| |
| |||||||
Log-Analyse und Auswertung: WTR- Loader funktioniert nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.05.2011, 16:19
| #1 |
 |  WTR- Loader funktioniert nicht ich habe nun den otl- scan laufen lassen. das ergebnis poste ich im anschluß. über mein laptop- thoshiba satelite 350 pro- habe ich seit der fehlermeldung das tune- up programm laufen lassen. vista geht wieder, aber ich habe keinen zugriff auf alte dateien. ich hab´ das avira premium drauf. das findet aber nix. diese scheinen aber noch da zu sein, die festplatten zeigen belegten speicherplatz an, ein teil ließ sich per drag/drop auf ein externes laufwerk ziehen. hilfe wäre sehr sehr schön. besten dank im voraus. stefan PS: ist das ein software oder hardwarefehler?OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.05.2011 17:03:11 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\stefan\Desktop\EBAY 02.05.2010\download\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,21 Gb Total Space | 59,47 Gb Free Space | 51,17% Space Free | Partition Type: NTFS Drive E: | 115,21 Gb Total Space | 90,21 Gb Free Space | 78,31% Space Free | Partition Type: NTFS Computer Name: STEFANS-PC | User Name: stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\stefan\Desktop\EBAY 02.05.2010\download\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) PRC - c:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe (SPAMfighter) PRC - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba) PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\Common Files\aol\1249422293\ee\aolsoftware.exe (America Online, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\stefan\Desktop\EBAY 02.05.2010\download\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (PTK Live Update-FIGHTERS-297811811) -- C:\Program Files\Fighters\UpdateService.exe (SPAMfighter) SRV - (PTK Scanner-FIGHTERS-297811811) -- C:\Program Files\Fighters\ScannerService.exe (SPAMfighter) SRV - (PTK License-FIGHTERS-297811811) -- C:\Program Files\Fighters\LicenseService.exe (SPAMfighter) SRV - (PTK SharedAccess-FIGHTERS-297811811) -- C:\Program Files\Fighters\ConfigService.exe (SPAMfighter) SRV - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba) SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (Vfscan) -- C:\Windows\System32\drivers\vffilter.sys () DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Secure Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.05.01 00:40:37 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.04.24 19:15:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.02 15:27:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.21 18:11:43 | 000,000,000 | ---D | M] [2009.08.04 21:29:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\Extensions [2011.04.27 14:11:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions [2011.05.01 00:40:44 | 000,000,000 | -H-D | M] (Winamp Toolbar) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2011.05.01 00:40:44 | 000,000,000 | -H-D | M] (Flagfox) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.05.01 00:40:44 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.05.01 00:40:44 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.05.01 00:40:44 | 000,000,000 | -H-D | M] (Zynga Community Toolbar) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2011.05.01 00:40:44 | 000,000,000 | -H-D | M] (FoxTab) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010.06.08 11:29:10 | 000,000,927 | -H-- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\conduit.xml [2010.09.16 15:21:14 | 000,002,689 | -H-- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\search-defender.xml [2009.12.14 06:19:41 | 000,001,246 | -H-- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\winamp-search.xml [2011.04.20 23:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.04.28 09:30:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.28 01:01:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.28 13:13:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.17 22:37:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFSD7HFQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFSD7HFQ.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFSD7HFQ.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI [2011.05.02 15:27:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.11.09 00:07:15 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [cfFncEnabler.exe] File not found O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1249422293\ee\aolsoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [spywarefighterguard] C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe (SPAMfighter) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [TOSCDSPD] File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\http\oledb - No CLSID value found O18 - Protocol\Handler\msdaipp\oledb - No CLSID value found O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0abf7e05-f3f5-11de-9a20-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{11c0cfb0-0034-11df-9e26-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{320186cc-e73c-11de-bdf6-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{320186cc-e73c-11de-bdf6-00038a000015}\Shell\AutoRun\command - "" = setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{320186ce-e73c-11de-bdf6-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{320186d0-e73c-11de-bdf6-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{91d79c8a-e0a7-11de-8b3a-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{91d79c94-e0a7-11de-8b3a-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{f648011c-17a0-11df-a70b-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\G\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.02 15:27:45 | 000,000,000 | ---D | C] -- C:\Users\stefan\.amokexifsorter [2011.05.02 15:04:44 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2011.04.27 15:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2011.04.27 15:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes [2011.04.27 15:29:24 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry [2011.04.27 15:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Boot-USB-Stick [2011.04.27 13:46:54 | 000,000,000 | R--D | C] -- C:\Users\stefan\Desktop\Tune ups & Thoshiba [2011.04.27 11:03:36 | 000,000,000 | R--D | C] -- C:\Users\stefan\Desktop\THAILAND [2011.04.27 04:16:18 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.27 04:16:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.27 04:16:14 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.27 03:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA Tempro [2011.04.27 03:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba TEMPRO [2011.04.26 22:50:37 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.04.26 22:50:37 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.04.26 22:47:55 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.04.26 22:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2011.04.26 22:47:03 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\TuneUp Software [2011.04.26 22:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011 [2011.04.26 22:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.04.26 22:45:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.04.26 22:38:31 | 000,000,000 | -H-D | C] -- C:\Users\stefan\AppData\Roaming\PeerNetworking [2011.04.26 16:19:45 | 000,000,000 | RH-D | C] -- C:\Users\stefan\Desktop\Fotoos [2011.04.21 18:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.04.21 18:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.04.21 18:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.04.21 18:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.04.21 18:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011.04.20 21:43:17 | 000,000,000 | -H-D | C] -- C:\Users\stefan\Desktop\eBay [2011.04.17 22:37:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.17 22:37:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.17 22:37:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.04.16 11:55:57 | 000,000,000 | -H-D | C] -- C:\Users\stefan\AppData\Roaming\Avira [2011.04.16 11:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.04.16 11:43:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.04.16 11:43:16 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.04.16 11:43:16 | 000,102,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2011.04.16 11:43:16 | 000,079,432 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys [2011.04.16 11:43:16 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.04.16 11:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.04.15 23:27:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.04.15 23:09:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.04.15 23:09:17 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.04.15 23:09:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.04.15 23:09:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.04.15 23:09:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.04.15 23:09:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.04.15 23:09:15 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.04.15 23:09:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.04.15 23:09:15 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.04.15 23:09:15 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.04.15 23:09:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.04.15 23:09:09 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.04.15 23:09:09 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.04.15 23:09:09 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.04.15 23:09:09 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.04.15 23:09:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.04.15 23:03:32 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.15 23:03:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2011.04.15 23:03:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.15 23:03:30 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.04.15 23:03:23 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.04.15 23:03:22 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.04.15 23:03:20 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.15 23:03:19 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.15 23:03:13 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.04.15 23:03:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.04.15 23:03:12 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.04.15 23:03:12 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.04.15 23:03:12 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.04.15 23:03:12 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.04.15 23:03:11 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.04.15 23:03:11 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.04.15 23:03:10 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.04.15 23:03:09 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.04.15 23:03:09 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.04.15 23:03:08 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.04.15 23:03:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.15 23:02:56 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.15 23:02:56 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.15 23:02:55 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.15 23:02:54 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.15 23:02:54 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.15 23:02:54 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.15 23:02:30 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.15 23:02:27 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.04.15 23:02:25 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.15 23:02:24 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.15 23:02:11 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.04.15 23:02:11 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.04.15 23:02:11 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.04.15 23:02:11 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.04.15 23:02:10 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.04.15 23:02:10 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.04.15 23:02:10 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.04.15 23:02:10 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.04.15 23:02:10 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.04.15 23:02:10 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.04.15 23:02:10 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.04.15 23:01:55 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.04.15 23:01:55 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.04.15 23:01:55 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.04.15 23:01:55 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.04.15 23:01:34 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011.04.15 23:01:34 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011.04.15 23:01:34 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011.04.15 23:01:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.04.15 23:01:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.04.15 22:59:37 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2011.04.06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll [2011.04.06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011.04.06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [2011.04.06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll ========== Files - Modified Within 30 Days ========== [2011.05.02 17:03:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.02 17:03:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.02 16:23:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.02 16:10:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.02 03:10:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.01 21:07:49 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.05.01 21:07:44 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0FC1EB67-C863-49F0-9845-43C2E33E4463}.job [2011.05.01 00:46:25 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.01 00:46:25 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.01 00:46:25 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.01 00:46:25 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.29 00:30:51 | 000,067,072 | -H-- | M] () -- C:\Users\stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.27 15:32:30 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2011.04.27 13:27:27 | 000,000,226 | ---- | M] () -- C:\Users\stefan\Desktop\Internetoptionen - Verknüpfung.lnk [2011.04.27 03:28:54 | 000,001,673 | ---- | M] () -- C:\Users\stefan\Desktop\Toshiba TEMPRO-Meldungen.lnk [2011.04.26 22:50:33 | 000,001,834 | ---- | M] () -- C:\Users\stefan\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.04.26 22:50:33 | 000,001,830 | ---- | M] () -- C:\Users\stefan\Desktop\TuneUp Utilities 2011.lnk [2011.04.26 13:55:07 | 000,002,565 | -H-- | M] () -- C:\Users\stefan\Desktop\Microsoft Word.lnk [2011.04.20 23:41:33 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.16 11:39:09 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.04.16 11:39:08 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.04.16 11:39:08 | 000,102,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2011.04.16 11:39:08 | 000,079,432 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys [2011.04.16 11:39:08 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.04.15 23:31:07 | 000,371,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll [2011.04.06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011.04.06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [2011.04.06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll ========== Files Created - No Company Name ========== [2011.04.27 15:32:30 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2011.04.27 13:27:27 | 000,000,226 | ---- | C] () -- C:\Users\stefan\Desktop\Internetoptionen - Verknüpfung.lnk [2011.04.27 03:29:03 | 000,001,673 | ---- | C] () -- C:\Users\stefan\Desktop\Toshiba TEMPRO-Meldungen.lnk [2011.04.26 22:47:45 | 000,001,834 | ---- | C] () -- C:\Users\stefan\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.04.26 22:47:45 | 000,001,830 | ---- | C] () -- C:\Users\stefan\Desktop\TuneUp Utilities 2011.lnk [2011.04.26 22:47:44 | 000,001,842 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk [2011.04.20 23:41:33 | 000,000,823 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.15 23:09:11 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.04.15 23:09:11 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.04.15 23:09:11 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2010.11.01 13:26:47 | 000,000,680 | -H-- | C] () -- C:\Users\stefan\AppData\Local\d3d9caps.dat [2009.10.22 13:01:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2009.10.22 13:01:38 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2009.10.06 11:18:38 | 000,135,176 | ---- | C] () -- C:\Windows\hpqins00.dat [2009.09.02 13:30:34 | 000,097,392 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2009.08.15 04:27:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.15 04:27:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.15 04:26:12 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.08.04 23:44:43 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2009.08.04 22:37:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.08.04 21:53:38 | 000,164,276 | ---- | C] () -- C:\Windows\hpoins19.dat [2009.08.04 21:53:22 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2009.08.04 03:07:49 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2009.08.04 02:10:01 | 000,067,072 | -H-- | C] () -- C:\Users\stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.04 01:35:22 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll [2009.08.04 01:15:32 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2009.08.04 01:15:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2009.08.04 01:15:32 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2009.08.04 01:15:32 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.11.18 11:01:46 | 000,015,496 | ---- | C] () -- C:\Windows\System32\drivers\vffilter.sys [2008.08.13 18:06:54 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.08.13 17:51:55 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2008.08.13 17:51:55 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008.08.13 17:51:53 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008.08.13 17:51:52 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2008.08.13 17:10:49 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.06.23 14:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.05.23 18:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml [2008.01.21 10:31:48 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 10:31:48 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 10:31:48 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 10:31:48 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:43 | 000,371,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1999.01.23 03:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2011.05.01 00:40:43 | 000,000,000 | -H-D | M] -- C:\Users\stefan\AppData\Roaming\Desktopicon [2011.05.01 00:40:43 | 000,000,000 | -H-D | M] -- C:\Users\stefan\AppData\Roaming\Facebook [2011.05.01 00:40:43 | 000,000,000 | -H-D | M] -- C:\Users\stefan\AppData\Roaming\gtk-2.0 [2010.05.22 10:58:03 | 000,000,000 | -H-D | M] -- C:\Users\stefan\AppData\Roaming\Image Zone Express [2011.04.26 22:38:31 | 000,000,000 | -H-D | M] -- C:\Users\stefan\AppData\Roaming\PeerNetworking [2009.08.14 16:47:54 | 000,000,000 | -H-D | M] -- C:\Users\stefan\AppData\Roaming\Printer Info Cache [2009.10.01 07:47:06 | 000,000,000 | -H-D | M] -- C:\Users\stefan\AppData\Roaming\Toshiba [2011.04.26 22:47:03 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\TuneUp Software [2010.11.14 20:39:02 | 000,000,000 | -H-D | M] -- C:\Users\stefan\AppData\Roaming\Uniblue [2009.12.08 13:21:46 | 000,000,000 | -H-D | M] -- C:\Users\stefan\AppData\Roaming\Vodafone [2009.09.02 13:50:46 | 000,000,000 | -H-D | M] -- C:\Users\stefan\AppData\Roaming\WinBatch [2011.05.01 00:34:23 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.12.22 00:24:22 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter.job [2011.05.01 21:07:44 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0FC1EB67-C863-49F0-9845-43C2E33E4463}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report > |
| Themen zu WTR- Loader funktioniert nicht |
| alternate, antivir, autorun, avg, avgntflt.sys, avira, bho, bonjour, conduit, desktop, ebay, error, externes laufwerk, fehlermeldung, festplatte, firefox, format, location, logfile, mozilla, oldtimer, performance, plug-in, programm, realtek, registry, scan, sched.exe, searchplugins, secure search, siteadvisor, software, speicherplatz, start menu, usb, vista, vodafone |
Baum-Darstellung