| Santelmo | 05.09.2011 13:45 |
Hallo,
habe nun die tools aus dem Leitfaden ausgeführt und füge hier nun die Logfiles mit auf.
OTL:OTL Logfile: Code:
OTL logfile created on: 05/09/2011 10:44:26 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\osane\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,06% Memory free
3,85 Gb Paging File | 3,24 Gb Available in Paging File | 84,14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 111,78 Gb Total Space | 68,40 Gb Free Space | 61,19% Space Free | Partition Type: NTFS
Drive D: | 142,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: PCOSANE | User Name: osane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/05 10:27:26 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\osane\Escritorio\OTL.exe
PRC - [2011/09/01 13:17:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/01 13:17:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/17 11:35:44 | 000,667,136 | ---- | M] () -- C:\TS\DAT\CLICM1AES.exe
PRC - [2010/11/17 11:35:42 | 000,451,072 | ---- | M] (Amadeus) -- C:\TS\DAT\CLICM1AESexec.exe
PRC - [2010/09/14 16:59:26 | 000,232,368 | ---- | M] (AMADEUS) -- C:\Archivos de programa\Automatic Update\AutoUpdateGUI.exe
PRC - [2010/09/14 16:59:14 | 000,218,024 | ---- | M] (Amadeus) -- C:\Archivos de programa\Automatic Update\AutoUpdate.exe
PRC - [2010/08/17 13:38:24 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:07 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/11 18:25:50 | 000,078,848 | ---- | M] () -- C:\TS\DAT\CLICM1AESService.exe
PRC - [2009/10/14 14:33:00 | 000,470,016 | ---- | M] (Terminal Systems, S.A.) -- C:\TS\DAT\SaviaUpd.exe
PRC - [2009/09/22 18:12:38 | 000,052,888 | ---- | M] () -- C:\Archivos de programa\VIA\RAID\vialogsv.exe
PRC - [2008/04/14 08:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Archivos de programa\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/04/25 12:18:30 | 000,065,536 | ---- | M] () -- C:\TS\DAT\Supdsrc.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (No Company Name) ==========
MOD - [2011/06/06 12:55:32 | 000,301,056 | ---- | M] () -- C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.ESP
MOD - [2010/11/17 11:35:44 | 000,667,136 | ---- | M] () -- C:\TS\DAT\CLICM1AES.exe
MOD - [2010/06/17 15:27:42 | 000,355,688 | ---- | M] () -- C:\Archivos de programa\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/03/12 13:17:39 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_30df5992\mscorlib.dll
MOD - [2010/03/12 13:17:35 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_8e2992b9\system.drawing.dll
MOD - [2010/03/12 13:17:05 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_7a774de0\system.xml.dll
MOD - [2010/03/12 13:12:35 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_b9b45223\system.windows.forms.dll
MOD - [2010/03/12 13:12:05 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_faddcb8e\system.dll
MOD - [2010/03/12 13:11:49 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/03/12 13:11:47 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010/01/11 18:25:50 | 000,078,848 | ---- | M] () -- C:\TS\DAT\CLICM1AESService.exe
MOD - [2009/09/23 10:23:56 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009/09/23 10:23:56 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2009/09/23 10:23:55 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2009/09/23 10:23:55 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2009/09/23 10:23:54 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009/09/23 09:42:39 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_es_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/09/23 09:42:38 | 000,180,224 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_es_b77a5c561934e089\system.windows.forms.resources.dll
MOD - [2009/09/22 18:12:38 | 000,581,632 | ---- | M] () -- C:\Archivos de programa\VIA\RAID\Language.dll
MOD - [2009/09/22 18:12:38 | 000,196,608 | ---- | M] () -- C:\Archivos de programa\VIA\RAID\drvInterface.dll
MOD - [2009/09/22 18:12:38 | 000,052,888 | ---- | M] () -- C:\Archivos de programa\VIA\RAID\vialogsv.exe
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll
MOD - [2009/08/05 11:45:04 | 000,106,312 | ---- | M] () -- C:\Archivos de programa\Microsoft Office\OFFICE11\OUTLCTL.DLL
MOD - [2007/05/15 02:32:10 | 000,921,600 | ---- | M] () -- C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AdistRes.ESP
MOD - [2007/05/15 02:31:13 | 001,404,928 | ---- | M] () -- C:\Archivos de programa\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.ESP
MOD - [2007/05/10 22:25:20 | 002,469,888 | ---- | M] () -- C:\Archivos de programa\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2005/04/25 12:18:30 | 000,065,536 | ---- | M] () -- C:\TS\DAT\Supdsrc.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (LVPrcSrv)
SRV - [2011/09/01 13:17:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/01 13:17:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/14 16:59:14 | 000,218,024 | ---- | M] (Amadeus) [Auto | Running] -- C:\Archivos de programa\Automatic Update\AutoUpdate.exe -- (Amadeus Automatic Update)
SRV - [2010/01/11 18:25:50 | 000,078,848 | ---- | M] () [Auto | Running] -- C:\TS\DAT\CLICM1AESService.exe -- (CM1AES Client Services)
SRV - [2009/09/29 09:40:10 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Archivos de programa\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2009/09/23 11:03:42 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/22 18:12:38 | 000,052,888 | ---- | M] () [Auto | Running] -- C:\Archivos de programa\VIA\RAID\vialogsv.exe -- (VRAID Log Service)
SRV - [2006/11/15 23:05:40 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Archivos de programa\Archivos comunes\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2005/04/25 12:18:30 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\TS\DAT\Supdsrc.exe -- (Savia Update)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - [2011/09/01 13:17:17 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/01 13:17:17 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:42 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:32 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/09/22 18:12:40 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008/04/14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/11/15 23:02:50 | 001,962,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/15 23:00:56 | 001,678,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/11 04:48:00 | 000,040,352 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/11 04:43:15 | 000,933,536 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2006/11/11 04:43:15 | 000,013,344 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/05/03 17:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://es.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C D1 6B 09 64 3C CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Archivos de programa\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\osane\Configuración local\Datos de programa\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\osane\Configuración local\Datos de programa\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2011/09/05 10:23:17 | 000,000,050 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 10.14.55.66 comserv
O1 - Hosts: 192.168.1.4 amadeus
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe ARM] C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Anexar a PDF existente - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir a Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir destino de vínculo en archivo Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir selección a Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir selección a archivo PDF existente - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir vínculos seleccionados a Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O15 - HKLM\..Trusted Domains: amadeus.com ([content] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amadeus.net ([content.1a] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amadeusproweb.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: amadeusvista.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: amadeusvista.com ([Muc.http.farm6.software] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amadeusvista.com ([Muc.http.farm8.software] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amadeusvista.com ([Muc.https.farm11.software] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amadeusvista.com ([Muc.https.farm5.software] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amadeus.com ([]http in Sitios de confianza)
O15 - HKCU\..Trusted Domains: amadeus.net ([]http in Sitios de confianza)
O15 - HKCU\..Trusted Domains: amadeusproweb.com ([]http in Sitios de confianza)
O15 - HKCU\..Trusted Domains: amadeusvista.com ([]http in Sitios de confianza)
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} file:///D:/VISTA/SELLING%20PLATFORM%203.1P131ES%20(Spanish)/html/Silent_AutoUpdateATL26P220.cab (Amadeus Automatic Update)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} https://my.sabre.com/jars/TMinReqX.dll (TMinReq Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282551731062 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CE306811-265E-4AC4-8DD4-712F2AF5A98E} hxxp://www-origin.a3software.com/a3ftp/a3ftp.CAB (A3SOFT.A3FTP)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F96020DD-C373-44A0-82B6-064EF0AEEAE3} hxxp://1a.certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab (RegSiteClientTools Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0E0F00D-2218-4763-851B-9C31A3211194}: NameServer = 194.224.52.36,194.224.52.37
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Archivos de programa\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Archivos de programa\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/22 17:25:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eaff67ab-277d-11df-9d42-00112fcec5ff}\Shell\AutoRun\command - "" = E:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{eaff67ab-277d-11df-9d42-00112fcec5ff}\Shell\Option1\Command - "" = E:\hbcd\wintools\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Generación de gráficos vectoriales (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Enlace dinámico de datos HTML para Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autoría avanzada
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Clases Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Carpetas Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {7F23B247-895C-1953-124D-8B06D2F3D774} - DirectX
ActiveX: {83169D43-4660-4347-BC95-E9D6E6BE65CE} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Programador de tareas
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - Services: "wscsvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de HP Photosmart Premier.lnk - C:\Archivos de programa\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Archivos de programa\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Archivos de programa\Winamp\winampa.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/09/05 10:27:16 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\osane\Escritorio\OTL.exe
[2011/09/01 12:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Avira
[2011/09/01 12:37:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/09/01 12:37:49 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/09/01 12:37:49 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/09/01 12:37:49 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/09/01 12:37:49 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/09/01 12:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Avira
[2011/09/01 12:37:48 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Avira
[2011/09/01 10:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Trend Micro
[2011/09/01 10:44:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\aucache
[2011/09/01 09:55:36 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Trend Micro
[2011/09/01 09:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\osane\Datos de programa\InstallShield
[2011/09/01 09:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\osane\Escritorio\WFBS70
[2011/09/01 09:14:57 | 764,990,312 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\osane\Escritorio\WFBS70_ES_GM_Repack_B1437R3.exe
[2011/09/01 09:07:07 | 001,016,120 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\osane\Escritorio\WFBS_70_ES_Downloader_B1437R3.exe
[2011/08/31 11:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\osane\Mis documentos\Downloads
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/05 10:47:00 | 000,000,492 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{93E5A402-1493-4229-95E0-F52BA0CB9E68}.job
[2011/09/05 10:27:26 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\osane\Escritorio\OTL.exe
[2011/09/05 10:23:17 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/05 10:23:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts
[2011/09/05 10:22:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/05 10:22:22 | 2147,057,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/05 10:18:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\osane\defogger_reenable
[2011/09/05 10:14:01 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\osane\Escritorio\Defogger.exe
[2011/09/05 10:11:41 | 000,048,912 | ---- | M] () -- C:\Documents and Settings\osane\intlname.ols
[2011/09/05 09:51:20 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\osane\irisplus-iplusdcs.properties
[2011/09/05 09:42:18 | 000,385,099 | ---- | M] (Sabre Holdings) -- C:\WINDOWS\emuapi.dll
[2011/09/05 09:41:40 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/09/05 09:41:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.bak
[2011/09/05 09:41:17 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\osane\sslvpn-config.properties
[2011/09/05 09:37:02 | 000,000,488 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{465DD096-E3FC-4B9C-ABC1-E2EF744B8399}.job
[2011/09/05 09:31:48 | 000,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-299502267-839522115-1006UA.job
[2011/09/05 09:30:34 | 000,002,338 | ---- | M] () -- C:\Documents and Settings\osane\Escritorio\Google Chrome.lnk
[2011/09/05 09:16:07 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/02 14:22:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-299502267-839522115-1006Core.job
[2011/09/01 13:17:17 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/09/01 13:17:17 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/09/01 12:38:37 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Avira AntiVir Control Center.lnk
[2011/09/01 12:29:32 | 000,493,630 | ---- | M] () -- C:\WINDOWS\System32\perfh0c0.dat
[2011/09/01 12:29:32 | 000,426,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/01 12:29:32 | 000,094,462 | ---- | M] () -- C:\WINDOWS\System32\perfc0c0.dat
[2011/09/01 12:29:32 | 000,071,468 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/01 12:07:17 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\osane\Datos de programa\wfbshelp.ini
[2011/09/01 10:39:14 | 000,495,150 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2011/09/01 10:39:14 | 000,095,158 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2011/09/01 09:28:58 | 764,990,312 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\osane\Escritorio\WFBS70_ES_GM_Repack_B1437R3.exe
[2011/09/01 09:07:08 | 001,016,120 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\osane\Escritorio\WFBS_70_ES_Downloader_B1437R3.exe
[2011/08/31 13:40:25 | 000,554,190 | ---- | M] () -- C:\WINDOWS\umcat_01.db
[2011/08/16 09:15:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/05 10:18:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\osane\defogger_reenable
[2011/09/05 10:14:01 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\osane\Escritorio\Defogger.exe
[2011/09/01 12:38:37 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Avira AntiVir Control Center.lnk
[2011/09/01 12:15:18 | 2147,057,664 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/01 10:39:12 | 000,493,630 | ---- | C] () -- C:\WINDOWS\System32\perfh0c0.dat
[2011/09/01 10:39:12 | 000,094,462 | ---- | C] () -- C:\WINDOWS\System32\perfc0c0.dat
[2011/09/01 09:29:11 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\osane\Datos de programa\wfbshelp.ini
[2011/08/31 12:19:03 | 000,554,190 | ---- | C] () -- C:\WINDOWS\umcat_01.db
[2011/02/21 09:49:20 | 000,000,057 | ---- | C] () -- C:\WINDOWS\SABRE.INI
[2010/11/20 12:35:09 | 000,003,796 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/20 12:29:20 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/11/19 14:19:26 | 000,042,594 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/11/19 14:07:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/19 16:45:09 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\osane\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/26 12:07:16 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/26 12:07:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/26 12:07:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/26 12:07:16 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/26 12:07:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/07 11:49:36 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2009/12/10 12:41:27 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2009/10/07 13:16:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/01 11:55:27 | 000,003,094 | ---- | C] () -- C:\WINDOWS\1aAutoUpdate.ini
[2009/09/29 11:38:43 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\osane\Configuración local\Datos de programa\fusioncache.dat
[2009/09/29 11:32:03 | 000,110,764 | ---- | C] () -- C:\WINDOWS\hpgins13.dat
[2009/09/29 11:32:03 | 000,000,173 | ---- | C] () -- C:\WINDOWS\hpgmdl13.dat
[2009/09/24 10:36:46 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\VSHP2600.DLL
[2009/09/24 10:36:45 | 011,210,752 | R--- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL
[2009/09/24 10:36:45 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\AGISSI.DLL
[2009/09/24 10:36:45 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\ZSHP2600.EXE
[2009/09/24 10:36:45 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\ZHHP2600.EXE
[2009/09/24 09:56:39 | 000,696,637 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2009/09/24 09:56:39 | 000,107,976 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/09/23 12:37:40 | 000,154,178 | ---- | C] () -- C:\WINDOWS\Owl31.dll
[2009/09/23 12:37:40 | 000,144,314 | ---- | C] () -- C:\WINDOWS\Bc30rtl.dll
[2009/09/23 12:37:40 | 000,068,444 | ---- | C] () -- C:\WINDOWS\Tclass31.dll
[2009/09/23 12:37:40 | 000,025,344 | ---- | C] () -- C:\WINDOWS\PCSHLL.DLL
[2009/09/23 09:14:26 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/22 18:27:06 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/09/22 18:21:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/09/22 17:28:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/22 17:22:27 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/22 17:15:13 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/22 17:14:01 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/15 23:00:56 | 001,678,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/04/28 21:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/19 14:58:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/04/11 13:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/24 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/24 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/24 13:00:00 | 000,495,150 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2002/09/24 13:00:00 | 000,426,562 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/24 13:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2002/09/24 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/24 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/24 13:00:00 | 000,095,158 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2002/09/24 13:00:00 | 000,071,468 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/24 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/24 13:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2002/09/24 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/24 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/24 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2009/10/01 11:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Amadeus
[2010/02/26 13:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Danware Data
[2009/11/20 16:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\osane\Datos de programa\Amadeus
[2010/01/19 15:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\osane\Datos de programa\Internet Chess Club
[2010/09/17 12:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\osane\Datos de programa\TeamViewer
[2011/09/05 09:37:02 | 000,000,488 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{465DD096-E3FC-4B9C-ABC1-E2EF744B8399}.job
[2011/09/05 10:47:00 | 000,000,492 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{93E5A402-1493-4229-95E0-F52BA0CB9E68}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2010/04/22 11:16:52 | 000,000,000 | ---D | M] -- C:\A3
[2009/09/24 12:27:46 | 000,000,000 | ---D | M] -- C:\Application Data
[2011/09/01 12:37:48 | 000,000,000 | R--D | M] -- C:\Archivos de programa
[2010/11/20 12:27:59 | 000,000,000 | ---D | M] -- C:\ATI
[2010/02/26 12:23:52 | 000,000,000 | ---D | M] -- C:\ComboFix
[2011/09/01 12:31:48 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009/09/23 11:38:15 | 000,000,000 | ---D | M] -- C:\copia
[2011/07/05 13:07:54 | 000,000,000 | ---D | M] -- C:\Copiar
[2010/03/12 18:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2010/05/03 10:44:19 | 000,000,000 | ---D | M] -- C:\email template
[2011/09/05 10:12:48 | 000,000,000 | ---D | M] -- C:\MerlinX
[2011/08/31 09:57:52 | 000,000,000 | ---D | M] -- C:\OrbisWin
[2009/09/23 12:38:01 | 000,000,000 | ---D | M] -- C:\osane2
[2011/07/04 16:07:27 | 000,000,000 | ---D | M] -- C:\Program Files
[2010/01/26 13:24:13 | 000,000,000 | ---D | M] -- C:\QUARANTINE
[2010/02/26 12:44:05 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/01/20 10:46:09 | 000,000,000 | ---D | M] -- C:\renfe
[2009/09/23 16:44:15 | 000,000,000 | ---D | M] -- C:\sabre
[2009/10/01 11:37:21 | 000,000,000 | ---D | M] -- C:\SGW_log
[2011/07/29 11:25:14 | 000,000,000 | ---D | M] -- C:\sOFT
[2010/02/26 10:40:20 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2010/03/12 10:59:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/09/23 12:37:37 | 000,000,000 | ---D | M] -- C:\TS
[2010/03/24 12:12:58 | 000,000,000 | ---D | M] -- C:\Update
[2011/09/05 10:26:09 | 000,000,000 | ---D | M] -- C:\WINDOWS
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
< %systemroot%\*. /mp /s >
< MD5 for: EXPLORER.EXE >
[2008/04/14 08:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\explorer.exe
[2008/04/14 08:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 14:10:53 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=DBB6B75CC6CB2CF8EC0BAFCA08AED6BE -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 14:22:28 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=F8DDB22B6EFC5E630D65E241074C2404 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 14:22:28 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=F8DDB22B6EFC5E630D65E241074C2404 -- C:\WINDOWS\ERDNT\cache\explorer.exe
< MD5 for: REGEDIT.EXE >
[2004/08/19 14:43:06 | 000,152,064 | ---- | M] (Microsoft Corporation) MD5=2BA8F4A46C83C6D3A02E9073A304F82C -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2003/06/19 13:05:04 | 000,076,048 | ---- | M] (Microsoft Corporation) MD5=907648ECF87DE5B4C567F884CCC4FF12 -- C:\Copiar\Documentos\i386\regedit.exe
[2003/06/19 13:05:04 | 000,076,048 | ---- | M] (Microsoft Corporation) MD5=907648ECF87DE5B4C567F884CCC4FF12 -- C:\Documents and Settings\osane\Mis documentos\i386\regedit.exe
[2008/04/14 08:49:10 | 000,152,064 | ---- | M] (Microsoft Corporation) MD5=F4B9F9AA2F72FAD20D09C3E3FF2BE224 -- C:\WINDOWS\regedit.exe
[2008/04/14 08:49:10 | 000,152,064 | ---- | M] (Microsoft Corporation) MD5=F4B9F9AA2F72FAD20D09C3E3FF2BE224 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
< MD5 for: USERINIT.EXE >
[2004/08/19 14:43:14 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=7B30B4D55B4562C733A5DDF6D6F72B3F -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/19 14:43:14 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=7B30B4D55B4562C733A5DDF6D6F72B3F -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 08:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 08:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008/04/14 08:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 08:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\winlogon.exe
[2004/08/19 14:43:16 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=FCB59D25D628B4D3181DC816D14679DD -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/19 14:43:16 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=FCB59D25D628B4D3181DC816D14679DD -- C:\WINDOWS\ERDNT\cache\winlogon.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 7352 bytes -> C:\Documents and Settings\osane\Mis documentos\SV102290.JPG:�Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6260 bytes -> C:\Documents and Settings\osane\Mis documentos\MARRAKECH.pdf:�Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 10432 bytes -> C:\Documents and Settings\osane\Mis documentos\Viajes Kudlich Email.htm:�Q30lsldxJoudresxAaaqpcawXc
< End of report >
--- --- ---
Die gmer.txt und extras.txt sind als zip datei angefügt.
Ich hoffe ich habe alles richtig gemacht, Fehlermeldung habe ich allerdings keine erhalten.
Vielen Dank für deine Bemühungen! |
