Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.01.2010, 15:43   #1
rimp
 
Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert? - Standard

Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert?



Hallo, Habe mir den Backdoor.Bifrose.AAGY eingefangen und auch mit G-Data entfernen können. Neuer Suchlauf zeigt keine Funde mehr. Bin ich den Virus los oder ist mein System schon ferngesteuert??
Vielen Dank für eure Hilfe
---------------------------------------
System: Windows 7 64 Bit
---------------------------------------
G-Data Log:
Prüfung der Systembereiche...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Objekt: winupdcenter.exe
Pfad: C:\Users\Achim\AppData\Roaming\Microsoft\Windows\Templates
Status: Virus, Datei gelöscht
Virus: Backdoor.Bifrose.AAGY (Engine A)
--------------------------------------
Malwarebytes' Anti-Malware 1.43
Datenbank Version: 3468
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.01.2010 11:53:47
mbam-log-2010-01-01 (11-53-47).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 239957
Laufzeit: 1 hour(s), 11 minute(s), 30 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
-------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:46, on 01.01.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\pdf24\pdf24.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe
C:\Hijack\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ht**tp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ht**tp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ht**tp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ht**tp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ht**tp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ht**tp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Movies_on_DVD_TV_Edition\TrayServer.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Remote Control Editor] "C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe"
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{55157FC7-266A-4C36-A66D-64E0723D6AC7}: NameServer = 213.191.74.11 213.191.92.82
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA Festplattenschutz (Thpsrv) - Unknown owner - C:\Windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13424 bytes

Alt 06.01.2010, 14:06   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert? - Standard

Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert?



Hallo und

Hinweis: Du nutzt ein 64-Bit-Windows. Viele Tools, die wir hier als Hilfsmittel zum Bereinigen einsetzen, sind mit nem 64-Bit-Windows nicht kompatibel - das macht eine Bereinigung schwerer als sie ohnehin schon ist.

Auf nem 64-Bit-Windows können wir daher fast keine Bereinigungstools loslassen

Mach aber mal OTL: Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 07.01.2010, 16:19   #3
rimp
 
Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert? - Standard

Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert?



Hier die OTL Logfiles:

OTL logfile created on: 07.01.2010 16:21:11 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Achim\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 143,63 Gb Free Space | 77,09% Space Free | Partition Type: NTFS
Drive D: | 185,91 Gb Total Space | 83,59 Gb Free Space | 44,96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACHIM-NOTEBOOK
Current User Name: Achim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Achim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
PRC - C:\Program Files (x86)\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Programme\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (SafeList) ==========

MOD - C:\Users\Achim\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (a2free) -- C:\Program Files (x86)\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 04:20:14 | 00,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 04:20:14 | 00,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G DATA Software AG)
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G DATA Software AG)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB-Videogerät (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (RTL8187B) RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://***.google.com/ig/redirectdom...TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (824 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Programme\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Movies_on_DVD_TV_Edition\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.01.07 15:59:22 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Achim\Desktop\OTL.exe
[2010.01.05 21:58:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Topfield
[2010.01.04 22:52:25 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\dvdcss
[2010.01.04 22:49:34 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\vlc
[2010.01.04 22:47:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010.01.04 21:50:15 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\MPEG Streamclip
[2010.01.04 21:48:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.01.04 21:48:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.01.04 21:47:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.01.04 21:47:36 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\Apple
[2010.01.04 21:47:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.01.04 21:47:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.01.04 21:23:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.01.04 21:23:13 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010.01.02 16:30:24 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\Threat Expert
[2010.01.01 15:36:06 | 00,082,816 | ---- | C] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2010.01.01 15:36:06 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\Achim\AppData\Roaming\pcouffin.sys
[2010.01.01 15:36:05 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Vso
[2010.01.01 15:36:05 | 00,000,000 | ---D | C] -- C:\Users\Achim\Documents\PcSetup
[2010.01.01 15:36:04 | 00,000,000 | ---D | C] -- C:\Users\Achim\Documents\DVDFab
[2010.01.01 15:35:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 6
[2010.01.01 15:24:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Decrypter
[2010.01.01 10:39:44 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Malwarebytes
[2010.01.01 10:39:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.01.01 10:39:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.01.01 10:39:29 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.01.01 10:39:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.01.01 10:27:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.01.01 09:43:52 | 00,000,000 | ---D | C] -- C:\Hijack
[2009.12.31 18:52:02 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009.12.31 16:49:20 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009.12.31 15:27:39 | 00,000,000 | ---D | C] -- C:\Users\Achim\Documents\MeineBackups
[2009.12.30 19:51:13 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Acronis
[2009.12.30 12:23:22 | 00,000,000 | ---D | C] -- C:\Users\Achim\Documents\a-squared Free
[2009.12.30 12:23:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared Free
[2009.12.30 10:58:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2009.12.29 20:10:42 | 00,251,488 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2009.12.29 20:10:37 | 01,477,728 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm258.sys
[2009.12.29 20:10:31 | 00,943,712 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2009.12.29 20:10:16 | 00,257,120 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2009.12.29 20:09:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2009.12.29 20:09:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2009.12.29 10:32:00 | 00,000,000 | ---D | C] -- C:\Users\Achim\Documents\MAGIX Downloads
[2009.12.29 10:29:52 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Screenshare
[2009.12.29 10:29:41 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Online_Druck_Service
[2009.12.29 10:29:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2009.12.29 10:29:19 | 00,618,496 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLAV32.dll
[2009.12.29 10:29:19 | 00,430,080 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\MXRestore.exe
[2009.12.29 10:29:19 | 00,192,512 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRES32.dll
[2009.12.29 10:29:19 | 00,167,936 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDEV32.dll
[2009.12.29 10:29:19 | 00,151,552 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDRV32.dll
[2009.12.29 10:29:19 | 00,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDA32.dll
[2009.12.29 10:29:19 | 00,098,304 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCPY32.dll
[2009.12.29 10:29:19 | 00,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPTL32.dll
[2009.12.29 10:29:19 | 00,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDF32.dll
[2009.12.29 10:29:19 | 00,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLTPO32.dll
[2009.12.29 10:29:19 | 00,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRJ32.dll
[2009.12.29 10:29:19 | 00,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIO32.dll
[2009.12.29 10:29:19 | 00,049,152 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRF32.dll
[2009.12.29 10:29:19 | 00,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIMG32.dll
[2009.12.29 10:29:19 | 00,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRD32.dll
[2009.12.29 10:29:19 | 00,036,864 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPNT32.dll
[2009.12.29 10:29:19 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\STRING32.dll
[2009.12.29 10:29:19 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLMSC32.dll
[2009.12.29 10:29:19 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLISO32.dll
[2009.12.29 10:29:19 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDIR32.dll
[2009.12.29 10:29:19 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTIC32.dll
[2009.12.29 10:29:19 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTI32.dll
[2009.12.29 10:29:19 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIX.dll
[2009.12.29 10:28:45 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Movies_on_DVD_TV_Edition
[2009.12.29 10:28:28 | 00,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2009.12.29 10:27:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2009.12.29 10:27:10 | 00,700,416 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\mgxoschk.dll
[2009.12.29 10:27:10 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\MAGIX
[2009.12.28 16:51:44 | 00,000,000 | ---D | C] -- C:\Users\Achim\Documents\Meine empfangenen Dateien
[2009.12.27 11:25:54 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Lexware
[2009.12.27 11:24:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lexware
[2009.12.27 11:24:39 | 00,000,000 | ---D | C] -- C:\ProgramData\BTrieve
[2009.12.27 11:24:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Lexware
[2009.12.27 11:14:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware
[2009.12.27 11:14:15 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\Lexware
[2009.12.27 09:17:09 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\gtk-2.0
[2009.12.27 09:16:26 | 00,000,000 | ---D | C] -- C:\Users\Achim\.thumbnails
[2009.12.27 09:08:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2009.12.27 09:00:50 | 00,000,000 | ---D | C] -- C:\Users\Achim\Documents\gegl-0.0
[2009.12.27 09:00:50 | 00,000,000 | ---D | C] -- C:\Users\Achim\.gimp-2.6
[2009.12.25 14:55:44 | 00,000,000 | ---D | C] -- C:\Users\Achim\Documents\Sony Ericsson
[2009.12.24 16:13:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Avanquest Bluetooth SDK
[2009.12.24 16:12:01 | 00,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2009.12.24 16:11:43 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\Sony Ericsson
[2009.12.24 16:10:22 | 00,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe9511.dll
[2009.12.24 16:10:17 | 00,034,032 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys
[2009.12.24 16:10:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2009.12.24 16:10:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2009.12.24 13:51:28 | 00,000,000 | ---D | C] -- C:\ProgramData\TerraTec
[2009.12.24 13:50:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TerraTec
[2009.12.24 12:47:01 | 01,712,128 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2009.12.24 12:47:01 | 01,060,864 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll
[2009.12.24 12:47:01 | 01,047,552 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71u.dll
[2009.12.24 12:47:01 | 00,499,712 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2009.12.24 12:47:01 | 00,348,160 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2009.12.24 12:47:01 | 00,065,536 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71DEU.DLL
[2009.12.24 12:47:01 | 00,061,440 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ITA.DLL
[2009.12.24 12:47:01 | 00,061,440 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71FRA.DLL
[2009.12.24 12:47:01 | 00,061,440 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ESP.DLL
[2009.12.24 12:47:01 | 00,057,344 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ENU.DLL
[2009.12.24 12:47:01 | 00,049,152 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71KOR.DLL
[2009.12.24 12:47:01 | 00,049,152 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71JPN.DLL
[2009.12.24 12:47:01 | 00,045,056 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71CHT.DLL
[2009.12.24 12:47:01 | 00,040,960 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71CHS.DLL
[2009.12.24 12:46:12 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\TerraTec
[2009.12.24 12:34:56 | 00,655,424 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\SysNative\drivers\emBDA64.sys
[2009.12.24 12:34:56 | 00,624,448 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\SysNative\drivers\emOEM64.sys
[2009.12.24 12:34:56 | 00,040,512 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\SysNative\drivers\emAudio64.sys
[2009.12.24 12:34:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TerraTec
[2009.12.24 10:38:09 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Canon
[2009.12.24 03:32:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MedienTeam66
[2009.12.22 23:00:27 | 00,000,000 | ---D | C] -- C:\Programme\Brice Lambson
[2009.12.22 23:00:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Brice Lambson
[2009.12.22 22:22:15 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Ashampoo
[2009.12.22 22:20:51 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\ashampoo
[2009.12.22 22:20:51 | 00,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2009.12.22 22:20:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2009.12.22 21:46:57 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\ImgBurn
[2009.12.22 21:43:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2009.12.22 21:15:50 | 00,000,000 | ---D | C] -- C:\Users\Achim\Documents\AnyDVDHD
[2009.12.22 21:14:59 | 00,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2009.12.22 21:12:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2009.12.22 21:08:48 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Mp3tag
[2009.12.22 21:08:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2009.12.22 20:58:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3Extractor
[2009.12.22 20:58:45 | 00,796,672 | ---- | C] (Qsc) -- C:\Windows\GPInstall.exe
[2009.12.22 20:58:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2009.12.22 20:58:19 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Winamp
[2009.12.22 20:58:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2009.12.22 20:30:02 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\ShellNew
[2009.12.22 20:24:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Picture It!
[2009.12.21 22:26:38 | 00,000,000 | ---D | C] -- C:\Users\Achim\Documents\InterVideo
[2009.12.21 22:26:24 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\InterVideo
[2009.12.21 21:06:52 | 00,000,000 | R--D | C] -- C:\Users\Achim\Documents\Scanned Documents
[2009.12.21 21:06:52 | 00,000,000 | ---D | C] -- C:\Users\Achim\Documents\Fax
[2009.12.20 22:44:58 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\skypePM
[2009.12.20 22:41:57 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Skype
[2009.12.20 22:41:01 | 00,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2009.12.20 22:41:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2009.12.20 22:40:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009.12.20 20:54:30 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Ulead Systems
[2009.12.20 20:54:30 | 00,000,000 | ---D | C] -- C:\Users\Achim\Documents\Corel DVD MovieFactory
[2009.12.20 20:39:36 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\Microsoft Help
[2009.12.20 20:31:29 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\MigWiz
[2009.12.20 19:30:46 | 00,106,224 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2009.12.20 19:19:18 | 00,000,000 | ---D | C] -- C:\Users\Achim\Documents\pdf24
[2009.12.20 19:04:21 | 00,074,184 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2009.12.20 19:04:20 | 00,057,288 | ---- | C] (G DATA Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2009.12.20 19:04:15 | 00,042,952 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2009.12.20 19:04:03 | 00,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARASpi64.dll
[2009.12.20 19:04:03 | 00,019,496 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2009.12.20 19:03:58 | 00,034,760 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2009.12.20 19:03:57 | 00,048,584 | ---- | C] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2009.12.20 19:03:35 | 00,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2009.12.20 19:03:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2009.12.20 19:03:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G DATA
[2009.12.20 18:51:03 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\Downloaded Installations
[2009.12.20 18:29:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\pdf24
[2009.12.20 17:10:14 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\Microsoft Games
[2009.12.19 18:14:12 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\WinRAR
[2009.12.19 18:13:30 | 00,000,000 | ---D | C] -- C:\Programme\WinRAR
[2009.12.19 17:26:03 | 00,000,000 | ---D | C] -- C:\Users\Achim\Tracing
[2009.12.19 16:17:28 | 00,029,696 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2009.12.19 16:17:26 | 00,000,000 | ---D | C] -- C:\Programme\S.A.D
[2009.12.19 14:43:36 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\CD-LabelPrint
[2009.12.19 14:23:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2009.12.19 14:17:02 | 14,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2009.12.19 14:16:58 | 11,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009.12.19 14:16:56 | 01,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2009.12.19 14:16:55 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2009.12.19 14:16:53 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009.12.19 14:16:53 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2009.12.19 14:16:53 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2009.12.19 14:16:53 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2009.12.19 14:16:53 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2009.12.19 14:16:52 | 00,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2009.12.19 14:16:52 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2009.12.19 14:16:52 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2009.12.19 14:16:50 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009.12.19 14:16:49 | 12,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2009.12.19 14:16:17 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2009.12.19 14:16:12 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009.12.19 14:16:12 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009.12.19 00:09:53 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\TOSHIBA_Corporation
[2009.12.18 23:34:48 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\Adobe
[2009.12.18 22:51:19 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\Canon Easy-PhotoPrint EX
[2009.12.18 22:50:43 | 00,000,000 | ---D | C] -- C:\Programme\Canon
[2009.12.18 22:41:40 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Canon
[2009.12.18 22:35:50 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2009.12.18 19:02:32 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\Diagnostics
[2009.12.18 19:01:20 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Adobe
[2009.12.18 17:35:12 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Toshiba
[2009.12.18 17:29:00 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Google
[2009.12.18 17:28:59 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\Google
[2009.12.18 17:19:56 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\Toshiba
[2009.12.18 17:19:33 | 00,000,000 | R--D | C] -- C:\Users\Achim\Searches
[2009.12.18 17:19:23 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Identities
[2009.12.18 17:19:21 | 00,000,000 | R--D | C] -- C:\Users\Achim\Contacts
[2009.12.18 17:19:18 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\VirtualStore
[2009.12.18 17:16:31 | 00,000,000 | ---D | C] -- C:\ProgramData\ToshibaEurope
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\Vorlagen
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\AppData\Local\Verlauf
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\AppData\Local\Temporary Internet Files
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\Startmenü
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\SendTo
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\Recent
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\Netzwerkumgebung
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\Lokale Einstellungen
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\Documents\Eigene Videos
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\Documents\Eigene Musik
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\Eigene Dateien
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\Documents\Eigene Bilder
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\Druckumgebung
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\Cookies
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\AppData\Local\Anwendungsdaten
[2009.12.18 17:16:13 | 00,000,000 | -HSD | C] -- C:\Users\Achim\Anwendungsdaten
[2009.12.18 17:16:12 | 00,000,000 | --SD | C] -- C:\Users\Achim\AppData\Roaming\Microsoft
[2009.12.18 17:16:12 | 00,000,000 | R--D | C] -- C:\Users\Achim\Saved Games
[2009.12.18 17:16:12 | 00,000,000 | R--D | C] -- C:\Users\Achim\Music
[2009.12.18 17:16:12 | 00,000,000 | R--D | C] -- C:\Users\Achim\Links
[2009.12.18 17:16:12 | 00,000,000 | R--D | C] -- C:\Users\Achim\Favorites
[2009.12.18 17:16:12 | 00,000,000 | R--D | C] -- C:\Users\Achim\Downloads
[2009.12.18 17:16:12 | 00,000,000 | R--D | C] -- C:\Users\Achim\Documents
[2009.12.18 17:16:12 | 00,000,000 | R--D | C] -- C:\Users\Achim\Desktop
[2009.12.18 17:16:12 | 00,000,000 | -H-D | C] -- C:\Users\Achim\AppData
[2009.12.18 17:16:12 | 00,000,000 | ---D | C] -- C:\Users\Achim\Videos
[2009.12.18 17:16:12 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\Temp
[2009.12.18 17:16:12 | 00,000,000 | ---D | C] -- C:\Users\Achim\Pictures
[2009.12.18 17:16:12 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Local\Microsoft
[2009.12.18 17:16:12 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Media Center Programs
[2009.12.18 17:16:12 | 00,000,000 | ---D | C] -- C:\Users\Achim\AppData\Roaming\Macromedia
[2009.12.18 17:16:02 | 00,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2009.12.18 17:16:02 | 00,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2009.12.18 17:16:02 | 00,000,000 | -HSD | C] -- C:\Programme
[2009.12.18 17:16:02 | 00,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2009.12.18 17:16:02 | 00,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2009.12.18 17:16:02 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2009.12.18 17:16:02 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2009.12.18 17:16:02 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2009.12.18 17:16:02 | 00,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2009.12.18 17:16:02 | 00,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2009.12.18 17:16:02 | 00,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.01.07 16:25:08 | 01,835,008 | -HS- | M] () -- C:\Users\Achim\NTUSER.DAT
[2010.01.07 16:16:52 | 00,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.01.07 16:16:52 | 00,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.01.07 16:08:55 | 00,160,560 | ---- | M] () -- C:\Users\Achim\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.01.07 16:08:42 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.01.07 16:08:21 | 00,499,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.01.07 16:08:21 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.01.07 16:08:00 | 31,935,93856 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.07 15:59:25 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Achim\Desktop\OTL.exe
[2010.01.07 11:13:53 | 03,855,604 | -H-- | M] () -- C:\Users\Achim\AppData\Local\IconCache.db
[2010.01.04 22:47:50 | 00,001,033 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.01.04 21:23:33 | 00,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.01.01 15:36:06 | 00,099,384 | ---- | M] () -- C:\Users\Achim\AppData\Roaming\inst.exe
[2010.01.01 15:36:06 | 00,082,816 | ---- | M] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2010.01.01 15:36:06 | 00,082,816 | ---- | M] (VSO Software) -- C:\Users\Achim\AppData\Roaming\pcouffin.sys
[2010.01.01 15:36:06 | 00,007,859 | ---- | M] () -- C:\Users\Achim\AppData\Roaming\pcouffin.cat
[2010.01.01 15:36:06 | 00,001,167 | ---- | M] () -- C:\Users\Achim\AppData\Roaming\pcouffin.inf
[2010.01.01 15:36:01 | 00,000,898 | ---- | M] () -- C:\Users\Achim\Desktop\DVDFab 6.lnk
[2010.01.01 15:24:03 | 00,001,939 | ---- | M] () -- C:\Users\Achim\Desktop\DVD Decrypter.lnk
[2010.01.01 10:39:35 | 00,000,976 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.01.01 10:35:40 | 00,005,788 | ---- | M] () -- C:\Users\Achim\Documents\cc_20100101_103535.reg
[2010.01.01 10:35:12 | 00,046,162 | ---- | M] () -- C:\Users\Achim\Documents\cc_20100101_103442.reg
[2010.01.01 10:27:27 | 00,001,852 | ---- | M] () -- C:\Users\Achim\Desktop\CCleaner.lnk
[2009.12.31 18:46:16 | 00,019,456 | ---- | M] () -- C:\Users\Achim\Documents\nebenkosten.xls
[2009.12.31 15:27:07 | 01,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009.12.31 15:27:07 | 00,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2009.12.31 15:27:07 | 00,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009.12.31 15:27:07 | 00,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2009.12.31 15:27:07 | 00,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009.12.31 13:30:48 | 00,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2009.12.30 18:37:34 | 00,000,946 | ---- | M] () -- C:\Users\Achim\Desktop\a-squared Free.lnk
[2009.12.30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009.12.30 14:55:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009.12.29 20:10:42 | 00,251,488 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2009.12.29 20:10:37 | 01,477,728 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm258.sys
[2009.12.29 20:10:31 | 00,943,712 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2009.12.29 20:10:16 | 00,257,120 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2009.12.29 20:10:12 | 00,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
[2009.12.29 10:31:38 | 00,007,119 | ---- | M] () -- C:\Windows\mgxoschk.ini
[2009.12.29 10:29:18 | 00,001,222 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Movies on DVD TV Edition.lnk
[2009.12.27 11:25:07 | 00,002,675 | ---- | M] () -- C:\Users\Public\Desktop\Quicksteuer 2010.lnk
[2009.12.27 09:26:49 | 00,002,130 | ---- | M] () -- C:\Users\Achim\.recently-used.xbel
[2009.12.27 09:08:59 | 00,001,060 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2009.12.25 23:24:58 | 00,048,584 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2009.12.25 20:48:30 | 00,587,710 | ---- | M] () -- C:\Users\Achim\Documents\Bericht zu migrierten Dokumente.csv
[2009.12.24 16:10:22 | 00,148,736 | ---- | M] (Avanquest Software) -- C:\ProgramData\hpe9511.dll
[2009.12.24 16:10:22 | 00,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2009.12.24 13:50:54 | 00,001,006 | ---- | M] () -- C:\Users\Public\Desktop\TerraTec Home Cinema.lnk
[2009.12.22 22:20:51 | 00,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 9.lnk
[2009.12.22 21:43:37 | 00,001,832 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009.12.22 21:12:40 | 00,001,068 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2009.12.22 21:08:39 | 00,000,946 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2009.12.22 20:58:58 | 00,001,736 | ---- | M] () -- C:\Users\Achim\Desktop\Mp3Extractor.lnk
[2009.12.22 20:58:46 | 00,796,672 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe
[2009.12.20 22:44:59 | 00,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009.12.20 22:41:01 | 00,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009.12.20 22:05:41 | 00,044,442 | ---- | M] () -- C:\Users\Achim\Documents\Weihnachtsfax 2009.pdf
[2009.12.20 22:03:10 | 07,597,220 | ---- | M] () -- C:\Users\Achim\Documents\Weihnachtsfeier09.pdf
[2009.12.20 21:52:27 | 00,128,871 | ---- | M] () -- C:\Users\Achim\Documents\Weihnachtsfax2009.pdf
[2009.12.20 19:30:46 | 00,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2009.12.20 19:26:36 | 00,034,760 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2009.12.20 19:04:21 | 00,074,184 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2009.12.20 19:04:20 | 00,057,288 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2009.12.20 19:04:16 | 00,002,049 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2009.12.20 19:04:15 | 00,042,952 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2009.12.20 18:29:34 | 00,001,835 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2009.12.19 16:18:07 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2009.12.19 00:09:58 | 00,524,288 | -HS- | M] () -- C:\Users\Achim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009.12.19 00:09:58 | 00,524,288 | -HS- | M] () -- C:\Users\Achim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.12.19 00:09:58 | 00,065,536 | -HS- | M] () -- C:\Users\Achim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.12.18 22:50:56 | 00,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2009.12.18 19:54:51 | 00,000,111 | ---- | M] () -- C:\Windows\telephon.ini
[2009.12.18 17:27:20 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009.12.18 17:16:13 | 00,000,020 | -HS- | M] () -- C:\Users\Achim\ntuser.ini
[2009.12.18 17:14:16 | 00,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2009.12.18 17:14:16 | 00,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2009.12.18 17:12:21 | 00,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\TOSHIBA_Satellite A500_10720-GR_PSAR3E-02S00.MRK
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.04 22:47:50 | 00,001,033 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.01.04 21:23:33 | 00,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.01.01 15:36:49 | 00,000,034 | ---- | C] () -- C:\Users\Achim\AppData\Roaming\pcouffin.log
[2010.01.01 15:36:06 | 00,099,384 | ---- | C] () -- C:\Users\Achim\AppData\Roaming\inst.exe
[2010.01.01 15:36:06 | 00,007,859 | ---- | C] () -- C:\Users\Achim\AppData\Roaming\pcouffin.cat
[2010.01.01 15:36:06 | 00,001,167 | ---- | C] () -- C:\Users\Achim\AppData\Roaming\pcouffin.inf
[2010.01.01 15:36:01 | 00,000,898 | ---- | C] () -- C:\Users\Achim\Desktop\DVDFab 6.lnk
[2010.01.01 15:24:03 | 00,001,939 | ---- | C] () -- C:\Users\Achim\Desktop\DVD Decrypter.lnk
[2010.01.01 10:39:35 | 00,000,976 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.01.01 10:35:37 | 00,005,788 | ---- | C] () -- C:\Users\Achim\Documents\cc_20100101_103535.reg
[2010.01.01 10:34:50 | 00,046,162 | ---- | C] () -- C:\Users\Achim\Documents\cc_20100101_103442.reg
[2010.01.01 10:27:27 | 00,001,852 | ---- | C] () -- C:\Users\Achim\Desktop\CCleaner.lnk
[2009.12.30 18:37:34 | 00,000,946 | ---- | C] () -- C:\Users\Achim\Desktop\a-squared Free.lnk
[2009.12.29 20:10:12 | 00,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
[2009.12.29 10:29:19 | 00,014,182 | ---- | C] () -- C:\Windows\SysWow64\DLLAV32.lib
[2009.12.29 10:29:18 | 00,001,222 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Movies on DVD TV Edition.lnk
[2009.12.29 10:27:52 | 00,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2009.12.29 10:27:10 | 00,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.12.27 11:25:07 | 00,002,675 | ---- | C] () -- C:\Users\Public\Desktop\Quicksteuer 2010.lnk
[2009.12.27 09:26:49 | 00,002,130 | ---- | C] () -- C:\Users\Achim\.recently-used.xbel
[2009.12.27 09:08:59 | 00,001,060 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2009.12.25 20:48:30 | 00,587,710 | ---- | C] () -- C:\Users\Achim\Documents\Bericht zu migrierten Dokumente.csv
[2009.12.24 16:10:22 | 00,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2009.12.24 13:50:54 | 00,001,006 | ---- | C] () -- C:\Users\Public\Desktop\TerraTec Home Cinema.lnk
[2009.12.22 22:20:51 | 00,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 9.lnk
[2009.12.22 21:43:37 | 00,001,832 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009.12.22 21:14:49 | 00,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.12.22 21:12:40 | 00,001,068 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2009.12.22 21:08:39 | 00,000,946 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2009.12.22 20:58:58 | 00,001,736 | ---- | C] () -- C:\Users\Achim\Desktop\Mp3Extractor.lnk
[2009.12.20 22:44:59 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.20 22:41:01 | 00,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009.12.20 22:05:41 | 00,044,442 | ---- | C] () -- C:\Users\Achim\Documents\Weihnachtsfax 2009.pdf
[2009.12.20 21:52:52 | 00,128,871 | ---- | C] () -- C:\Users\Achim\Documents\Weihnachtsfax2009.pdf
[2009.12.20 19:22:54 | 07,597,220 | ---- | C] () -- C:\Users\Achim\Documents\Weihnachtsfeier09.pdf
[2009.12.20 19:04:16 | 00,002,049 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2009.12.20 18:29:34 | 00,001,835 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2009.12.19 16:18:07 | 00,000,902 | ---- | C] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2009.12.18 22:50:56 | 00,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2009.12.18 19:54:51 | 00,000,111 | ---- | C] () -- C:\Windows\telephon.ini
[2009.12.18 17:27:20 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009.12.18 17:16:13 | 00,524,288 | -HS- | C] () -- C:\Users\Achim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009.12.18 17:16:13 | 00,524,288 | -HS- | C] () -- C:\Users\Achim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.12.18 17:16:13 | 00,065,536 | -HS- | C] () -- C:\Users\Achim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.12.18 17:16:13 | 00,000,020 | -HS- | C] () -- C:\Users\Achim\ntuser.ini
[2009.12.18 17:16:12 | 01,835,008 | -HS- | C] () -- C:\Users\Achim\NTUSER.DAT
[2009.12.18 17:12:21 | 00,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\TOSHIBA_Satellite A500_10720-GR_PSAR3E-02S00.MRK
[2009.11.22 22:28:04 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.28 03:37:00 | 00,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2008.10.07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2006.04.21 10:08:22 | 00,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:868459B204F284A4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMPFC5A2B2
< End of report >
__________________________________________________________________
__________________

Alt 07.01.2010, 16:20   #4
rimp
 
Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert? - Standard

Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert?



OTL Extras logfile created on: 07.01.2010 16:21:11 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Achim\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 143,63 Gb Free Space | 77,09% Space Free | Partition Type: NTFS
Drive D: | 185,91 Gb Total Space | 83,59 Gb Free Space | 44,96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACHIM-NOTEBOOK
Current User Name: Achim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C006F19-9E61-4D91-8FAA-403DB8C33E26}" = Image Resizer Powertoy Clone for Windows
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CyberGhost VPN_is1" = CyberGhost VPN
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD BD for TOSHIBA
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74B58083-B5B9-46a5-847C-248F97FF2A56}" = Topfield Tools
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC42EE05-1F5D-4B92-851A-DBFE81088A0C}" = QuickSteuer 2010
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20
"a-squared Free_is1" = a-squared Free 4.5
"CCleaner" = CCleaner
"Cinergy HTC USB XS" = Cinergy HTC USB XS V5.09.0813.00
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"ImgBurn" = ImgBurn
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD BD for TOSHIBA
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"MAGIX Movies on DVD TV Edition D" = MAGIX Movies on DVD TV Edition 7.0.3.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mp3Extractor" = Mp3Extractor
"Mp3tag" = Mp3tag v2.45a
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.12.2009 11:51:59 | Computer Name = Achim-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8089.726,
Zeitstempel: 0x4a6ce533 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdb3b Ausnahmecode: 0xc0000374 Fehleroffset: 0x000cdcbb ID des fehlerhaften
Prozesses: 0x161c Startzeit der fehlerhaften Anwendung: 0x01ca87d58a65fd72 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: ee36d4f6-f3c8-11de-8eb9-001167cba158

Error - 29.12.2009 05:20:35 | Computer Name = Achim-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Ashampoo\Ashampoo Burning Studio 9\burningstudio9.exe". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 29.12.2009 05:29:39 | Computer Name = Achim-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Ashampoo\Ashampoo Burning Studio 9\burningstudio9.exe". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 29.12.2009 05:29:49 | Computer Name = Achim-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Ashampoo\Ashampoo Burning Studio 9\burningstudio9.exe". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 29.12.2009 05:29:54 | Computer Name = Achim-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Ashampoo\Ashampoo Burning Studio 9\burningstudio9.exe". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 29.12.2009 05:31:29 | Computer Name = Achim-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Ashampoo\Ashampoo Burning Studio 9\burningstudio9.exe". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 29.12.2009 05:31:40 | Computer Name = Achim-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Ashampoo\Ashampoo Burning Studio 9\burningstudio9.exe". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 29.12.2009 05:31:42 | Computer Name = Achim-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UniWANUtils.EXE, Version: 1.1.0.0,
Zeitstempel: 0x3bd86c3f Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdac7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f109 ID des fehlerhaften
Prozesses: 0x1688 Startzeit der fehlerhaften Anwendung: 0x01ca8869b5cfd2b7 Pfad der
fehlerhaften Anwendung: C:\ProgramData\MAGIX\Movies_on_DVD_TV_Edition\UserData\UniWANUtils.EXE
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: f869f6e8-f45c-11de-bd3f-002622eefd45

Error - 29.12.2009 06:22:24 | Computer Name = Achim-Notebook | Source = RasClient | ID = 20227
Description =

Error - 29.12.2009 06:40:49 | Computer Name = Achim-Notebook | Source = Application Hang | ID = 1002
Description = Programm CinergyDvr.exe, Version 6.12.0.795 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 165c Startzeit: 01ca8872c2ac20f2 Endzeit: 60000 Anwendungspfad:
C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe Berichts-ID:


[ System Events ]
Error - 25.12.2009 13:20:38 | Computer Name = Achim-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 25.12.2009 13:20:40 | Computer Name = Achim-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 26.12.2009 07:13:55 | Computer Name = Achim-Notebook | Source = DCOM | ID = 10010
Description =

Error - 26.12.2009 07:14:30 | Computer Name = Achim-Notebook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst GDScan erreicht.

Error - 27.12.2009 06:13:10 | Computer Name = Achim-Notebook | Source = DCOM | ID = 10010
Description =

Error - 29.12.2009 05:29:32 | Computer Name = Achim-Notebook | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Firebird Server - MAGIX Instance" ist als interaktiver
Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error - 31.12.2009 07:14:05 | Computer Name = Achim-Notebook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?12.?2009 um 11:59:52 unerwartet heruntergefahren.

Error - 31.12.2009 08:30:30 | Computer Name = Achim-Notebook | Source = DCOM | ID = 10010
Description =

Error - 31.12.2009 13:52:03 | Computer Name = Achim-Notebook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?12.?2009 um 18:47:24 unerwartet heruntergefahren.

Error - 31.12.2009 13:52:09 | Computer Name = Achim-Notebook | Source = BugCheck | ID = 1001
Description =


< End of report >

Alt 08.01.2010, 08:13   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert? - Standard

Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert?



Sieht soweit okay aus für mich, noch Meldungen?


Alt 08.01.2010, 10:46   #6
rimp
 
Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert? - Standard

Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert?



Nein, es sind keine Virenmeldungen mehr da.

Vielen Dank für deine Hilfe.

Alt 08.01.2010, 12:51   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert? - Standard

Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert?



Hm die Datei wurde gelöscht oder steckt die in Quarantäne?

Alt 08.01.2010, 18:06   #8
rimp
 
Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert? - Standard

Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert?



Leider war ich etwas voreilig und hab die Datei gelöscht.

Antwort

Themen zu Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert?
adobe, alert, antivirus, backdoor bifrose, bho, browser, browser guard, cyberghost, dateisystem, defender, entfernen, explorer, ferngesteuert, festplatte, firewall, g data, g-data, gservice, hijack.displayproperties, hijackthis, hkus\s-1-5-18, keine funde, magix, nvidia, pdf, performance, plug-in, proxy, registrierungsschlüssel, remote control, saver, schutz, security, senden, software, spyware, suchlauf, system, syswow64, toolbars, usb, virus, windows



Ähnliche Themen: Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert?


  1. Mein Computer wurde Ferngesteuert und somit mein Steam Account hijacked
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (3)
  2. Wird mein PC ferngesteuert?
    Plagegeister aller Art und deren Bekämpfung - 09.01.2014 (15)
  3. backdoor,win32.bifrose.f
    Plagegeister aller Art und deren Bekämpfung - 02.02.2012 (16)
  4. Bifrose.Backdoor
    Log-Analyse und Auswertung - 19.01.2011 (11)
  5. backdoor Gendal auf PC, gibts Möglichkeit wie datei auf system kam
    Plagegeister aller Art und deren Bekämpfung - 13.10.2010 (9)
  6. backdoor Gendal auf PC, gibts Möglichkeit wie datei auf system kam
    Diskussionsforum - 12.10.2010 (5)
  7. Datei dhm.scr mit Bifrose / Bifrost geöffnet - ist mein PC infiziert?
    Log-Analyse und Auswertung - 24.05.2010 (6)
  8. Bifrose-Befall?
    Log-Analyse und Auswertung - 06.08.2009 (9)
  9. Mein PC total befallen..Backdoor.Win32.Bifrose.zuh usw.
    Plagegeister aller Art und deren Bekämpfung - 15.01.2009 (0)
  10. Backdoor.Bifrose.acs
    Plagegeister aller Art und deren Bekämpfung - 24.11.2008 (3)
  11. System stürzt permanent ab! Wahrscheinlich Backdoor.Bifrose Befall
    Log-Analyse und Auswertung - 24.02.2008 (0)
  12. Win32.Backdoor.Bifrose
    Log-Analyse und Auswertung - 26.11.2007 (3)
  13. Backdoor Bifrose
    Plagegeister aller Art und deren Bekämpfung - 24.11.2007 (6)
  14. backdoor.win32.bifrose.aej befall?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2007 (13)
  15. Evtl. Bifrose Befall
    Log-Analyse und Auswertung - 22.04.2007 (11)
  16. Backdoor.Bifrose ?
    Log-Analyse und Auswertung - 21.12.2006 (2)
  17. Bifrose.EE/Backdoor.Brifose
    Plagegeister aller Art und deren Bekämpfung - 05.12.2005 (2)

Zum Thema Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert? - Hallo, Habe mir den Backdoor.Bifrose.AAGY eingefangen und auch mit G-Data entfernen können. Neuer Suchlauf zeigt keine Funde mehr. Bin ich den Virus los oder ist mein System schon ferngesteuert?? Vielen - Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert?...
Archiv
Du betrachtest: Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.