13:11:47 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010/01/11 18:25:50 | 000,078,848 | ---- | M] () -- C:\TS\DAT\CLICM1AESService.exe
MOD - [2009/09/23 10:23:56 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009/09/23 10:23:56 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2009/09/23 10:23:55 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2009/09/23 10:23:55 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2009/09/23 10:23:54 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009/09/23 09:42:39 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_es_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/09/23 09:42:38 | 000,180,224 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_es_b77a5c561934e089\system.windows.forms.resources.dll
MOD - [2009/09/22 18:12:38 | 000,581,632 | ---- | M] () -- C:\Archivos de programa\VIA\RAID\Language.dll
MOD - [2009/09/22 18:12:38 | 000,196,608 | ---- | M] () -- C:\Archivos de programa\VIA\RAID\drvInterface.dll
MOD - [2009/09/22 18:12:38 | 000,052,888 | ---- | M] () -- C:\Archivos de programa\VIA\RAID\vialogsv.exe
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll
MOD - [2009/08/05 11:45:04 | 000,106,312 | ---- | M] () -- C:\Archivos de programa\Microsoft Office\OFFICE11\OUTLCTL.DLL
MOD - [2007/05/15 02:32:10 | 000,921,600 | ---- | M] () -- C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AdistRes.ESP
MOD - [2007/05/15 02:31:13 | 001,404,928 | ---- | M] () -- C:\Archivos de programa\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.ESP
MOD - [2007/05/10 22:25:20 | 002,469,888 | ---- | M] () -- C:\Archivos de programa\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2005/04/25 12:18:30 | 000,065,536 | ---- | M] () -- C:\TS\DAT\Supdsrc.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (LVPrcSrv)
SRV - [2011/09/01 13:17:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/01 13:17:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/14 16:59:14 | 000,218,024 | ---- | M] (Amadeus) [Auto | Running] -- C:\Archivos de programa\Automatic Update\AutoUpdate.exe -- (Amadeus Automatic Update)
SRV - [2010/01/11 18:25:50 | 000,078,848 | ---- | M] () [Auto | Running] -- C:\TS\DAT\CLICM1AESService.exe -- (CM1AES Client Services)
SRV - [2009/09/29 09:40:10 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Archivos de programa\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2009/09/23 11:03:42 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/22 18:12:38 | 000,052,888 | ---- | M] () [Auto | Running] -- C:\Archivos de programa\VIA\RAID\vialogsv.exe -- (VRAID Log Service)
SRV - [2006/11/15 23:05:40 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Archivos de programa\Archivos comunes\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2005/04/25 12:18:30 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\TS\DAT\Supdsrc.exe -- (Savia Update)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/09/01 13:17:17 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/01 13:17:17 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:42 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:32 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/09/22 18:12:40 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008/04/14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/11/15 23:02:50 | 001,962,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/15 23:00:56 | 001,678,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/11 04:48:00 | 000,040,352 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/11 04:43:15 | 000,933,536 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2006/11/11 04:43:15 | 000,013,344 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/05/03 17:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://es.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C D1 6B 09 64 3C CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Archivos de programa\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\osane\Configuración local\Datos de programa\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\osane\Configuración local\Datos de programa\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2011/09/05 10:23:17 | 000,000,050 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 10.14.55.66     comserv
O1 - Hosts: 192.168.1.4     amadeus
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Anexar a PDF existente - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir a Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir destino de vínculo en archivo Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir selección a Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir selección a archivo PDF existente - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir vínculos seleccionados a Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O15 - HKLM\..Trusted Domains: amadeus.com ([content] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amadeus.net ([content.1a] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amadeusproweb.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: amadeusvista.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: amadeusvista.com ([Muc.http.farm6.software] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amadeusvista.com ([Muc.http.farm8.software] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amadeusvista.com ([Muc.https.farm11.software] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amadeusvista.com ([Muc.https.farm5.software] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amadeus.com ([]http in Sitios de confianza)
O15 - HKCU\..Trusted Domains: amadeus.net ([]http in Sitios de confianza)
O15 - HKCU\..Trusted Domains: amadeusproweb.com ([]http in Sitios de confianza)
O15 - HKCU\..Trusted Domains: amadeusvista.com ([]http in Sitios de confianza)
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} file:///D:/VISTA/SELLING%20PLATFORM%203.1P131ES%20(Spanish)/html/Silent_AutoUpdateATL26P220.cab (Amadeus Automatic Update)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} https://my.sabre.com/jars/TMinReqX.dll (TMinReq Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282551731062 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CE306811-265E-4AC4-8DD4-712F2AF5A98E} hxxp://www-origin.a3software.com/a3ftp/a3ftp.CAB (A3SOFT.A3FTP)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F96020DD-C373-44A0-82B6-064EF0AEEAE3} hxxp://1a.certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab (RegSiteClientTools Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0E0F00D-2218-4763-851B-9C31A3211194}: NameServer = 194.224.52.36,194.224.52.37
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Archivos de programa\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Archivos de programa\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/22 17:25:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eaff67ab-277d-11df-9d42-00112fcec5ff}\Shell\AutoRun\command - "" = E:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{eaff67ab-277d-11df-9d42-00112fcec5ff}\Shell\Option1\Command - "" = E:\hbcd\wintools\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Generación de gráficos vectoriales (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Enlace dinámico de datos HTML para Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autoría avanzada
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Clases Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Carpetas Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {7F23B247-895C-1953-124D-8B06D2F3D774} - DirectX
ActiveX: {83169D43-4660-4347-BC95-E9D6E6BE65CE} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Programador de tareas
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "wscsvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de HP Photosmart Premier.lnk - C:\Archivos de programa\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Archivos de programa\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Archivos de programa\Winamp\winampa.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/09/05 10:27:16 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\osane\Escritorio\OTL.exe
[2011/09/01 12:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Avira
[2011/09/01 12:37:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/09/01 12:37:49 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/09/01 12:37:49 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/09/01 12:37:49 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/09/01 12:37:49 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/09/01 12:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Avira
[2011/09/01 12:37:48 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Avira
[2011/09/01 10:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Trend Micro
[2011/09/01 10:44:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\aucache
[2011/09/01 09:55:36 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Trend Micro
[2011/09/01 09:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\osane\Datos de programa\InstallShield
[2011/09/01 09:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\osane\Escritorio\WFBS70
[2011/09/01 09:14:57 | 764,990,312 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\osane\Escritorio\WFBS70_ES_GM_Repack_B1437R3.exe
[2011/09/01 09:07:07 | 001,016,120 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\osane\Escritorio\WFBS_70_ES_Downloader_B1437R3.exe
[2011/08/31 11:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\osane\Mis documentos\Downloads
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/09/05 10:47:00 | 000,000,492 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{93E5A402-1493-4229-95E0-F52BA0CB9E68}.job
[2011/09/05 10:27:26 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\osane\Escritorio\OTL.exe
[2011/09/05 10:23:17 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/05 10:23:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts
[2011/09/05 10:22:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/05 10:22:22 | 2147,057,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/05 10:18:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\osane\defogger_reenable
[2011/09/05 10:14:01 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\osane\Escritorio\Defogger.exe
[2011/09/05 10:11:41 | 000,048,912 | ---- | M] () -- C:\Documents and Settings\osane\intlname.ols
[2011/09/05 09:51:20 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\osane\irisplus-iplusdcs.properties
[2011/09/05 09:42:18 | 000,385,099 | ---- | M] (Sabre Holdings) -- C:\WINDOWS\emuapi.dll
[2011/09/05 09:41:40 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/09/05 09:41:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.bak
[2011/09/05 09:41:17 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\osane\sslvpn-config.properties
[2011/09/05 09:37:02 | 000,000,488 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{465DD096-E3FC-4B9C-ABC1-E2EF744B8399}.job
[2011/09/05 09:31:48 | 000,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-299502267-839522115-1006UA.job
[2011/09/05 09:30:34 | 000,002,338 | ---- | M] () -- C:\Documents and Settings\osane\Escritorio\Google Chrome.lnk
[2011/09/05 09:16:07 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/02 14:22:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-299502267-839522115-1006Core.job
[2011/09/01 13:17:17 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/09/01 13:17:17 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/09/01 12:38:37 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Avira AntiVir Control Center.lnk
[2011/09/01 12:29:32 | 000,493,630 | ---- | M] () -- C:\WINDOWS\System32\perfh0c0.dat
[2011/09/01 12:29:32 | 000,426,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/01 12:29:32 | 000,094,462 | ---- | M] () -- C:\WINDOWS\System32\perfc0c0.dat
[2011/09/01 12:29:32 | 000,071,468 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/01 12:07:17 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\osane\Datos de programa\wfbshelp.ini
[2011/09/01 10:39:14 | 000,495,150 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2011/09/01 10:39:14 | 000,095,158 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2011/09/01 09:28:58 | 764,990,312 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\osane\Escritorio\WFBS70_ES_GM_Repack_B1437R3.exe
[2011/09/01 09:07:08 | 001,016,120 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\osane\Escritorio\WFBS_70_ES_Downloader_B1437R3.exe
[2011/08/31 13:40:25 | 000,554,190 | ---- | M] () -- C:\WINDOWS\umcat_01.db
[2011/08/16 09:15:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/09/05 10:18:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\osane\defogger_reenable
[2011/09/05 10:14:01 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\osane\Escritorio\Defogger.exe
[2011/09/01 12:38:37 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Avira AntiVir Control Center.lnk
[2011/09/01 12:15:18 | 2147,057,664 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/01 10:39:12 | 000,493,630 | ---- | C] () -- C:\WINDOWS\System32\perfh0c0.dat
[2011/09/01 10:39:12 | 000,094,462 | ---- | C] () -- C:\WINDOWS\System32\perfc0c0.dat
[2011/09/01 09:29:11 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\osane\Datos de programa\wfbshelp.ini
[2011/08/31 12:19:03 | 000,554,190 | ---- | C] () -- C:\WINDOWS\umcat_01.db
[2011/02/21 09:49:20 | 000,000,057 | ---- | C] () -- C:\WINDOWS\SABRE.INI
[2010/11/20 12:35:09 | 000,003,796 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/20 12:29:20 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/11/19 14:19:26 | 000,042,594 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/11/19 14:07:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/19 16:45:09 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\osane\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/26 12:07:16 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/26 12:07:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/26 12:07:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/26 12:07:16 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/26 12:07:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/07 11:49:36 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2009/12/10 12:41:27 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2009/10/07 13:16:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/01 11:55:27 | 000,003,094 | ---- | C] () -- C:\WINDOWS\1aAutoUpdate.ini
[2009/09/29 11:38:43 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\osane\Configuración local\Datos de programa\fusioncache.dat
[2009/09/29 11:32:03 | 000,110,764 | ---- | C] () -- C:\WINDOWS\hpgins13.dat
[2009/09/29 11:32:03 | 000,000,173 | ---- | C] () -- C:\WINDOWS\hpgmdl13.dat
[2009/09/24 10:36:46 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\VSHP2600.DLL
[2009/09/24 10:36:45 | 011,210,752 | R--- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL
[2009/09/24 10:36:45 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\AGISSI.DLL
[2009/09/24 10:36:45 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\ZSHP2600.EXE
[2009/09/24 10:36:45 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\ZHHP2600.EXE
[2009/09/24 09:56:39 | 000,696,637 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2009/09/24 09:56:39 | 000,107,976 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/09/23 12:37:40 | 000,154,178 | ---- | C] () -- C:\WINDOWS\Owl31.dll
[2009/09/23 12:37:40 | 000,144,314 | ---- | C] () -- C:\WINDOWS\Bc30rtl.dll
[2009/09/23 12:37:40 | 000,068,444 | ---- | C] () -- C:\WINDOWS\Tclass31.dll
[2009/09/23 12:37:40 | 000,025,344 | ---- | C] () -- C:\WINDOWS\PCSHLL.DLL
[2009/09/23 09:14:26 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/22 18:27:06 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/09/22 18:21:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/09/22 17:28:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/22 17:22:27 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/22 17:15:13 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/22 17:14:01 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/15 23:00:56 | 001,678,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/04/28 21:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/19 14:58:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/04/11 13:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/24 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/24 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/24 13:00:00 | 000,495,150 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2002/09/24 13:00:00 | 000,426,562 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/24 13:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2002/09/24 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/24 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/24 13:00:00 | 000,095,158 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2002/09/24 13:00:00 | 000,071,468 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/24 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/24 13:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2002/09/24 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/24 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/24 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2009/10/01 11:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Amadeus
[2010/02/26 13:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Danware Data
[2009/11/20 16:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\osane\Datos de programa\Amadeus
[2010/01/19 15:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\osane\Datos de programa\Internet Chess Club
[2010/09/17 12:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\osane\Datos de programa\TeamViewer
[2011/09/05 09:37:02 | 000,000,488 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{465DD096-E3FC-4B9C-ABC1-E2EF744B8399}.job
[2011/09/05 10:47:00 | 000,000,492 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{93E5A402-1493-4229-95E0-F52BA0CB9E68}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/04/22 11:16:52 | 000,000,000 | ---D | M] -- C:\A3
[2009/09/24 12:27:46 | 000,000,000 | ---D | M] -- C:\Application Data
[2011/09/01 12:37:48 | 000,000,000 | R--D | M] -- C:\Archivos de programa
[2010/11/20 12:27:59 | 000,000,000 | ---D | M] -- C:\ATI
[2010/02/26 12:23:52 | 000,000,000 | ---D | M] -- C:\ComboFix
[2011/09/01 12:31:48 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009/09/23 11:38:15 | 000,000,000 | ---D | M] -- C:\copia
[2011/07/05 13:07:54 | 000,000,000 | ---D | M] -- C:\Copiar
[2010/03/12 18:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2010/05/03 10:44:19 | 000,000,000 | ---D | M] -- C:\email template
[2011/09/05 10:12:48 | 000,000,000 | ---D | M] -- C:\MerlinX
[2011/08/31 09:57:52 | 000,000,000 | ---D | M] -- C:\OrbisWin
[2009/09/23 12:38:01 | 000,000,000 | ---D | M] -- C:\osane2
[2011/07/04 16:07:27 | 000,000,000 | ---D | M] -- C:\Program Files
[2010/01/26 13:24:13 | 000,000,000 | ---D | M] -- C:\QUARANTINE
[2010/02/26 12:44:05 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/01/20 10:46:09 | 000,000,000 | ---D | M] -- C:\renfe
[2009/09/23 16:44:15 | 000,000,000 | ---D | M] -- C:\sabre
[2009/10/01 11:37:21 | 000,000,000 | ---D | M] -- C:\SGW_log
[2011/07/29 11:25:14 | 000,000,000 | ---D | M] -- C:\sOFT
[2010/02/26 10:40:20 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2010/03/12 10:59:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/09/23 12:37:37 | 000,000,000 | ---D | M] -- C:\TS
[2010/03/24 12:12:58 | 000,000,000 | ---D | M] -- C:\Update
[2011/09/05 10:26:09 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 08:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\explorer.exe
[2008/04/14 08:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 14:10:53 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=DBB6B75CC6CB2CF8EC0BAFCA08AED6BE -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 14:22:28 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=F8DDB22B6EFC5E630D65E241074C2404 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 14:22:28 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=F8DDB22B6EFC5E630D65E241074C2404 -- C:\WINDOWS\ERDNT\cache\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2004/08/19 14:43:06 | 000,152,064 | ---- | M] (Microsoft Corporation) MD5=2BA8F4A46C83C6D3A02E9073A304F82C -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2003/06/19 13:05:04 | 000,076,048 | ---- | M] (Microsoft Corporation) MD5=907648ECF87DE5B4C567F884CCC4FF12 -- C:\Copiar\Documentos\i386\regedit.exe
[2003/06/19 13:05:04 | 000,076,048 | ---- | M] (Microsoft Corporation) MD5=907648ECF87DE5B4C567F884CCC4FF12 -- C:\Documents and Settings\osane\Mis documentos\i386\regedit.exe
[2008/04/14 08:49:10 | 000,152,064 | ---- | M] (Microsoft Corporation) MD5=F4B9F9AA2F72FAD20D09C3E3FF2BE224 -- C:\WINDOWS\regedit.exe
[2008/04/14 08:49:10 | 000,152,064 | ---- | M] (Microsoft Corporation) MD5=F4B9F9AA2F72FAD20D09C3E3FF2BE224 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2004/08/19 14:43:14 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=7B30B4D55B4562C733A5DDF6D6F72B3F -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/19 14:43:14 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=7B30B4D55B4562C733A5DDF6D6F72B3F -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 08:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 08:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008/04/14 08:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 08:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\winlogon.exe
[2004/08/19 14:43:16 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=FCB59D25D628B4D3181DC816D14679DD -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/19 14:43:16 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=FCB59D25D628B4D3181DC816D14679DD -- C:\WINDOWS\ERDNT\cache\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 7352 bytes -> C:\Documents and Settings\osane\Mis documentos\SV102290.JPG:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6260 bytes -> C:\Documents and Settings\osane\Mis documentos\MARRAKECH.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 10432 bytes -> C:\Documents and Settings\osane\Mis documentos\Viajes Kudlich Email.htm:Q30lsldxJoudresxAaaqpcawXc

< End of report >
--- --- ---

Die gmer.txt und extras.txt sind als zip datei angefügt.

Ich hoffe ich habe alles richtig gemacht, Fehlermeldung habe ich allerdings keine erhalten.

Vielen Dank für deine Bemühungen!

Antwort

Themen zu Alle PC's im Netz sehr langsam, hohe CPU Auslastung
antivir, ausgelastet, auslastung, avast, cpu, cpu ausgelastet, cpu auslastung, cpu auslastung sehr hoch, eset, eset nod32, hallo zusammen, hohe, hohe cpu, langsam, manager, neuer, nod32, online, problem, prozess, scan, scanner, sehr langsam, starten, suche, symantec, tan, task manager, versteckte, virenscanner


« Port 80 blockiert, 443 funktioniert | Probleme mit internet explorer: C:\Programm files\Internet Explorer\iexplorer.exe ist keine Win 32 A »


Ähnliche Themen: Alle PC's im Netz sehr langsam, hohe CPU Auslastung


  1. Windows Vista: svchost.exe verursacht sehr hohe CPU-Auslastung
    Log-Analyse und Auswertung - 22.09.2015 (15)
  2. Win7 System sehr träge, svchost.exe hohe Auslastung
    Log-Analyse und Auswertung - 12.01.2015 (13)
  3. Laptop (Vista) sehr langsam, hohe CPU Auslastung
    Log-Analyse und Auswertung - 20.11.2014 (16)
  4. Sehr hohe CPU Auslastung aufgrund von svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 03.10.2014 (30)
  5. Ntoskrnl verursachen sehr hohe HDD-Auslastung | Windows 8.1, McAfee hat ARTEMIS entdeckt
    Log-Analyse und Auswertung - 29.06.2014 (13)
  6. System / Ntoskrnl verursachen sehr hohe HDD-Auslastung | Windows 8.1
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (3)
  7. Blue Screen und hohe CPU Auslastung - sehr schwache Performance
    Alles rund um Windows - 11.05.2013 (21)
  8. Laptop hohe Auslastung/sehr laut
    Alles rund um Windows - 02.06.2012 (3)
  9. Laptop wir nach 5 min extrem langsam, sehr hohe CPU-Auslastung ohne ersichtlichen Grund
    Log-Analyse und Auswertung - 29.02.2012 (2)
  10. Sehr hohe CPU Auslastung, obwohl ich kaum was mache
    Plagegeister aller Art und deren Bekämpfung - 16.08.2011 (8)
  11. Sehr hohe CPU-Auslastung; Hijackthis anbei.
    Log-Analyse und Auswertung - 22.07.2010 (3)
  12. Sehr hohe CPU auslastung bis zum absturz ( ohne erkenntlichen grund )
    Log-Analyse und Auswertung - 17.01.2010 (39)
  13. wmplayer.exe -> sehr hohe CPU Auslastung
    Log-Analyse und Auswertung - 09.09.2009 (7)
  14. Zwischendurch sehr hohe CPU Auslastung
    Log-Analyse und Auswertung - 31.08.2009 (1)
  15. PC sehr langsam und hohe CPU auslastung
    Log-Analyse und Auswertung - 11.07.2009 (6)
  16. pc plötzlich langsam, hohe auslastung!
    Log-Analyse und Auswertung - 21.06.2009 (6)
  17. sehr hohe CPU-Auslastung
    Alles rund um Windows - 30.09.2006 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Alle PC's im Netz sehr langsam, hohe CPU Auslastung - Hallo, habe nun die tools aus dem Leitfaden ausgeführt und füge hier nun die Logfiles mit auf. OTL:OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 05/09/2011 10:44:26 - Alle PC's im Netz sehr langsam, hohe CPU Auslastung...
Archiv
Du betrachtest: Alle PC's im Netz sehr langsam, hohe CPU Auslastung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131