Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BOO/Sinowal.F in Masterbootsektor

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.07.2011, 21:27   #1
wursch
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



Ich habe wie der Titel schon sagt ein Sinowal-F Problem.
Jedenfalls behauptet Antivir das ich es in Masterbotsektor 1 und 2 hätte

Zitat:
Die Datei 'Masterbootsektor HD2'
enthielt einen Virus oder unerwünschtes Programm 'BOO/Sinowal.F' [virus].
Durchgeführte Aktion(en):
Enthält Code des Bootsektorvirus BOO/Sinowal.F.
Der Sektor wurde nicht neu geschrieben!
mbr hab ich mich schon heruntergeladen und hier ist die log datei:

Zitat:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR
error: Read Das Handle ist ungültig.
kernel: error reading MBR
Allerdings vermag ich damit nichts anzufangen?
Kann mir jemand helfen?

Geändert von wursch (04.07.2011 um 21:42 Uhr)

Alt 05.07.2011, 08:09   #2
kira
/// Helfer-Team
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 05.07.2011, 08:54   #3
wursch
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



Vielen dank für die schnelle Antwort.

zu ""Komplett Scan durchführen" wählen (überall Haken setzen)" habe ich eine Frage.
Bei mir Steht nur Vollständigen Suchlauf durchführen. ist das gemeint?

zudem habe ich gestern abend nach meinem Posting noch entdeckt das es weitere Schritte in der Anleitung zum Themen erstellen gab (nach der großen roten 1)

Hab inzwischen den Defogger und OTL drüber laufen lassen so wie in der Anleitung erklärt und poste sie hier (Hatte mich vorher niche getraut was es hies das ein Doppelposting nicht erwünscht ist und das THema dann als in bearbeitung gillt):

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:23 on 04/07/2011 (Bobby)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCUAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

Wenn mit Komplett Scan "Vollständigen Suchlauf durchführen" gemeint ist mach ich das dann sofort.
__________________

Alt 05.07.2011, 14:34   #4
wursch
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



Ich habe die Anleitung zum MBAM gefunden und verstanden das der Vollscan der richtige ist.

Danach hab ich alles ausgeführt.
Beim MBAM Scan ist immer wieder Antivir aufgeploppt und hat mir Dateien angezeigt die ich dann auch entfernt habe.

Zudem ist mir aufgefallen das ich noch ein altes Windows System auf der Platte drauf habe (Windiws.old) und da waren scheinbar auch noch versäuchungen drin. Das hatte ich damals neu aufgespielt weil es auch versäucht war, aber hatte es nicht gelöscht.
Soll ich sicherheitshalber den Windows.old ordner komplett löschen?

bzw hier die Logs:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7026

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.07.2011 15:07:35
mbam-log-2011-07-05 (15-07-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|L:\|M:\|)
Durchsuchte Objekte: 1007201
Laufzeit: 3 Stunde(n), 3 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Bobby\AppData\Local\Temp\77F.tmp\removewat.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Admin\AppData\Roaming\apmanager\uninstall.exe (Trojan.FraudTool) -> Quarantined and deleted successfully.
c:\Windows.old\Windows\System32\cooper.mine (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows.old\Windows\System32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows.old\Windows\System32\uqfasnejhs.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\tujserrew.bat (Malware.Trace) -> Quarantined and deleted successfully.
         
OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.07.2011 15:14:19 - Run 2
OTL by OldTimer - Version 3.2.26.0     Folder = C:\Users\Bobby\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,44 Gb Available Physical Memory | 74,02% Memory free
12,00 Gb Paging File | 10,27 Gb Available in Paging File | 85,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 249,97 Gb Free Space | 53,67% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 295,68 Gb Free Space | 31,74% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 311,97 Gb Free Space | 66,98% Space Free | Partition Type: NTFS
Drive L: | 465,65 Gb Total Space | 2,72 Gb Free Space | 0,58% Space Free | Partition Type: FAT32
Drive M: | 298,09 Gb Total Space | 147,40 Gb Free Space | 49,45% Space Free | Partition Type: NTFS
 
Computer Name: BOBBY-PC | User Name: Bobby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bobby\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - E:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - E:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - E:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - E:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - E:\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Bobby\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (MBAMService) -- E:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- E:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- E:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SbieSvc) -- E:\Sandboxie\SbieSvc.exe (tzuk)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Backup Service Home-Dienst) -- E:\Backup Service Home 3\BSHService.exe (Alexander Seeliger Software)
SRV - (DAUpdaterSvc) -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CableAssociation) -- E:\Hama\WUSB\Association\CableAssociation.exe (Wisair Ltd.)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Ph3xIB64) -- C:\Windows\SysNative\drivers\Ph3xIB64.sys (NXP Semiconductors)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hwa) -- C:\Windows\SysNative\drivers\WSR_HWA.SYS ()
DRV:64bit: - (HWARadio) -- C:\Windows\SysNative\drivers\WSR_RCI.SYS ()
DRV:64bit: - (DWA) -- C:\Windows\SysNative\drivers\WSR_DWA.SYS ()
DRV:64bit: - (TunnelDrv) -- C:\Windows\SysNative\drivers\WSR_CBA.SYS ()
DRV:64bit: - (WSR_USF) -- C:\Windows\SysNative\drivers\WSR_USF.sys ()
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (X-Rite) -- C:\Windows\SysNative\drivers\XrUsb64.sys (X-Rite, Inc.)
DRV - (SbieDrv) -- E:\Sandboxie\SbieDrv.sys (tzuk)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 B7 26 59 A0 6B CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firefox\components [2011.07.04 13:12:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firefox\plugins [2011.06.25 20:07:08 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firefox\components [2011.07.04 13:12:56 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firefox\plugins [2011.06.25 20:07:08 | 000,000,000 | ---D | M]
 
[2010.04.29 00:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby\AppData\Roaming\mozilla\Extensions
[2011.07.05 09:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby\AppData\Roaming\mozilla\Firefox\Profiles\7ihbmt81.default\extensions
[2011.04.22 17:05:42 | 000,000,000 | ---D | M] ("Exif Viewer") -- C:\Users\Bobby\AppData\Roaming\mozilla\Firefox\Profiles\7ihbmt81.default\extensions\exif_viewer@mozilla.doslash.org
[2011.07.02 19:31:11 | 000,001,056 | ---- | M] () -- C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\7ihbmt81.default\searchplugins\icqplugin.xml
[2010.05.11 23:51:02 | 000,000,000 | ---D | M] (Java Console) -- D:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2010.04.29 01:18:57 | 000,001,300 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BambooCore]  File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Bamboo Dock] E:\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.19 21:02:05 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{42a06ce3-536b-11df-bc5b-00248c0ef764}\Shell - "" = AutoRun
O33 - MountPoints2\{42a06ce3-536b-11df-bc5b-00248c0ef764}\Shell\AutoRun\command - "" = N:\start.exe
O33 - MountPoints2\{ec09433e-5316-11df-a516-00248c0ef764}\Shell - "" = AutoRun
O33 - MountPoints2\{ec09433e-5316-11df-a516-00248c0ef764}\Shell\AutoRun\command - "" = K:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.05 15:12:38 | 000,000,000 | ---D | C] -- C:\Users\Bobby\Desktop\Alter log
[2011.07.05 09:45:46 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Malwarebytes
[2011.07.05 09:45:40 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.05 09:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.05 09:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.05 09:45:37 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.05 09:14:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
[2011.07.04 13:21:29 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Avira
[2011.07.04 13:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.07.04 13:18:33 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.07.04 13:18:33 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.07.04 13:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.07.01 18:50:45 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\Phase_One
[2011.07.01 18:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Phase One
[2011.07.01 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\CaptureOne
[2011.07.01 18:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phase One
[2011.07.01 18:36:29 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2011.07.01 18:36:29 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011.07.01 18:36:29 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011.07.01 18:36:29 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011.07.01 18:36:29 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011.07.01 18:36:29 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2011.07.01 18:36:28 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2011.07.01 18:36:28 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011.06.28 02:36:11 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\SKIDROW
[2011.06.28 02:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011.06.27 15:24:38 | 000,000,000 | ---D | C] -- C:\Users\Bobby\Desktop\Zeitrelais
[2011.06.12 07:43:49 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Yxyni
[2011.06.12 07:43:49 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Caze
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.05 15:10:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.05 15:10:14 | 536,125,439 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.05 09:45:40 | 000,000,627 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.05 09:14:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
[2011.07.04 23:41:56 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.04 23:41:56 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.04 23:23:10 | 000,000,148 | ---- | M] () -- C:\Users\Bobby\defogger_reenable
[2011.07.04 23:21:45 | 000,050,477 | ---- | M] () -- C:\Users\Bobby\Desktop\Defogger.exe
[2011.07.04 23:10:05 | 000,002,673 | ---- | M] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay3.prefs
[2011.07.04 23:10:05 | 000,000,346 | -H-- | M] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay3.lic
[2011.07.04 22:57:10 | 000,000,620 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuatoCalibrationLoader.lnk
[2011.07.04 22:57:10 | 000,000,415 | ---- | M] () -- C:\Users\Public\Desktop\iColor Display 3.7.3.0.lnk
[2011.07.04 22:18:00 | 000,089,088 | ---- | M] () -- C:\Users\Bobby\Desktop\mbr.exe
[2011.07.04 13:18:37 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.07.03 22:04:21 | 000,006,692 | ---- | M] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay.prefs
[2011.07.03 22:01:54 | 000,000,390 | ---- | M] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay.lic
[2011.07.03 00:27:19 | 000,216,179 | ---- | M] () -- C:\Users\Bobby\Desktop\klein.jpg
[2011.07.01 18:40:33 | 001,588,294 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.01 18:40:33 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.01 18:40:33 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.01 18:40:33 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.01 18:40:33 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.01 18:40:20 | 001,588,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.28 02:35:06 | 000,000,596 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011.06.27 23:37:05 | 001,923,697 | ---- | M] () -- C:\Users\Bobby\Desktop\Entstehender TaT.jpg
[2011.06.26 04:30:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2011.06.17 12:35:49 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.06.17 12:35:49 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.06.07 01:38:29 | 000,268,215 | ---- | M] () -- C:\Users\Bobby\Desktop\TaT-6-6-11-8c.jpg
[2011.06.07 00:44:11 | 000,372,445 | ---- | M] () -- C:\Users\Bobby\Desktop\TaT-6-6-11-9.jpg
[2011.06.06 21:35:37 | 000,423,675 | ---- | M] () -- C:\Users\Bobby\Desktop\TaT-6-6-11-4.jpg
[2011.06.06 19:55:35 | 000,283,895 | ---- | M] () -- C:\Users\Bobby\Desktop\TaT 6-6-11-1-crop.jpg
[2011.06.05 21:52:44 | 000,595,257 | ---- | M] () -- C:\Users\Bobby\Desktop\TaT 5-6-11-6b.jpg
 
========== Files Created - No Company Name ==========
 
[2011.07.05 09:45:40 | 000,000,627 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.04 23:23:09 | 000,000,148 | ---- | C] () -- C:\Users\Bobby\defogger_reenable
[2011.07.04 23:21:39 | 000,050,477 | ---- | C] () -- C:\Users\Bobby\Desktop\Defogger.exe
[2011.07.04 22:57:10 | 000,000,415 | ---- | C] () -- C:\Users\Public\Desktop\iColor Display 3.7.3.0.lnk
[2011.07.04 22:17:59 | 000,089,088 | ---- | C] () -- C:\Users\Bobby\Desktop\mbr.exe
[2011.07.04 13:18:37 | 000,000,758 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.07.03 00:27:18 | 000,216,179 | ---- | C] () -- C:\Users\Bobby\Desktop\klein.jpg
[2011.07.01 19:25:11 | 001,923,697 | ---- | C] () -- C:\Users\Bobby\Desktop\Entstehender TaT.jpg
[2011.07.01 18:39:07 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.28 02:35:06 | 000,000,596 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011.06.07 01:38:41 | 000,268,215 | ---- | C] () -- C:\Users\Bobby\Desktop\TaT-6-6-11-8c.jpg
[2011.06.07 00:47:27 | 000,372,445 | ---- | C] () -- C:\Users\Bobby\Desktop\TaT-6-6-11-9.jpg
[2011.06.06 21:41:19 | 000,423,675 | ---- | C] () -- C:\Users\Bobby\Desktop\TaT-6-6-11-4.jpg
[2011.06.06 19:56:31 | 000,283,895 | ---- | C] () -- C:\Users\Bobby\Desktop\TaT 6-6-11-1-crop.jpg
[2011.06.05 22:14:14 | 000,595,257 | ---- | C] () -- C:\Users\Bobby\Desktop\TaT 5-6-11-6b.jpg
[2011.04.23 12:40:56 | 000,006,692 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay.prefs
[2011.04.23 12:39:29 | 000,000,390 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay.lic
[2011.04.21 22:41:15 | 000,002,673 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay3.prefs
[2011.04.21 22:41:15 | 000,000,346 | -H-- | C] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay3.lic
[2011.02.09 14:09:40 | 000,000,132 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.01.17 00:27:25 | 000,001,456 | ---- | C] () -- C:\Users\Bobby\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.01.16 22:26:42 | 000,000,132 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.10.17 17:01:27 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC64.dll
[2010.10.04 00:16:26 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
[2010.09.04 23:46:41 | 000,007,606 | ---- | C] () -- C:\Users\Bobby\AppData\Local\Resmon.ResmonCfg
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.06.16 16:51:17 | 000,001,512 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.06.11 17:44:33 | 000,044,918 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.05.26 21:25:17 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini
[2010.05.05 22:10:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.29 11:13:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.04.29 03:35:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.12.18 11:58:28 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2007.12.28 17:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll
[2002.04.21 20:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002.04.19 16:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\SysWow64\libpostproc.dll
[2002.04.19 15:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2002.04.02 00:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2002.04.02 00:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002.04.02 00:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2002.02.21 18:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2001.06.22 13:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\MPEG2DEC.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Bobby\Desktop\SDIM0119.AVI:TOC.WMV

< End of report >
         
--- --- ---

[/CODE]

Extra
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.07.2011 15:14:19 - Run 2
OTL by OldTimer - Version 3.2.26.0     Folder = C:\Users\Bobby\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,44 Gb Available Physical Memory | 74,02% Memory free
12,00 Gb Paging File | 10,27 Gb Available in Paging File | 85,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 249,97 Gb Free Space | 53,67% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 295,68 Gb Free Space | 31,74% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 311,97 Gb Free Space | 66,98% Space Free | Partition Type: NTFS
Drive L: | 465,65 Gb Total Space | 2,72 Gb Free Space | 0,58% Space Free | Partition Type: FAT32
Drive M: | 298,09 Gb Total Space | 147,40 Gb Free Space | 49,45% Space Free | Partition Type: NTFS
 
Computer Name: BOBBY-PC | User Name: Bobby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1387BA33-3FAC-49E9-B545-0E8D3BBC550B}" = Adobe Photoshop Lightroom 3 64-bit
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = WUSB WinDrivers v.14.0.22.0
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"A35BD68D4A1B3E191138E3C9AA417190A9468F7E" = Windows-Treiberpaket - Leaf Imaging Ltd. Image  (02/11/2010 )
"CaptureOne6_is1" = Capture One 6.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"Sandboxie" = Sandboxie 3.442 (64-bit)
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F4B91C5-4524-02A6-1D9B-5AE52CE2E0F4}" = Bamboo Dock
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15A60757-91A9-8875-17C4-7E5C4A7E17AF}" = Livebrush Mini
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4BC51F3D-288E-433A-A428-9A9C34F7F835}" = Image Trends' Fisheye-Hemi Plug-In 1.1.6
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5979B77A-9AE6-4E75-AED8-283C5E16C02D}_is1" = Backup Service Home 3.3.1.4
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B0513493-04B9-4F21-B4AB-83E750D54256}" = Adobe Photoshop Lightroom 2.7
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda 5.5.9
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bamboo Dock" = Bamboo Dock 3.3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1" = Livebrush Mini
"Dfine 2.0" = Dfine 2.0
"DirSync" = DirSync  2.92
"DivX Setup.divx.com" = DivX-Setup
"fc-prints" = fc-prints 
"HDR Efex Pro" = HDR Efex Pro
"ICQToolbar" = ICQ Toolbar
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = WUSB WinDrivers v.14.0.22.0
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"MediaPortal" = MediaPortal
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"Pano2VR" = Pano2VR - Garden Gnome Software
"Pen Tablet Driver" = Bamboo
"PokerStars.net" = PokerStars.net
"Portrait Professional Max 6_is1" = Portrait Professional Max 6.3
"Postal 2_is1" = Portal 2
"PTGui" = PTGui Pro 8.2.1
"Sharpener Pro 3.0" = Sharpener Pro 3.0
"Silver Efex Pro" = Silver Efex Pro
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"Trillian" = Trillian
"Tw500_pro_is1" = Tourweaver 5.00 Professional Edition
"ULTIMATER" = Microsoft Office Ultimate 2007
"Viveza 2" = Viveza 2
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"Warcraft III" = Warcraft III
"WinPcapInst" = WinPcap 4.1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"iColorDisplay" = iColor Display 3.7.3.0 (nur entfernen)
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.06.2011 09:41:19 | Computer Name = Bobby-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 25.06.2011 18:30:24 | Computer Name = Bobby-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.06.2011 04:21:06 | Computer Name = Bobby-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.06.2011 07:39:39 | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Acrobat.exe, Version: 9.0.0.332, 
Zeitstempel: 0x4850eb76  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdb3b  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000cdcbb  ID des fehlerhaften
 Prozesses: 0xb40  Startzeit der fehlerhaften Anwendung: 0x01cc34bee1b66d32  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 239d8cf5-a0b2-11e0-92dd-00248c0ef764
 
Error - 29.06.2011 05:24:22 | Computer Name = Bobby-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 29.06.2011 10:12:33 | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: portal2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d4c804d  Name des fehlerhaften Moduls: valve_avi.dll, Version: 0.0.0.0, Zeitstempel:
 0x4daa2f8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004473  ID des fehlerhaften Prozesses:
 0x1358  Startzeit der fehlerhaften Anwendung: 0x01cc36654c4b0a0b  Pfad der fehlerhaften
 Anwendung: E:\Portal 2\portal2.exe  Pfad des fehlerhaften Moduls: e:\portal 2\bin\valve_avi.dll
Berichtskennung:
 d4aa1c4e-a259-11e0-90f8-00248c0ef764
 
Error - 02.07.2011 02:49:20 | Computer Name = Bobby-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.07.2011 16:28:14 | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.0.0.0,
 Zeitstempel: 0x4bbc5b10  Name des fehlerhaften Moduls: HDR Efex Pro.8bf_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4ca9115a  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x000007fee5d15b45  ID des fehlerhaften Prozesses: 0x1304  Startzeit der fehlerhaften
 Anwendung: 0x01cc38e9e230a41e  Pfad der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe
 Photoshop CS5 (64 Bit)\Photoshop.exe  Pfad des fehlerhaften Moduls: HDR Efex Pro.8bf
Berichtskennung:
 cf7f3bba-a4e9-11e0-a9ff-00248c0ef764
 
Error - 03.07.2011 04:46:26 | Computer Name = Bobby-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 04.07.2011 18:30:51 | Computer Name = Bobby-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 03.01.2011 11:54:31 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
Error - 04.01.2011 07:53:20 | Computer Name = Bobby-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk8\DR8 gefunden.
 
Error - 04.01.2011 09:47:37 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
Error - 05.01.2011 06:41:57 | Computer Name = Bobby-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 05.01.2011 07:12:50 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
Error - 07.01.2011 19:13:24 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
Error - 08.01.2011 09:01:17 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
Error - 08.01.2011 13:00:45 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
Error - 09.01.2011 16:17:04 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
Error - 15.01.2011 07:34:15 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
--- --- ---


[/CODE]

Alt 05.07.2011, 14:38   #5
wursch
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



Muss es leider aussplitten, daher hier der erster Teil von hjtscanlist

Code:
ATTFilter
 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.1.7600]
 
 
C:

       C:\pagefile.sys ---------    
       C:\hiberfil.sys ---------    
  05.07.2011 09:45     C:\ProgramData --------- 172032   
  05.07.2011 09:18     C:\System Volume Information --------- 40960   
  01.07.2011 18:36     C:\Windows --------- 24576   
  18.04.2011 22:39     C:\Program Files (x86) --------- 12288   
  01.01.2011 21:02     C:\Sandbox --------- 0   
  02.09.2010 19:20     C:\Program Files --------- 8192   
  29.04.2010 01:47     C:\JAWGe --------- 206376   
  29.04.2010 01:17     C:\$Recycle.Bin --------- 0   
  29.04.2010 01:17     C:\Users --------- 4096   
  29.04.2010 00:37     C:\BOOTSECT.BAK --------- 8192   
  29.04.2010 00:37     C:\Boot --------- 4096   
  28.04.2010 23:53     C:\Recovery --------- 0   
  28.04.2010 23:26     C:\Windows.old --------- 4096   
  28.04.2010 22:57     C:\Programme --------- 0   
  28.04.2010 22:57     C:\Dokumente und Einstellungen --------- 0   
  28.04.2010 21:05     C:\aaw7boot.log --------- 41334   
  28.09.2009 20:56     C:\Downloads --------- 0   
  14.07.2009 07:08     C:\Documents and Settings --------- 0   
  14.07.2009 05:20     C:\PerfLogs --------- 0   
  14.07.2009 03:38     C:\bootmgr --------- 383562   
  19.06.2009 21:02     C:\Autodesk --------- 0   
  10.05.2009 16:42     C:\IO.SYS --------- 0   
  10.05.2009 16:42     C:\MSDOS.SYS --------- 0   
  02.05.2009 13:42     C:\MSOCache --------- 0   
  02.05.2009 02:37     C:\Boot.ini.saved --------- 354   
  01.05.2009 18:14     C:\Boot.BAK --------- 210   
  01.05.2009 17:05     C:\RHDSetup.log --------- 646   
  01.05.2009 16:55     C:\Intel --------- 0   
  18.09.2006 23:43     C:\config.sys --------- 10   
  18.09.2006 23:43     C:\autoexec.bat --------- 24   
  04.08.2004 14:00     C:\NTDETECT.COM --------- 47564   
  04.08.2004 14:00     C:\bootfont.bin --------- 4952   
  04.08.2004 14:00     C:\ntldr --------- 251184   
----------------------------------------

 
C:\Windows

  05.07.2011 15:17     C:\Windows\WindowsUpdate.log --------- 1797276   
  05.07.2011 15:10     C:\Windows\setupact.log --------- 59909   
  05.07.2011 15:10     C:\Windows\bootstat.dat --------- 67584   
  01.07.2011 18:52     C:\Windows\DPINST.LOG --------- 35178   
  19.04.2011 11:11     C:\Windows\PFRO.log --------- 37518   
  18.04.2011 02:32     C:\Windows\DirectX.log --------- 227162   
  01.01.2011 21:02     C:\Windows\Sandboxie.ini --------- 1512   
  17.10.2010 17:01     C:\Windows\KB893803v2.log --------- 4288   
  11.06.2010 18:03     C:\Windows\War3Unin.dat --------- 44918   
  11.06.2010 17:50     C:\Windows\War3Unin.pif --------- 2829   
  11.06.2010 17:50     C:\Windows\War3Unin.exe --------- 139264   
  01.06.2010 12:49     C:\Windows\MEMORY.DMP --------- 412208607   
  26.05.2010 21:25     C:\Windows\game.ini --------- 300   
  06.05.2010 14:24     C:\Windows\comsetup.log --------- 762   
  29.04.2010 11:13     C:\Windows\nsreg.dat --------- 0   
  29.04.2010 03:35     C:\Windows\Language_trs.ini --------- 1769   
  29.04.2010 02:46     C:\Windows\win.ini --------- 478   
  28.04.2010 23:44     C:\Windows\DtcInstall.log --------- 1774   
  28.04.2010 23:44     C:\Windows\TSSysprep.log --------- 1313   
  18.02.2010 18:45     C:\Windows\eSellerateEngine.dll --------- 356352   
  14.07.2009 06:54     C:\Windows\WindowsShell.Manifest --------- 749   
  14.07.2009 06:51     C:\Windows\setuperr.log --------- 0   
  14.07.2009 03:39     C:\Windows\write.exe --------- 10240   
  14.07.2009 03:39     C:\Windows\splwow64.exe --------- 61952   
  14.07.2009 03:39     C:\Windows\regedit.exe --------- 427008   
  14.07.2009 03:39     C:\Windows\notepad.exe --------- 193536   
  14.07.2009 03:39     C:\Windows\hh.exe --------- 16896   
  14.07.2009 03:39     C:\Windows\HelpPane.exe --------- 733696   
  14.07.2009 03:39     C:\Windows\fveupdate.exe --------- 15360   
  14.07.2009 03:39     C:\Windows\explorer.exe --------- 2868224   
  14.07.2009 03:38     C:\Windows\bfsvc.exe --------- 71168   
  14.07.2009 03:16     C:\Windows\twain_32.dll --------- 51200   
  14.07.2009 03:14     C:\Windows\winhlp32.exe --------- 9728   
  14.07.2009 03:14     C:\Windows\twunk_32.exe --------- 31232   
  14.07.2009 01:06     C:\Windows\mib.bin --------- 43131   
  10.06.2009 23:41     C:\Windows\twunk_16.exe --------- 49680   
  10.06.2009 23:41     C:\Windows\twain.dll --------- 94784   
  10.06.2009 23:08     C:\Windows\system.ini --------- 219   
  10.06.2009 22:52     C:\Windows\WMSysPr9.prx --------- 316640   
  10.06.2009 22:36     C:\Windows\msdfmap.ini --------- 1405   
  10.06.2009 22:31     C:\Windows\Starter.xml --------- 48201   
  10.06.2009 22:30     C:\Windows\HomePremium.xml --------- 48265   
  16.04.2009 17:23     C:\Windows\RtlExUpd.dll --------- 540672   
----------------------------------------

 
C:\Windows\System

----------------------------------------

 
C:\Windows\System32

 05.07.2011 15:21     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 22080  
 05.07.2011 15:21     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 22080  
 05.07.2011 09:45     C:\Windows\system32\drivers --------- 65536  
 04.07.2011 13:18     C:\Windows\system32\catroot --------- 4096  
 01.07.2011 20:33     C:\Windows\system32\config --------- 12288  
 01.07.2011 18:53     C:\Windows\system32\DriverStore --------- 4096  
 01.07.2011 18:40     C:\Windows\system32\perfh009.dat --------- 651450  
 01.07.2011 18:40     C:\Windows\system32\perfc009.dat --------- 120382  
 01.07.2011 18:40     C:\Windows\system32\perfh007.dat --------- 696132  
 01.07.2011 18:40     C:\Windows\system32\perfc007.dat --------- 147428  
 01.07.2011 18:40     C:\Windows\system32\PerfStringBackup.INI --------- 1588294  
 01.07.2011 18:39     C:\Windows\system32\de-DE --------- 327680  
 01.07.2011 18:37     C:\Windows\system32\en-US --------- 4096  
 04.06.2011 01:54     C:\Windows\system32\catroot2 --------- 16384  
 11.03.2011 15:49     C:\Windows\system32\Tasks --------- 4096  
 14.11.2010 18:18     C:\Windows\system32\FxsTmp --------- 0  
 13.10.2010 16:16     C:\Windows\system32\HDREfexProFC64.dll --------- 4096  
 02.09.2010 19:20     C:\Windows\system32\DRVSTORE --------- 0  
 27.07.2010 18:55     C:\Windows\system32\dnssd.dll --------- 95520  
 27.07.2010 18:55     C:\Windows\system32\dnssdX.dll --------- 237856  
 27.07.2010 18:55     C:\Windows\system32\dns-sd.exe --------- 119584  
 27.07.2010 18:55     C:\Windows\system32\jdns_sd.dll --------- 69408  
 13.07.2010 14:26     C:\Windows\system32\Pen_Touch_Tablet.dll --------- 755568  
 13.07.2010 14:26     C:\Windows\system32\Pen_Tablet.dll --------- 762224  
 13.07.2010 14:18     C:\Windows\system32\Wintab32.dll --------- 588800  
 25.06.2010 19:07     C:\Windows\system32\Packet.dll --------- 106000  
 25.06.2010 19:07     C:\Windows\system32\wpcap.dll --------- 369168  
 16.06.2010 07:04     C:\Windows\system32\FNTCACHE.DAT --------- 4826064  
 18.05.2010 01:04     C:\Windows\system32\WTablet --------- 0  
 08.05.2010 22:42     C:\Windows\system32\wdi --------- 4096  
 06.05.2010 20:37     C:\Windows\system32\LogFiles --------- 4096  
 29.04.2010 00:10     C:\Windows\system32\restore --------- 0  
 28.04.2010 23:53     C:\Windows\system32\Recovery --------- 0  
 28.04.2010 23:48     C:\Windows\system32\CodeIntegrity --------- 0  
 28.04.2010 23:45     C:\Windows\system32\license.rtf --------- 56735  
 28.04.2010 23:44     C:\Windows\system32\sysprep --------- 0  
 19.04.2010 20:47     C:\Windows\system32\usbaaplrc.dll --------- 3062048  
 18.03.2010 17:23     C:\Windows\system32\aspnet_counters.dll --------- 20832  
 18.03.2010 14:27     C:\Windows\system32\msvcr100_clr0400.dll --------- 827744  
 24.02.2010 10:16     C:\Windows\system32\MpSigStub.exe --------- 212864  
 04.02.2010 10:01     C:\Windows\system32\xactengine3_6.dll --------- 176984  
 04.02.2010 10:01     C:\Windows\system32\XAPOFX1_4.dll --------- 78680  
 04.02.2010 10:01     C:\Windows\system32\X3DAudio1_7.dll --------- 24920  
 04.02.2010 10:01     C:\Windows\system32\XAudio2_6.dll --------- 530776  
 27.01.2010 00:25     C:\Windows\system32\Viveza2FC32.dll --------- 3072  
 18.12.2009 11:58     C:\Windows\system32\Viveza2FC64.dll --------- 322560  
 25.11.2009 21:47     C:\Windows\system32\netfxperf.dll --------- 48960  
 25.11.2009 21:47     C:\Windows\system32\PresentationHostProxy.dll --------- 109912  
 25.11.2009 21:47     C:\Windows\system32\mscoree.dll --------- 444752  
 25.11.2009 21:47     C:\Windows\system32\PresentationHost.exe --------- 320352  
 25.11.2009 21:47     C:\Windows\system32\dfshim.dll --------- 1942856  
 23.11.2009 15:53     C:\Windows\system32\Pen_Tablet.exe --------- 5556520  
 23.11.2009 15:53     C:\Windows\system32\Touch_Tablet.dll --------- 290088  
 22.10.2009 17:17     C:\Windows\system32\ftd2xx.dll --------- 330056  
 22.10.2009 17:17     C:\Windows\system32\ftbusui.dll --------- 143688  
 22.10.2009 17:16     C:\Windows\system32\FTLang.dll --------- 284992  
 22.10.2009 17:08     C:\Windows\system32\ftserui2.dll --------- 55112  
 04.09.2009 17:44     C:\Windows\system32\XAPOFX1_3.dll --------- 73544  
 04.09.2009 17:44     C:\Windows\system32\XAudio2_5.dll --------- 517960  
 04.09.2009 17:44     C:\Windows\system32\xactengine3_5.dll --------- 176968  
 04.09.2009 17:29     C:\Windows\system32\d3dx10_42.dll --------- 523088  
 04.09.2009 17:29     C:\Windows\system32\d3dx11_42.dll --------- 285024  
 04.09.2009 17:29     C:\Windows\system32\d3dcsx_42.dll --------- 5554512  
 04.09.2009 17:29     C:\Windows\system32\D3DCompiler_42.dll --------- 2582888  
 04.09.2009 17:29     C:\Windows\system32\D3DX9_42.dll --------- 2475352  
 14.07.2009 20:18     C:\Windows\system32\wbem --------- 65536  
 14.07.2009 19:58     C:\Windows\system32\migwiz --------- 4096  
 14.07.2009 19:58     C:\Windows\system32\winrm --------- 0  
 14.07.2009 19:58     C:\Windows\system32\oobe --------- 4096  
 14.07.2009 19:58     C:\Windows\system32\0407 --------- 0  
 14.07.2009 19:58     C:\Windows\system32\migration --------- 0  
 14.07.2009 19:58     C:\Windows\system32\Setup --------- 0  
 14.07.2009 19:58     C:\Windows\system32\Boot --------- 0  
 14.07.2009 19:58     C:\Windows\system32\slmgr --------- 0  
 14.07.2009 19:58     C:\Windows\system32\WinBioPlugIns --------- 0  
 14.07.2009 19:58     C:\Windows\system32\Dism --------- 0  
 14.07.2009 19:58     C:\Windows\system32\WCN --------- 0  
 14.07.2009 19:58     C:\Windows\system32\MUI --------- 0  
 14.07.2009 19:58     C:\Windows\system32\Printing_Admin_Scripts --------- 0  
 14.07.2009 19:58     C:\Windows\system32\de --------- 0  
 14.07.2009 19:58     C:\Windows\system32\com --------- 0  
 14.07.2009 19:58     C:\Windows\system32\perfd007.dat --------- 38104  
 14.07.2009 19:58     C:\Windows\system32\perfi007.dat --------- 295922  
 14.07.2009 07:32     C:\Windows\system32\Speech --------- 0  
 14.07.2009 07:32     C:\Windows\system32\WinBioDatabase --------- 0  
 14.07.2009 07:32     C:\Windows\system32\WindowsPowerShell --------- 0  
 14.07.2009 07:14     C:\Windows\system32\umstartup.etl --------- 21504  
 14.07.2009 07:09     C:\Windows\system32\wfp --------- 0  
 14.07.2009 07:01     C:\Windows\system32\umstartup000.etl --------- 9216  
 14.07.2009 06:57     C:\Windows\system32\desktop.ini --------- 73  
 14.07.2009 06:57     C:\Windows\system32\migwiz.lnk --------- 1244  
 14.07.2009 06:53     C:\Windows\system32\spool --------- 0  
 14.07.2009 06:45     C:\Windows\system32\Microsoft --------- 0  
 14.07.2009 05:20     C:\Windows\system32\zh-TW --------- 0  
 14.07.2009 05:20     C:\Windows\system32\zh-CN --------- 0  
 14.07.2009 05:20     C:\Windows\system32\zh-HK --------- 0  
 14.07.2009 05:20     C:\Windows\system32\uk-UA --------- 0  
 14.07.2009 05:20     C:\Windows\system32\tr-TR --------- 0  
 14.07.2009 05:20     C:\Windows\system32\th-TH --------- 0  
 14.07.2009 05:20     C:\Windows\system32\sv-SE --------- 0  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 05.07.2011 15:10     C:\Windows\Tasks\SA.DAT --------- 6  
 26.06.2011 04:30     C:\Windows\Tasks\Driver Robot.job --------- 366  
 01.04.2011 13:47     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632  
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\Bobby\AppData\Local\Temp

 05.07.2011 15:12     C:\Users\Bobby\AppData\Local\Temp\Acrobat Distiller 9 --------- 0  
 05.07.2011 15:11     C:\Users\Bobby\AppData\Local\Temp\WPDNSE --------- 0  
 05.07.2011 15:11     C:\Users\Bobby\AppData\Local\Temp\divE282.tmp --------- 0  
 05.07.2011 12:00     C:\Users\Bobby\AppData\Local\Temp\77F.tmp --------- 20480  
 05.07.2011 09:15     C:\Users\Bobby\AppData\Local\Temp\PDApp.log --------- 1670394  
 04.07.2011 23:32     C:\Users\Bobby\AppData\Local\Temp\div6B40.tmp --------- 0  
 04.07.2011 23:26     C:\Users\Bobby\AppData\Local\Temp\divF594.tmp --------- 0  
 04.07.2011 23:21     C:\Users\Bobby\AppData\Local\Temp\plugtmp-121 --------- 0  
 04.07.2011 22:57     C:\Users\Bobby\AppData\Local\Temp\{24b663f1-7a60-4b63-887d-c0ac90b68375} --------- 0  
 04.07.2011 22:56     C:\Users\Bobby\AppData\Local\Temp\{42fda0e7-cac6-4abd-ad42-ac194b5f155a} --------- 0  
 04.07.2011 22:06     C:\Users\Bobby\AppData\Local\Temp\amt3.log --------- 280713  
 04.07.2011 22:06     C:\Users\Bobby\AppData\Local\Temp\swtag.log --------- 240047  
 03.07.2011 09:49     C:\Users\Bobby\AppData\Local\Temp\div212.tmp --------- 0  
 03.07.2011 02:37     C:\Users\Bobby\AppData\Local\Temp\div22CB.tmp --------- 0  
 03.07.2011 02:26     C:\Users\Bobby\AppData\Local\Temp\divA381.tmp --------- 0  
 03.07.2011 02:26     C:\Users\Bobby\AppData\Local\Temp\A449.tmp --------- 311456  
 02.07.2011 08:12     C:\Users\Bobby\AppData\Local\Temp\COPE_tmp --------- 0  
 02.07.2011 08:11     C:\Users\Bobby\AppData\Local\Temp\div707D.tmp --------- 0  
 01.07.2011 18:49     C:\Users\Bobby\AppData\Local\Temp\is-CVUSK.tmp --------- 0  
 01.07.2011 18:46     C:\Users\Bobby\AppData\Local\Temp\divD816.tmp --------- 0  
 01.07.2011 18:41     C:\Users\Bobby\AppData\Local\Temp\dd_dotNetFx40_Full_setup_decompression_log.txt --------- 2878  
 01.07.2011 18:41     C:\Users\Bobby\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20110701_183503841.html --------- 881754  
 01.07.2011 18:40     C:\Users\Bobby\AppData\Local\Temp\dd_SetupUtility.txt --------- 660  
 01.07.2011 18:40     C:\Users\Bobby\AppData\Local\Temp\dd_dotNetFx40LP_Full_x86_x64de_decompression_log.txt --------- 3076  
 01.07.2011 18:40     C:\Users\Bobby\AppData\Local\Temp\Microsoft .NET Framework Language Pack Setup_20110701_183923852.html --------- 355162  
 01.07.2011 18:40     C:\Users\Bobby\AppData\Local\Temp\Microsoft .NET Framework Language Pack Setup_20110701_183923852-MSI_netfx_ExtendedLP_x64.msi.txt --------- 1499538  
 01.07.2011 18:40     C:\Users\Bobby\AppData\Local\Temp\ASPNETSetup_00003.log --------- 3652  
 01.07.2011 18:40     C:\Users\Bobby\AppData\Local\Temp\ASPNETSetup_00002.log --------- 5390  
 01.07.2011 18:40     C:\Users\Bobby\AppData\Local\Temp\RGIF86F.tmp --------- 10704  
 01.07.2011 18:40     C:\Users\Bobby\AppData\Local\Temp\RGIF86F.tmp-tmp --------- 9234  
 01.07.2011 18:39     C:\Users\Bobby\AppData\Local\Temp\Microsoft .NET Framework Language Pack Setup_20110701_183923852-MSI_netfx_CoreLP_x64.msi.txt --------- 2145368  
 01.07.2011 18:39     C:\Users\Bobby\AppData\Local\Temp\Microsoft .NET Framework Language Pack Setup_4.0.30319 --------- 0  
 01.07.2011 18:39     C:\Users\Bobby\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20110701_183503841-MSI_netfx_Extended_x64.msi.txt --------- 3461542  
 01.07.2011 18:39     C:\Users\Bobby\AppData\Local\Temp\ASPNETSetup_00001.log --------- 3432  
 01.07.2011 18:39     C:\Users\Bobby\AppData\Local\Temp\ASPNETSetup_00000.log --------- 4716  
 01.07.2011 18:38     C:\Users\Bobby\AppData\Local\Temp\RGIB8B2.tmp --------- 10668  
 01.07.2011 18:38     C:\Users\Bobby\AppData\Local\Temp\RGIB8B2.tmp-tmp --------- 9234  
 01.07.2011 18:38     C:\Users\Bobby\AppData\Local\Temp\dd_wcf_CA_smci_20110701_163836_650.txt --------- 4688  
 01.07.2011 18:38     C:\Users\Bobby\AppData\Local\Temp\dd_wcf_CA_smci_20110701_163819_980.txt --------- 6866  
 01.07.2011 18:38     C:\Users\Bobby\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20110701_183503841-MSI_netfx_Core_x64.msi.txt --------- 7116818  
 01.07.2011 18:36     C:\Users\Bobby\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319 --------- 0  
 01.07.2011 18:36     C:\Users\Bobby\AppData\Local\Temp\bchAC0C.tmp --------- 0  
 01.07.2011 18:36     C:\Users\Bobby\AppData\Local\Temp\bch8B8D.tmp --------- 0  
 01.07.2011 18:36     C:\Users\Bobby\AppData\Local\Temp\dd_TMP4747.tmp_decompression_log.txt --------- 741  
 01.07.2011 18:36     C:\Users\Bobby\AppData\Local\Temp\bch47F5.tmp --------- 0  
 01.07.2011 18:36     C:\Users\Bobby\AppData\Local\Temp\bch31D2.tmp --------- 0  
 01.07.2011 18:36     C:\Users\Bobby\AppData\Local\Temp\dd_TMPAA45.tmp_decompression_log.txt --------- 733  
 01.07.2011 18:35     C:\Users\Bobby\AppData\Local\Temp\bchAB02.tmp --------- 0  
 01.07.2011 18:35     C:\Users\Bobby\AppData\Local\Temp\bch9721.tmp --------- 0  
 01.07.2011 09:53     C:\Users\Bobby\AppData\Local\Temp\divC4D4.tmp --------- 0  
 30.06.2011 08:43     C:\Users\Bobby\AppData\Local\Temp\div5B2A.tmp --------- 0  
 29.06.2011 10:21     C:\Users\Bobby\AppData\Local\Temp\div14B8.tmp --------- 0  
 28.06.2011 23:41     C:\Users\Bobby\AppData\Local\Temp\divB412.tmp --------- 0  
 28.06.2011 14:24     C:\Users\Bobby\AppData\Local\Temp\plugtmp-120 --------- 0  
 28.06.2011 09:42     C:\Users\Bobby\AppData\Local\Temp\div6815.tmp --------- 0  
 28.06.2011 02:15     C:\Users\Bobby\AppData\Local\Temp\hsperfdata_Bobby --------- 0  
 27.06.2011 23:41     C:\Users\Bobby\AppData\Local\Temp\RemoteLog.txt --------- 21456  
 27.06.2011 13:54     C:\Users\Bobby\AppData\Local\Temp\amt.log --------- 44654  
 27.06.2011 13:54     C:\Users\Bobby\AppData\Local\Temp\alm.log --------- 145422  
 27.06.2011 13:40     C:\Users\Bobby\AppData\Local\Temp\libFNP_events.log --------- 1881  
 27.06.2011 13:39     C:\Users\Bobby\AppData\Local\Temp\lilD07F.tmp --------- 1024  
 27.06.2011 13:39     C:\Users\Bobby\AppData\Local\Temp\lilD07E.tmp --------- 1024  
 27.06.2011 13:39     C:\Users\Bobby\AppData\Local\Temp\lilD07D.tmp --------- 1024  
 27.06.2011 08:57     C:\Users\Bobby\AppData\Local\Temp\divB6FF.tmp --------- 0  
 27.06.2011 08:57     C:\Users\Bobby\AppData\Local\Temp\B634.tmp --------- 311456  
 25.06.2011 11:39     C:\Users\Bobby\AppData\Local\Temp\div8065.tmp --------- 0  
 12.06.2011 09:25     C:\Users\Bobby\AppData\Local\Temp\msohtmlclip1 --------- 0  
 12.06.2011 07:45     C:\Users\Bobby\AppData\Local\Temp\plugtmp-119 --------- 0  
 12.06.2011 07:45     C:\Users\Bobby\AppData\Local\Temp\java_install_reg.log --------- 70250  
 12.06.2011 07:44     C:\Users\Bobby\AppData\Local\Temp\plugtmp-118 --------- 0  
 12.06.2011 07:44     C:\Users\Bobby\AppData\Local\Temp\plugtmp-117 --------- 0  
 12.06.2011 07:43     C:\Users\Bobby\AppData\Local\Temp\plugtmp-116 --------- 0  
 11.06.2011 23:27     C:\Users\Bobby\AppData\Local\Temp\csxs-PHXS.log --------- 3582  
 11.06.2011 23:22     C:\Users\Bobby\AppData\Local\Temp\TWAIN.LOG --------- 899  
 11.06.2011 23:22     C:\Users\Bobby\AppData\Local\Temp\Twain001.Mtx --------- 4  
 11.06.2011 23:22     C:\Users\Bobby\AppData\Local\Temp\Twunk001.MTX --------- 156  
 10.06.2011 13:27     C:\Users\Bobby\AppData\Local\Temp\div9B06.tmp --------- 0  
 09.06.2011 07:25     C:\Users\Bobby\AppData\Local\Temp\divC3BB.tmp --------- 0  
 08.06.2011 15:31     C:\Users\Bobby\AppData\Local\Temp\LPRealMathe.pdf --------- 240940  
 08.06.2011 15:22     C:\Users\Bobby\AppData\Local\Temp\dq3q8suj.bmp --------- 1940454  
 08.06.2011 14:05     C:\Users\Bobby\AppData\Local\Temp\divAD5E.tmp --------- 0  
 07.06.2011 13:13     C:\Users\Bobby\AppData\Local\Temp\div36DA.tmp --------- 0  
 07.06.2011 08:15     C:\Users\Bobby\AppData\Local\Temp\div5FBB.tmp --------- 0  
 07.06.2011 08:15     C:\Users\Bobby\AppData\Local\Temp\5F10.tmp --------- 311456  
 06.06.2011 17:16     C:\Users\Bobby\AppData\Local\Temp\divBAE5.tmp --------- 0  
 05.06.2011 23:37     C:\Users\Bobby\AppData\Local\Temp\plugtmp-115 --------- 0  
 05.06.2011 13:18     C:\Users\Bobby\AppData\Local\Temp\yarn84qc.bmp --------- 206054  
 05.06.2011 11:58     C:\Users\Bobby\AppData\Local\Temp\divC553.tmp --------- 0  
 04.06.2011 10:59     C:\Users\Bobby\AppData\Local\Temp\plugtmp-114 --------- 0  
 04.06.2011 08:54     C:\Users\Bobby\AppData\Local\Temp\div5DD8.tmp --------- 0  
 04.06.2011 02:27     C:\Users\Bobby\AppData\Local\Temp\plugtmp-113 --------- 0  
 04.06.2011 01:54     C:\Users\Bobby\AppData\Local\Temp\divAD6D.tmp --------- 0  
 03.06.2011 22:56     C:\Users\Bobby\AppData\Local\Temp\v1y6tohx.bmp --------- 2658358  
 03.06.2011 19:53     C:\Users\Bobby\AppData\Local\Temp\WMPBurn --------- 0  
 03.06.2011 19:06     C:\Users\Bobby\AppData\Local\Temp\{878092d9-ded1-47c6-94c3-49591a1062c8} --------- 0  
 03.06.2011 11:39     C:\Users\Bobby\AppData\Local\Temp\wmsetup.log --------- 9454  
 01.06.2011 14:21     C:\Users\Bobby\AppData\Local\Temp\divC7FF.tmp --------- 0  
 31.05.2011 15:09     C:\Users\Bobby\AppData\Local\Temp\divC4C4.tmp --------- 0  
 31.05.2011 07:40     C:\Users\Bobby\AppData\Local\Temp\divD9E9.tmp --------- 0  
 31.05.2011 07:40     C:\Users\Bobby\AppData\Local\Temp\D93E.tmp --------- 311456  
 30.05.2011 23:14     C:\Users\Bobby\AppData\Local\Temp\plugtmp-112 --------- 0  
 30.05.2011 13:57     C:\Users\Bobby\AppData\Local\Temp\divE56E.tmp --------- 0  
 29.05.2011 22:08     C:\Users\Bobby\AppData\Local\Temp\plugtmp-111 --------- 0  
 29.05.2011 10:08     C:\Users\Bobby\AppData\Local\Temp\div888F.tmp --------- 0  
 28.05.2011 17:25     C:\Users\Bobby\AppData\Local\Temp\div6DEF.tmp --------- 0  
 28.05.2011 10:05     C:\Users\Bobby\AppData\Local\Temp\divC4A5.tmp --------- 0  
 28.05.2011 08:50     C:\Users\Bobby\AppData\Local\Temp\divBC3C.tmp --------- 0  
 27.05.2011 15:49     C:\Users\Bobby\AppData\Local\Temp\96v48yo6.bmp --------- 360054  
 27.05.2011 15:47     C:\Users\Bobby\AppData\Local\Temp\0q4vc999.bmp --------- 490054  
 27.05.2011 15:37     C:\Users\Bobby\AppData\Local\Temp\9hmppxnd.bmp --------- 338966  
 27.05.2011 15:37     C:\Users\Bobby\AppData\Local\Temp\qjx11ow1.bmp --------- 338966  
 27.05.2011 13:24     C:\Users\Bobby\AppData\Local\Temp\divA1D.tmp --------- 0  
 26.05.2011 17:48     C:\Users\Bobby\AppData\Local\Temp\lil18E3.tmp --------- 1024  
 26.05.2011 17:48     C:\Users\Bobby\AppData\Local\Temp\lil18E2.tmp --------- 1024  
 26.05.2011 17:48     C:\Users\Bobby\AppData\Local\Temp\lil18E1.tmp --------- 1024  
 26.05.2011 17:45     C:\Users\Bobby\AppData\Local\Temp\j11x8704.bmp --------- 2527254  
 26.05.2011 13:16     C:\Users\Bobby\AppData\Local\Temp\divE916.tmp --------- 0  
 26.05.2011 07:48     C:\Users\Bobby\AppData\Local\Temp\divB98E.tmp --------- 0  
 25.05.2011 12:59     C:\Users\Bobby\AppData\Local\Temp\divC32F.tmp --------- 0  
 25.05.2011 07:23     C:\Users\Bobby\AppData\Local\Temp\divF71A.tmp --------- 0  
 24.05.2011 22:43     C:\Users\Bobby\AppData\Local\Temp\Nr.5 2011 Gruppe A Terme.doc --------- 30720  
 24.05.2011 10:04     C:\Users\Bobby\AppData\Local\Temp\divC206.tmp --------- 0  
 24.05.2011 10:04     C:\Users\Bobby\AppData\Local\Temp\C061.tmp --------- 311456  
 24.05.2011 02:50     C:\Users\Bobby\AppData\Local\Temp\plugtmp-110 --------- 0  
 23.05.2011 14:13     C:\Users\Bobby\AppData\Local\Temp\divD8F0.tmp --------- 0  
 22.05.2011 23:36     C:\Users\Bobby\AppData\Local\Temp\plugtmp-109 --------- 0  
 22.05.2011 22:41     C:\Users\Bobby\AppData\Local\Temp\Camera_Raw_6_4_updater.zip --------- 41445559  
 21.05.2011 08:50     C:\Users\Bobby\AppData\Local\Temp\divC59F.tmp --------- 0  
 20.05.2011 23:05     C:\Users\Bobby\AppData\Local\Temp\AgWPGPreview-5 --------- 0  
 20.05.2011 14:05     C:\Users\Bobby\AppData\Local\Temp\is3u9fc1.bmp --------- 2527254  
 20.05.2011 14:05     C:\Users\Bobby\AppData\Local\Temp\yum7l7tp.bmp --------- 2527254  
 20.05.2011 14:00     C:\Users\Bobby\AppData\Local\Temp\491tr5yu.bmp --------- 2527254  
 20.05.2011 13:53     C:\Users\Bobby\AppData\Local\Temp\divE214.tmp --------- 0  
 20.05.2011 08:05     C:\Users\Bobby\AppData\Local\Temp\divCABD.tmp --------- 0  
 19.05.2011 15:05     C:\Users\Bobby\AppData\Local\Temp\~DF2B585CB62C33CDFA.TMP --------- 65536  
 19.05.2011 15:05     C:\Users\Bobby\AppData\Local\Temp\~DF3831D231A88EB7A7.TMP --------- 65536  
 19.05.2011 15:04     C:\Users\Bobby\AppData\Local\Temp\~DFA0C079AEE2A7B264.TMP --------- 65536  
 19.05.2011 15:04     C:\Users\Bobby\AppData\Local\Temp\~DF545ABCB431349BBD.TMP --------- 65536  
 19.05.2011 15:04     C:\Users\Bobby\AppData\Local\Temp\~DFEB64DA3A671A0E45.TMP --------- 65536  
 19.05.2011 15:04     C:\Users\Bobby\AppData\Local\Temp\~DF2B5F1241BC483371.TMP --------- 65536  
 19.05.2011 15:04     C:\Users\Bobby\AppData\Local\Temp\~DFC67199F88E802E75.TMP --------- 65536  
 19.05.2011 13:17     C:\Users\Bobby\AppData\Local\Temp\divD73B.tmp --------- 0  
 18.05.2011 20:01     C:\Users\Bobby\AppData\Local\Temp\div1B6C.tmp --------- 0  
 18.05.2011 12:27     C:\Users\Bobby\AppData\Local\Temp\div25C8.tmp --------- 0  
 17.05.2011 21:39     C:\Users\Bobby\AppData\Local\Temp\AgWPGPreview-4 --------- 0  
 17.05.2011 17:44     C:\Users\Bobby\AppData\Local\Temp\plugtmp-108 --------- 0  
 17.05.2011 07:15     C:\Users\Bobby\AppData\Local\Temp\divD815.tmp --------- 0  
 17.05.2011 07:15     C:\Users\Bobby\AppData\Local\Temp\D5F3.tmp --------- 311456  
 16.05.2011 18:17     C:\Users\Bobby\AppData\Local\Temp\lilA180.tmp --------- 1024  
 16.05.2011 18:17     C:\Users\Bobby\AppData\Local\Temp\lilA17E.tmp --------- 1024  
 16.05.2011 18:17     C:\Users\Bobby\AppData\Local\Temp\lilA17F.tmp --------- 1024  
 16.05.2011 17:18     C:\Users\Bobby\AppData\Local\Temp\lil1F36.tmp --------- 1024  
 16.05.2011 17:18     C:\Users\Bobby\AppData\Local\Temp\lil1F35.tmp --------- 1024  
 16.05.2011 17:18     C:\Users\Bobby\AppData\Local\Temp\lil1F34.tmp --------- 1024  
 16.05.2011 16:36     C:\Users\Bobby\AppData\Local\Temp\div2EC.tmp --------- 0  
 15.05.2011 19:33     C:\Users\Bobby\AppData\Local\Temp\plugtmp-107 --------- 0  
 14.05.2011 09:13     C:\Users\Bobby\AppData\Local\Temp\div6344.tmp --------- 0  
 13.05.2011 15:58     C:\Users\Bobby\AppData\Local\Temp\15cgayss.bmp --------- 2527254  
 13.05.2011 15:58     C:\Users\Bobby\AppData\Local\Temp\lrv7xkh5.bmp --------- 2511654  
 13.05.2011 15:38     C:\Users\Bobby\AppData\Local\Temp\qmctzy1v.bmp --------- 2535054  
 13.05.2011 15:38     C:\Users\Bobby\AppData\Local\Temp\a8vluszf.bmp --------- 2527254  
 13.05.2011 14:21     C:\Users\Bobby\AppData\Local\Temp\divCA11.tmp --------- 0  
 13.05.2011 08:18     C:\Users\Bobby\AppData\Local\Temp\divCB3A.tmp --------- 0  
 12.05.2011 14:43     C:\Users\Bobby\AppData\Local\Temp\divC199.tmp --------- 0  
 11.05.2011 14:18     C:\Users\Bobby\AppData\Local\Temp\0l55va3y.bmp --------- 2535054  
 11.05.2011 14:17     C:\Users\Bobby\AppData\Local\Temp\d2gapz4x.bmp --------- 2535054  
 11.05.2011 13:43     C:\Users\Bobby\AppData\Local\Temp\divD21D.tmp --------- 0  
 10.05.2011 15:55     C:\Users\Bobby\AppData\Local\Temp\divFA55.tmp --------- 0  
 10.05.2011 08:00     C:\Users\Bobby\AppData\Local\Temp\divC8D9.tmp --------- 0  
 09.05.2011 12:55     C:\Users\Bobby\AppData\Local\Temp\divE732.tmp --------- 0  
 09.05.2011 12:55     C:\Users\Bobby\AppData\Local\Temp\E30D.tmp --------- 311456  
 09.05.2011 07:16     C:\Users\Bobby\AppData\Local\Temp\divCFAD.tmp --------- 0  
 08.05.2011 10:34     C:\Users\Bobby\AppData\Local\Temp\divCEB3.tmp --------- 0  
 07.05.2011 21:26     C:\Users\Bobby\AppData\Local\Temp\9fhdzzc2.bmp --------- 2707510  
 07.05.2011 08:41     C:\Users\Bobby\AppData\Local\Temp\divF7B6.tmp --------- 0  
 06.05.2011 16:34     C:\Users\Bobby\AppData\Local\Temp\div7B27.tmp --------- 0  
 04.05.2011 12:35     C:\Users\Bobby\AppData\Local\Temp\divCA9E.tmp --------- 0  
 04.05.2011 07:51     C:\Users\Bobby\AppData\Local\Temp\div758C.tmp --------- 0  
 03.05.2011 16:08     C:\Users\Bobby\AppData\Local\Temp\divDB8F.tmp --------- 0  
 03.05.2011 08:18     C:\Users\Bobby\AppData\Local\Temp\divD316.tmp --------- 0  
 02.05.2011 12:46     C:\Users\Bobby\AppData\Local\Temp\div532E.tmp --------- 0  
 02.05.2011 12:37     C:\Users\Bobby\AppData\Local\Temp\div28E3.tmp --------- 0  
 02.05.2011 12:37     C:\Users\Bobby\AppData\Local\Temp\27BB.tmp --------- 311456  
 01.05.2011 21:42     C:\Users\Bobby\AppData\Local\Temp\91hqa8b3.bmp --------- 2527254  
 01.05.2011 21:41     C:\Users\Bobby\AppData\Local\Temp\jysolvwd.bmp --------- 2527254  
 01.05.2011 20:14     C:\Users\Bobby\AppData\Local\Temp\div4173.tmp --------- 0  
 24.04.2011 07:00     C:\Users\Bobby\AppData\Local\Temp\divAE8.tmp --------- 0  
 23.04.2011 18:29     C:\Users\Bobby\AppData\Local\Temp\csxs-FWKS.log --------- 4416  
 23.04.2011 16:41     C:\Users\Bobby\AppData\Local\Temp\divD00A.tmp --------- 0  
 23.04.2011 12:39     C:\Users\Bobby\AppData\Local\Temp\{91bfae24-0308-408b-8168-480b60f3d901} --------- 0  
 23.04.2011 12:37     C:\Users\Bobby\AppData\Local\Temp\DMIF2C.tmp --------- 0  
 23.04.2011 12:24     C:\Users\Bobby\AppData\Local\Temp\divDF94.tmp --------- 0  
 22.04.2011 23:24     C:\Users\Bobby\AppData\Local\Temp\_ptgtmp_YQUHCF.mov --------- 273225  
 22.04.2011 23:24     C:\Users\Bobby\AppData\Local\Temp\_ptgtmp_E9DOW0.mov --------- 273225  
 22.04.2011 10:11     C:\Users\Bobby\AppData\Local\Temp\divC38C.tmp --------- 0  
 21.04.2011 22:35     C:\Users\Bobby\AppData\Local\Temp\{4e4d3a52-8d9f-48d5-9381-e22a2c333d2b} --------- 0  
 21.04.2011 22:35     C:\Users\Bobby\AppData\Local\Temp\{9132091C-5680-49F7-8B11-18DC2680A12A} --------- 0  
 21.04.2011 11:16     C:\Users\Bobby\AppData\Local\Temp\divEDF6.tmp --------- 0  
 20.04.2011 09:09     C:\Users\Bobby\AppData\Local\Temp\div9923.tmp --------- 0  
 20.04.2011 09:09     C:\Users\Bobby\AppData\Local\Temp\94B0.tmp --------- 311456  
 19.04.2011 11:13     C:\Users\Bobby\AppData\Local\Temp\div9D76.tmp --------- 0  
 19.04.2011 01:10     C:\Users\Bobby\AppData\Local\Temp\plugtmp-106 --------- 0  
 18.04.2011 23:03     C:\Users\Bobby\AppData\Local\Temp\~DF95F8164ADCAB3FC4.TMP --------- 65536  
 18.04.2011 23:03     C:\Users\Bobby\AppData\Local\Temp\~DF1068F4B52843AC00.TMP --------- 65536  
 18.04.2011 23:03     C:\Users\Bobby\AppData\Local\Temp\~DF19A2FD907BE0C49D.TMP --------- 65536  
 18.04.2011 23:02     C:\Users\Bobby\AppData\Local\Temp\~DF1C6FD36F3689D60B.TMP --------- 65536  
 18.04.2011 23:02     C:\Users\Bobby\AppData\Local\Temp\~DFC58D544064D60E8D.TMP --------- 65536  
 18.04.2011 23:02     C:\Users\Bobby\AppData\Local\Temp\~DF701C264CBCC21334.TMP --------- 65536  
 18.04.2011 23:01     C:\Users\Bobby\AppData\Local\Temp\~DF4140840549921A85.TMP --------- 65536  
 18.04.2011 23:01     C:\Users\Bobby\AppData\Local\Temp\~DF07A3421D07BDB9B7.TMP --------- 65536  
 18.04.2011 23:01     C:\Users\Bobby\AppData\Local\Temp\~DFFE122F30CF2E1695.TMP --------- 65536  
 18.04.2011 23:01     C:\Users\Bobby\AppData\Local\Temp\~DF00D49619EC072078.TMP --------- 65536  
 18.04.2011 23:01     C:\Users\Bobby\AppData\Local\Temp\~DF14DD2C101251B4F7.TMP --------- 65536  
 18.04.2011 23:01     C:\Users\Bobby\AppData\Local\Temp\~DFAC554F329A174959.TMP --------- 65536  
 18.04.2011 23:00     C:\Users\Bobby\AppData\Local\Temp\~DFFDD8696B302E9EFE.TMP --------- 65536  
 18.04.2011 23:00     C:\Users\Bobby\AppData\Local\Temp\~DFF6D4264C78AF2784.TMP --------- 65536  
 18.04.2011 23:00     C:\Users\Bobby\AppData\Local\Temp\~DF5CA6473DE426F878.TMP --------- 65536  
 18.04.2011 23:00     C:\Users\Bobby\AppData\Local\Temp\~DF9496088BB28F760B.TMP --------- 65536  
 18.04.2011 23:00     C:\Users\Bobby\AppData\Local\Temp\~DF6E015B7B00E2A09C.TMP --------- 65536  
 18.04.2011 22:59     C:\Users\Bobby\AppData\Local\Temp\~DF9E90B43734F591F9.TMP --------- 65536  
 18.04.2011 22:58     C:\Users\Bobby\AppData\Local\Temp\~DFCBA471A45D063A9A.TMP --------- 65536  
 18.04.2011 22:58     C:\Users\Bobby\AppData\Local\Temp\~DF34DEC2E26BBAF763.TMP --------- 65536  
 18.04.2011 22:58     C:\Users\Bobby\AppData\Local\Temp\~DF5627D88931C0AD96.TMP --------- 65536  
 18.04.2011 22:58     C:\Users\Bobby\AppData\Local\Temp\~DF8A80F4F4D2979205.TMP --------- 65536  
 18.04.2011 22:57     C:\Users\Bobby\AppData\Local\Temp\~DF982223ABC98B1057.TMP --------- 65536  
 18.04.2011 22:57     C:\Users\Bobby\AppData\Local\Temp\~DF6DC5A5E3F8B6E598.TMP --------- 65536  
 18.04.2011 22:57     C:\Users\Bobby\AppData\Local\Temp\~DFF9DDAB890EF7DD1B.TMP --------- 65536  
 18.04.2011 22:57     C:\Users\Bobby\AppData\Local\Temp\~DF152C9D376F1E09CE.TMP --------- 65536  
 18.04.2011 22:57     C:\Users\Bobby\AppData\Local\Temp\~DF183BDEBD32CF0254.TMP --------- 65536  
 18.04.2011 22:56     C:\Users\Bobby\AppData\Local\Temp\~DFE1DF194E9FC3C92A.TMP --------- 65536  
 18.04.2011 22:56     C:\Users\Bobby\AppData\Local\Temp\~DFD91EA8D7CE8CDDE9.TMP --------- 65536  
 18.04.2011 22:56     C:\Users\Bobby\AppData\Local\Temp\~DFD0848654B8D5C46B.TMP --------- 65536  
 18.04.2011 22:56     C:\Users\Bobby\AppData\Local\Temp\~DF9C29B63E06952FE8.TMP --------- 65536  
 18.04.2011 22:56     C:\Users\Bobby\AppData\Local\Temp\~DF3E059682889392B1.TMP --------- 65536  
 18.04.2011 22:55     C:\Users\Bobby\AppData\Local\Temp\~DFDE15423ACDA4C374.TMP --------- 65536  
 18.04.2011 22:55     C:\Users\Bobby\AppData\Local\Temp\~DF96D6C23E11EC9FFA.TMP --------- 65536  
 18.04.2011 22:55     C:\Users\Bobby\AppData\Local\Temp\~DF78D0554C286BDC41.TMP --------- 65536  
 18.04.2011 22:54     C:\Users\Bobby\AppData\Local\Temp\~DF1BC796CEB59E89C1.TMP --------- 65536  
 18.04.2011 22:54     C:\Users\Bobby\AppData\Local\Temp\~DFA15A1DE365AB921D.TMP --------- 65536  
 18.04.2011 22:54     C:\Users\Bobby\AppData\Local\Temp\~DF3CE1054D9DC5B000.TMP --------- 65536  
 18.04.2011 22:53     C:\Users\Bobby\AppData\Local\Temp\~DFD564829216B6AE1F.TMP --------- 65536  
 18.04.2011 22:53     C:\Users\Bobby\AppData\Local\Temp\~DFD88FF732389FDC98.TMP --------- 65536  
 18.04.2011 22:53     C:\Users\Bobby\AppData\Local\Temp\~DFF77BB8615353C9A7.TMP --------- 65536  
 18.04.2011 22:53     C:\Users\Bobby\AppData\Local\Temp\~DF72F956F85E6C7800.TMP --------- 65536  
 18.04.2011 22:53     C:\Users\Bobby\AppData\Local\Temp\~DF0E762EA73AD71559.TMP --------- 65536  
 18.04.2011 22:53     C:\Users\Bobby\AppData\Local\Temp\~DF827590CEC273230E.TMP --------- 65536  
 18.04.2011 22:53     C:\Users\Bobby\AppData\Local\Temp\~DF2016E319D184EB96.TMP --------- 65536  
 18.04.2011 22:53     C:\Users\Bobby\AppData\Local\Temp\~DF784DDA2CB4EAE068.TMP --------- 65536  
 18.04.2011 22:52     C:\Users\Bobby\AppData\Local\Temp\~DFA8883899C04BB287.TMP --------- 65536  
 18.04.2011 22:52     C:\Users\Bobby\AppData\Local\Temp\~DF5114C99A4CB1A3C6.TMP --------- 65536  
 18.04.2011 22:52     C:\Users\Bobby\AppData\Local\Temp\~DF2921CA94E137D942.TMP --------- 65536  
 18.04.2011 22:52     C:\Users\Bobby\AppData\Local\Temp\~DF1615B03F04F5D4BE.TMP --------- 65536  
 18.04.2011 22:52     C:\Users\Bobby\AppData\Local\Temp\~DF734B691465484767.TMP --------- 65536  
 18.04.2011 22:52     C:\Users\Bobby\AppData\Local\Temp\~DFD13582BC4F1AA93B.TMP --------- 65536  
 18.04.2011 22:51     C:\Users\Bobby\AppData\Local\Temp\~DF80D321B8F25D498F.TMP --------- 65536  
 18.04.2011 22:51     C:\Users\Bobby\AppData\Local\Temp\~DF8F246CB36D623958.TMP --------- 65536  
 18.04.2011 22:51     C:\Users\Bobby\AppData\Local\Temp\~DF8E59713FD944AB31.TMP --------- 65536  
 18.04.2011 22:51     C:\Users\Bobby\AppData\Local\Temp\~DF815844FBCEBF82BF.TMP --------- 65536  
 18.04.2011 22:51     C:\Users\Bobby\AppData\Local\Temp\~DFF25931431944B5C0.TMP --------- 65536  
 18.04.2011 22:51     C:\Users\Bobby\AppData\Local\Temp\~DF1FD3B681A0015FE4.TMP --------- 65536  
 18.04.2011 22:50     C:\Users\Bobby\AppData\Local\Temp\~DFC1C41D5EF271B071.TMP --------- 65536  
 18.04.2011 22:50     C:\Users\Bobby\AppData\Local\Temp\~DF28992E7F5C4AF36D.TMP --------- 65536  
 18.04.2011 22:50     C:\Users\Bobby\AppData\Local\Temp\~DF7660D9B9CF2ED34E.TMP --------- 65536  
 18.04.2011 22:49     C:\Users\Bobby\AppData\Local\Temp\~DF5A7D2E39B2EE85A6.TMP --------- 65536  
 18.04.2011 22:48     C:\Users\Bobby\AppData\Local\Temp\~DF3954E5612050E6F8.TMP --------- 65536  
 18.04.2011 22:47     C:\Users\Bobby\AppData\Local\Temp\~DFD034CEAC17069BF3.TMP --------- 65536  
 18.04.2011 22:46     C:\Users\Bobby\AppData\Local\Temp\~DF0EA7ECB0BD9A27BE.TMP --------- 65536  
 18.04.2011 22:46     C:\Users\Bobby\AppData\Local\Temp\~DF4534317D9AD907E1.TMP --------- 65536  
 18.04.2011 22:45     C:\Users\Bobby\AppData\Local\Temp\~DF4D7A77B4AB52FD61.TMP --------- 65536  
 18.04.2011 22:45     C:\Users\Bobby\AppData\Local\Temp\~DFAA13593098A83B6B.TMP --------- 65536  
 18.04.2011 22:23     C:\Users\Bobby\AppData\Local\Temp\WZSE0.TMP --------- 0  
 18.04.2011 11:19     C:\Users\Bobby\AppData\Local\Temp\divF9D8.tmp --------- 0  
 18.04.2011 02:35     C:\Users\Bobby\AppData\Local\Temp\dd_vcredistUI3BEC.txt --------- 13038  
 18.04.2011 02:22     C:\Users\Bobby\AppData\Local\Temp\{f90eacf4-d5dd-4f0d-bf15-e63c76a88cc5} --------- 0  
 18.04.2011 02:07     C:\Users\Bobby\AppData\Local\Temp\plugtmp-105 --------- 0  
 18.04.2011 00:52     C:\Users\Bobby\AppData\Local\Temp\msdt --------- 0  
 17.04.2011 12:49     C:\Users\Bobby\AppData\Local\Temp\divC5CD.tmp --------- 0  
 16.04.2011 11:09     C:\Users\Bobby\AppData\Local\Temp\divE751.tmp --------- 0  
 15.04.2011 11:12     C:\Users\Bobby\AppData\Local\Temp\divF2F5.tmp --------- 0  
 15.04.2011 07:16     C:\Users\Bobby\AppData\Local\Temp\div260.tmp --------- 0  
 14.04.2011 07:23     C:\Users\Bobby\AppData\Local\Temp\divD2A9.tmp --------- 0  
 13.04.2011 12:51     C:\Users\Bobby\AppData\Local\Temp\div71A6.tmp --------- 0  
 12.04.2011 16:37     C:\Users\Bobby\AppData\Local\Temp\div1F23.tmp --------- 0  
 11.04.2011 23:02     C:\Users\Bobby\AppData\Local\Temp\divD364.tmp --------- 0  
 11.04.2011 16:26     C:\Users\Bobby\AppData\Local\Temp\divCD4C.tmp --------- 0  
 11.04.2011 07:02     C:\Users\Bobby\AppData\Local\Temp\divA6B9.tmp --------- 0  
 10.04.2011 14:59     C:\Users\Bobby\AppData\Local\Temp\plugtmp-104 --------- 0  
 10.04.2011 14:07     C:\Users\Bobby\AppData\Local\Temp\modB796.tmp --------- 222  
 10.04.2011 14:07     C:\Users\Bobby\AppData\Local\Temp\modB5C1.tmp --------- 0  
 10.04.2011 14:07     C:\Users\Bobby\AppData\Local\Temp\mod9D11.tmp --------- 5  
 10.04.2011 09:52     C:\Users\Bobby\AppData\Local\Temp\div3F6.tmp --------- 0  
 09.04.2011 09:21     C:\Users\Bobby\AppData\Local\Temp\div1296.tmp --------- 0  
 08.04.2011 18:28     C:\Users\Bobby\AppData\Local\Temp\divD0E5.tmp --------- 0  
 06.04.2011 14:15     C:\Users\Bobby\AppData\Local\Temp\div36D9.tmp --------- 0  
 05.04.2011 15:50     C:\Users\Bobby\AppData\Local\Temp\divF1BD.tmp --------- 0  
 04.04.2011 08:00     C:\Users\Bobby\AppData\Local\Temp\divCF01.tmp --------- 0  
 03.04.2011 08:06     C:\Users\Bobby\AppData\Local\Temp\div146A.tmp --------- 0  
 02.04.2011 19:59     C:\Users\Bobby\AppData\Local\Temp\AgWPGExport-4 --------- 0  
 02.04.2011 09:52     C:\Users\Bobby\AppData\Local\Temp\divC725.tmp --------- 0  
 01.04.2011 13:48     C:\Users\Bobby\AppData\Local\Temp\divD577.tmp --------- 0  
 01.04.2011 07:05     C:\Users\Bobby\AppData\Local\Temp\divE252.tmp --------- 0  
 31.03.2011 13:41     C:\Users\Bobby\AppData\Local\Temp\divC0CE.tmp --------- 0  
 29.03.2011 20:21     C:\Users\Bobby\AppData\Local\Temp\div8F34.tmp --------- 0  
 29.03.2011 18:51     C:\Users\Bobby\AppData\Local\Temp\plugtmp-103 --------- 0  
 29.03.2011 09:20     C:\Users\Bobby\AppData\Local\Temp\divBC5B.tmp --------- 0  
 29.03.2011 00:34     C:\Users\Bobby\AppData\Local\Temp\divBCD8.tmp --------- 0  
 28.03.2011 16:23     C:\Users\Bobby\AppData\Local\Temp\CVR5C87.tmp.cvr --------- 1112  
 28.03.2011 16:23     C:\Users\Bobby\AppData\Local\Temp\20536455.od --------- 134  
 28.03.2011 10:42     C:\Users\Bobby\AppData\Local\Temp\div176.tmp --------- 0  
 27.03.2011 11:03     C:\Users\Bobby\AppData\Local\Temp\plugtmp-102 --------- 0  
 27.03.2011 06:39     C:\Users\Bobby\AppData\Local\Temp\modB31C.tmp --------- 222  
 27.03.2011 06:39     C:\Users\Bobby\AppData\Local\Temp\modAFBF.tmp --------- 5  
 27.03.2011 05:52     C:\Users\Bobby\AppData\Local\Temp\div7A4D.tmp --------- 0  
 26.03.2011 09:45     C:\Users\Bobby\AppData\Local\Temp\{4b7475cf-2a56-40be-97ed-8375f8a4883c} --------- 0  
 25.03.2011 14:37     C:\Users\Bobby\AppData\Local\Temp\divCE65.tmp --------- 0  
 25.03.2011 08:18     C:\Users\Bobby\AppData\Local\Temp\divDEBA.tmp --------- 0  
 24.03.2011 14:34     C:\Users\Bobby\AppData\Local\Temp\14D7.tmp --------- 311456  
 24.03.2011 14:30     C:\Users\Bobby\AppData\Local\Temp\divCC62.tmp --------- 0  
 24.03.2011 08:25     C:\Users\Bobby\AppData\Local\Temp\div7619.tmp --------- 0  
 23.03.2011 13:45     C:\Users\Bobby\AppData\Local\Temp\divC419.tmp --------- 0  
 22.03.2011 18:02     C:\Users\Bobby\AppData\Local\Temp\lil5BD5.tmp --------- 1024  
 22.03.2011 18:02     C:\Users\Bobby\AppData\Local\Temp\lil5BD7.tmp --------- 1024  
 22.03.2011 18:02     C:\Users\Bobby\AppData\Local\Temp\lil5BD6.tmp --------- 1024  
 22.03.2011 17:34     C:\Users\Bobby\AppData\Local\Temp\divBCC9.tmp --------- 0  
 22.03.2011 08:59     C:\Users\Bobby\AppData\Local\Temp\divC9A4.tmp --------- 0  
 21.03.2011 14:55     C:\Users\Bobby\AppData\Local\Temp\divB0D7.tmp --------- 0  
 20.03.2011 21:52     C:\Users\Bobby\AppData\Local\Temp\plugtmp-101 --------- 0  
 20.03.2011 18:56     C:\Users\Bobby\AppData\Local\Temp\dsc02611.jpg --------- 309892  
 20.03.2011 11:14     C:\Users\Bobby\AppData\Local\Temp\divC7E0.tmp --------- 0  
 19.03.2011 00:34     C:\Users\Bobby\AppData\Local\Temp\drm_dyndata_7370014.dll --------- 204800  
 18.03.2011 17:30     C:\Users\Bobby\AppData\Local\Temp\div56D6.tmp --------- 0  
 18.03.2011 08:13     C:\Users\Bobby\AppData\Local\Temp\divB357.tmp --------- 0  
 17.03.2011 23:45     C:\Users\Bobby\AppData\Local\Temp\Crysis_Data_DFE --------- 0  
 17.03.2011 14:58     C:\Users\Bobby\AppData\Local\Temp\divE9E2.tmp --------- 0  
 16.03.2011 15:13     C:\Users\Bobby\AppData\Local\Temp\lil8813.tmp --------- 1024  
 16.03.2011 15:13     C:\Users\Bobby\AppData\Local\Temp\lil8815.tmp --------- 1024  
 16.03.2011 15:13     C:\Users\Bobby\AppData\Local\Temp\lil8814.tmp --------- 1024  
 16.03.2011 15:12     C:\Users\Bobby\AppData\Local\Temp\pf7mrqdi.bmp --------- 2527254  
 16.03.2011 14:42     C:\Users\Bobby\AppData\Local\Temp\divBBEE.tmp --------- 0  
 15.03.2011 09:01     C:\Users\Bobby\AppData\Local\Temp\divA9A.tmp --------- 0  
 14.03.2011 15:42     C:\Users\Bobby\AppData\Local\Temp\Physik.pdf --------- 188732  
 14.03.2011 14:50     C:\Users\Bobby\AppData\Local\Temp\divB3E3.tmp --------- 0  
 13.03.2011 12:35     C:\Users\Bobby\AppData\Local\Temp\ajdnt159.bmp --------- 2535054  
 13.03.2011 12:35     C:\Users\Bobby\AppData\Local\Temp\xhxmzrbi.bmp --------- 2535054  
 13.03.2011 10:54     C:\Users\Bobby\AppData\Local\Temp\divCCC0.tmp --------- 0  
 11.03.2011 15:55     C:\Users\Bobby\AppData\Local\Temp\Low --------- 0  
 11.03.2011 15:54     C:\Users\Bobby\AppData\Local\Temp\{1360FCC8-F20B-456B-B0BF-558599BAB84B} --------- 0  
 11.03.2011 15:53     C:\Users\Bobby\AppData\Local\Temp\ABD2BC~1.exe --------- 13942392  
 11.03.2011 15:49     C:\Users\Bobby\AppData\Local\Temp\install_log.log --------- 97  
 11.03.2011 15:49     C:\Users\Bobby\AppData\Local\Temp\ASKSUTBLOG --------- 577516  
 11.03.2011 15:49     C:\Users\Bobby\AppData\Local\Temp\AskSearch --------- 0  
 11.03.2011 15:49     C:\Users\Bobby\AppData\Local\Temp\asktoolbar.exe --------- 3056008  
 11.03.2011 15:35     C:\Users\Bobby\AppData\Local\Temp\plugtmp-100 --------- 0  
 11.03.2011 14:47     C:\Users\Bobby\AppData\Local\Temp\div72CE.tmp --------- 0  
 10.03.2011 16:23     C:\Users\Bobby\AppData\Local\Temp\hug00gab.bmp --------- 2527254  
 09.03.2011 17:17     C:\Users\Bobby\AppData\Local\Temp\vf9lqz93.bmp --------- 2535054  
 09.03.2011 17:17     C:\Users\Bobby\AppData\Local\Temp\bhkxuqiz.bmp --------- 2535054  
 09.03.2011 16:29     C:\Users\Bobby\AppData\Local\Temp\divECFC.tmp --------- 0  
 08.03.2011 10:33     C:\Users\Bobby\AppData\Local\Temp\divC7B1.tmp --------- 0  
 07.03.2011 21:11     C:\Users\Bobby\AppData\Local\Temp\lilC126.tmp --------- 1024  
 07.03.2011 21:11     C:\Users\Bobby\AppData\Local\Temp\lilC127.tmp --------- 1024  
 07.03.2011 21:11     C:\Users\Bobby\AppData\Local\Temp\lilC128.tmp --------- 1024  
 07.03.2011 12:29     C:\Users\Bobby\AppData\Local\Temp\divB911.tmp --------- 0  
 07.03.2011 02:55     C:\Users\Bobby\AppData\Local\Temp\plugtmp-99 --------- 0  
 05.03.2011 15:15     C:\Users\Bobby\AppData\Local\Temp\jar_cache8171993878998625847.tmp --------- 2072  
 05.03.2011 15:15     C:\Users\Bobby\AppData\Local\Temp\jar_cache4014947311916248137.tmp --------- 2090  
 05.03.2011 15:15     C:\Users\Bobby\AppData\Local\Temp\jar_cache3349591570023605088.tmp --------- 680  
 05.03.2011 15:15     C:\Users\Bobby\AppData\Local\Temp\jar_cache4660682444806686113.tmp --------- 615  
 05.03.2011 15:15     C:\Users\Bobby\AppData\Local\Temp\jar_cache3155793434132994394.tmp --------- 3882  
 05.03.2011 15:15     C:\Users\Bobby\AppData\Local\Temp\jar_cache1969089545928637399.tmp --------- 812  
 05.03.2011 15:15     C:\Users\Bobby\AppData\Local\Temp\jar_cache5987301515182237507.tmp --------- 544  
 05.03.2011 15:15     C:\Users\Bobby\AppData\Local\Temp\jar_cache7554853357832164262.tmp --------- 504  
 05.03.2011 15:15     C:\Users\Bobby\AppData\Local\Temp\jar_cache1715255751171785905.tmp --------- 473  
 05.03.2011 09:12     C:\Users\Bobby\AppData\Local\Temp\divADEA.tmp --------- 0  
 03.03.2011 08:04     C:\Users\Bobby\AppData\Local\Temp\divA68B.tmp --------- 0  
 02.03.2011 22:59     C:\Users\Bobby\AppData\Local\Temp\scoped_dir3430 --------- 0  
 02.03.2011 22:59     C:\Users\Bobby\AppData\Local\Temp\scoped_dir3539 --------- 0  
 02.03.2011 13:29     C:\Users\Bobby\AppData\Local\Temp\div1DCC.tmp --------- 0  
 01.03.2011 21:48     C:\Users\Bobby\AppData\Local\Temp\{CDC50364-CF22-4140-9D07-72766CE3842B} --------- 0  
 01.03.2011 21:48     C:\Users\Bobby\AppData\Local\Temp\{093FE826-BE47-4C84-88C2-7F6E8E45DC3F} --------- 0  
 01.03.2011 21:48     C:\Users\Bobby\AppData\Local\Temp\{359FCAA7-B544-4147-AE3B-8C8A526E2427}.log --------- 1869  
 01.03.2011 21:45     C:\Users\Bobby\AppData\Local\Temp\MSI93730.LOG --------- 775246  
 01.03.2011 18:05     C:\Users\Bobby\AppData\Local\Temp\ijg9opnv.bmp --------- 2527254  
 01.03.2011 18:05     C:\Users\Bobby\AppData\Local\Temp\izacw3u3.bmp --------- 2527254  
 01.03.2011 17:46     C:\Users\Bobby\AppData\Local\Temp\div8E4B.tmp --------- 0  
 01.03.2011 08:57     C:\Users\Bobby\AppData\Local\Temp\divD690.tmp --------- 0  
 28.02.2011 14:23     C:\Users\Bobby\AppData\Local\Temp\div9415.tmp --------- 0  
 26.02.2011 10:41     C:\Users\Bobby\AppData\Local\Temp\div20D8.tmp --------- 0  
 23.02.2011 17:53     C:\Users\Bobby\AppData\Local\Temp\014yneep.bmp --------- 2527254  
 23.02.2011 17:52     C:\Users\Bobby\AppData\Local\Temp\qkw4b60f.bmp --------- 2527254  
 23.02.2011 17:52     C:\Users\Bobby\AppData\Local\Temp\fe7onxia.bmp --------- 2535054  
 23.02.2011 17:52     C:\Users\Bobby\AppData\Local\Temp\z0qgak7n.bmp --------- 2535054  
 23.02.2011 17:34     C:\Users\Bobby\AppData\Local\Temp\divE8C8.tmp --------- 0  
 22.02.2011 17:05     C:\Users\Bobby\AppData\Local\Temp\divFA74.tmp --------- 0  
 22.02.2011 08:27     C:\Users\Bobby\AppData\Local\Temp\div29FC.tmp --------- 0  
 20.02.2011 13:43     C:\Users\Bobby\AppData\Local\Temp\div5263.tmp --------- 0  
 20.02.2011 03:48     C:\Users\Bobby\AppData\Local\Temp\plugtmp-98 --------- 0  
 19.02.2011 23:19     C:\Users\Bobby\AppData\Local\Temp\div91E2.tmp --------- 0  
 19.02.2011 23:16     C:\Users\Bobby\AppData\Local\Temp\mod757A.tmp --------- 222  
 19.02.2011 23:16     C:\Users\Bobby\AppData\Local\Temp\mod6228.tmp --------- 0  
 19.02.2011 23:16     C:\Users\Bobby\AppData\Local\Temp\mod3982.tmp --------- 5  
 19.02.2011 18:59     C:\Users\Bobby\AppData\Local\Temp\plugtmp-97 --------- 0  
 19.02.2011 18:11     C:\Users\Bobby\AppData\Local\Temp\mod695F.tmp --------- 222  
 19.02.2011 18:11     C:\Users\Bobby\AppData\Local\Temp\mod6661.tmp --------- 0  
 19.02.2011 18:11     C:\Users\Bobby\AppData\Local\Temp\mod58F7.tmp --------- 5  
 19.02.2011 15:55     C:\Users\Bobby\AppData\Local\Temp\LPRealMathe-7.pdf --------- 240940  
 19.02.2011 15:55     C:\Users\Bobby\AppData\Local\Temp\lilD40.tmp --------- 1024  
 19.02.2011 15:55     C:\Users\Bobby\AppData\Local\Temp\lilD41.tmp --------- 1024  
 19.02.2011 15:55     C:\Users\Bobby\AppData\Local\Temp\lilD42.tmp --------- 1024  
 19.02.2011 15:54     C:\Users\Bobby\AppData\Local\Temp\LPRealMathe-6.pdf --------- 240940  
 19.02.2011 15:03     C:\Users\Bobby\AppData\Local\Temp\verkleinert.zip --------- 6460369  
 17.02.2011 19:43     C:\Users\Bobby\AppData\Local\Temp\lilB6CB.tmp --------- 1024  
 17.02.2011 19:43     C:\Users\Bobby\AppData\Local\Temp\lilB6C9.tmp --------- 1024  
 17.02.2011 19:43     C:\Users\Bobby\AppData\Local\Temp\lilB6CA.tmp --------- 1024  
 17.02.2011 19:36     C:\Users\Bobby\AppData\Local\Temp\i386 --------- 0  
 17.02.2011 19:36     C:\Users\Bobby\AppData\Local\Temp\amd64 --------- 0  
 17.02.2011 17:41     C:\Users\Bobby\AppData\Local\Temp\mod4ADA.tmp --------- 222  
 17.02.2011 17:41     C:\Users\Bobby\AppData\Local\Temp\mod477F.tmp --------- 0  
 17.02.2011 17:41     C:\Users\Bobby\AppData\Local\Temp\plugtmp-96 --------- 0  
 17.02.2011 17:41     C:\Users\Bobby\AppData\Local\Temp\modB3F5.tmp --------- 5  
 17.02.2011 15:03     C:\Users\Bobby\AppData\Local\Temp\divD27A.tmp --------- 0  
 17.02.2011 14:58     C:\Users\Bobby\AppData\Local\Temp\mod397A.tmp --------- 222  
 17.02.2011 14:58     C:\Users\Bobby\AppData\Local\Temp\mod3812.tmp --------- 0  
 17.02.2011 14:58     C:\Users\Bobby\AppData\Local\Temp\mod2FE6.tmp --------- 5  
 17.02.2011 14:42     C:\Users\Bobby\AppData\Local\Temp\plugtmp-95 --------- 0  
 17.02.2011 14:18     C:\Users\Bobby\AppData\Local\Temp\divABD8.tmp --------- 0  
 16.02.2011 13:48     C:\Users\Bobby\AppData\Local\Temp\sww7ipyr.bmp --------- 2527254  
 16.02.2011 13:48     C:\Users\Bobby\AppData\Local\Temp\cigr5jw3.bmp --------- 2527254  
 15.02.2011 23:24     C:\Users\Bobby\AppData\Local\Temp\73zd04d7.bmp --------- 2785334  
 14.02.2011 13:54     C:\Users\Bobby\AppData\Local\Temp\div4172.tmp --------- 0  
 14.02.2011 08:02     C:\Users\Bobby\AppData\Local\Temp\div8B2F.tmp --------- 0  
 13.02.2011 14:55     C:\Users\Bobby\AppData\Local\Temp\pjy6zhrm.bmp --------- 2492334  
 13.02.2011 14:55     C:\Users\Bobby\AppData\Local\Temp\8xhyubh6.bmp --------- 2492334  
 13.02.2011 14:55     C:\Users\Bobby\AppData\Local\Temp\98552bvm.bmp --------- 2492334  
 10.02.2011 14:55     C:\Users\Bobby\AppData\Local\Temp\div96B3.tmp --------- 0  
 09.02.2011 18:33     C:\Users\Bobby\AppData\Local\Temp\om9dr1fl.bmp --------- 2527254  
 09.02.2011 14:16     C:\Users\Bobby\AppData\Local\Temp\iard03vj.bmp --------- 184854  
 09.02.2011 14:16     C:\Users\Bobby\AppData\Local\Temp\sf23jpgt.bmp --------- 184854  
 09.02.2011 14:16     C:\Users\Bobby\AppData\Local\Temp\myosqyqn.bmp --------- 592470  
 09.02.2011 14:12     C:\Users\Bobby\AppData\Local\Temp\k2idfyeb.bmp --------- 75558  
 09.02.2011 14:09     C:\Users\Bobby\AppData\Local\Temp\lj23vwco.bmp --------- 115654  
 09.02.2011 14:09     C:\Users\Bobby\AppData\Local\Temp\p6yhlr70.bmp --------- 115654  
 09.02.2011 14:07     C:\Users\Bobby\AppData\Local\Temp\wbi0723e.bmp --------- 75558  
 09.02.2011 13:45     C:\Users\Bobby\AppData\Local\Temp\div8594.tmp --------- 0  
 07.02.2011 14:25     C:\Users\Bobby\AppData\Local\Temp\znwvaz75.bmp --------- 2535054  
 07.02.2011 14:25     C:\Users\Bobby\AppData\Local\Temp\c460co8c.bmp --------- 2535054  
 07.02.2011 14:24     C:\Users\Bobby\AppData\Local\Temp\34qzf81m.bmp --------- 2527254  
 07.02.2011 14:20     C:\Users\Bobby\AppData\Local\Temp\Physik-8.pdf --------- 188732  
 07.02.2011 14:17     C:\Users\Bobby\AppData\Local\Temp\div8989.tmp --------- 0  
 07.02.2011 14:00     C:\Users\Bobby\AppData\Local\Temp\mod3314.tmp --------- 222  
 07.02.2011 14:00     C:\Users\Bobby\AppData\Local\Temp\mod31CB.tmp --------- 0  
 07.02.2011 13:59     C:\Users\Bobby\AppData\Local\Temp\mod4E0.tmp --------- 5  
 07.02.2011 13:58     C:\Users\Bobby\AppData\Local\Temp\plugtmp-94 --------- 0  
 07.02.2011 13:50     C:\Users\Bobby\AppData\Local\Temp\divD97C.tmp --------- 0  
 07.02.2011 08:02     C:\Users\Bobby\AppData\Local\Temp\div8CD3.tmp --------- 0  
 07.02.2011 02:58     C:\Users\Bobby\AppData\Local\Temp\plugtmp-93 --------- 0  
 06.02.2011 17:28     C:\Users\Bobby\AppData\Local\Temp\jar_cache8561121234707686858.tmp --------- 3281  
 06.02.2011 17:22     C:\Users\Bobby\AppData\Local\Temp\plugtmp-92 --------- 0  
 06.02.2011 16:54     C:\Users\Bobby\AppData\Local\Temp\jar_cache792109186173697724.tmp --------- 3281  
 06.02.2011 14:03     C:\Users\Bobby\AppData\Local\Temp\ap8k0iqf.bmp --------- 2527254  
 06.02.2011 14:02     C:\Users\Bobby\AppData\Local\Temp\hnnpftmx.bmp --------- 2527254  
 06.02.2011 13:55     C:\Users\Bobby\AppData\Local\Temp\6g5r1jhf.bmp --------- 2492334  
 06.02.2011 13:55     C:\Users\Bobby\AppData\Local\Temp\q2oiwe6z.bmp --------- 2492334  
 06.02.2011 13:55     C:\Users\Bobby\AppData\Local\Temp\xpef5xo0.bmp --------- 2492334  
 06.02.2011 13:54     C:\Users\Bobby\AppData\Local\Temp\ug3ftmms.bmp --------- 2492334  
 06.02.2011 13:44     C:\Users\Bobby\AppData\Local\Temp\f78eg4i5.bmp --------- 2527254  
 06.02.2011 13:44     C:\Users\Bobby\AppData\Local\Temp\v9jqtwz0.bmp --------- 2527254  
 06.02.2011 13:25     C:\Users\Bobby\AppData\Local\Temp\aodhk4j8.bmp --------- 2535054  
 06.02.2011 13:20     C:\Users\Bobby\AppData\Local\Temp\ng6tighy.bmp --------- 2527254  
 06.02.2011 13:20     C:\Users\Bobby\AppData\Local\Temp\72qk5b7i.bmp --------- 2527254  
 06.02.2011 13:14     C:\Users\Bobby\AppData\Local\Temp\LPRealPhysik-11.pdf --------- 122376  
 06.02.2011 12:23     C:\Users\Bobby\AppData\Local\Temp\div8C38.tmp --------- 0  
 05.02.2011 10:56     C:\Users\Bobby\AppData\Local\Temp\divA11E.tmp --------- 0  
 04.02.2011 16:27     C:\Users\Bobby\AppData\Local\Temp\div93D5.tmp --------- 0  
 03.02.2011 22:51     C:\Users\Bobby\AppData\Local\Temp\jar_cache8942532094571866425.tmp --------- 3281  
 03.02.2011 22:51     C:\Users\Bobby\AppData\Local\Temp\plugtmp-91 --------- 0  
 03.02.2011 22:35     C:\Users\Bobby\AppData\Local\Temp\jar_cache7732426690710497269.tmp --------- 3281  
 03.02.2011 22:35     C:\Users\Bobby\AppData\Local\Temp\plugtmp-90 --------- 0  
 03.02.2011 15:04     C:\Users\Bobby\AppData\Local\Temp\div90F8.tmp --------- 0  
 02.02.2011 18:02     C:\Users\Bobby\AppData\Local\Temp\plugtmp-89 --------- 0  
 02.02.2011 15:48     C:\Users\Bobby\AppData\Local\Temp\k4nmim9j.bmp --------- 2527254  
 02.02.2011 15:48     C:\Users\Bobby\AppData\Local\Temp\rop4jed4.bmp --------- 2527254  
 02.02.2011 14:53     C:\Users\Bobby\AppData\Local\Temp\div1F90.tmp --------- 0  
 01.02.2011 17:35     C:\Users\Bobby\AppData\Local\Temp\div5ACC.tmp --------- 0  
 01.02.2011 08:31     C:\Users\Bobby\AppData\Local\Temp\div9617.tmp --------- 0  
 31.01.2011 13:48     C:\Users\Bobby\AppData\Local\Temp\div9CDA.tmp --------- 0  
 31.01.2011 08:04     C:\Users\Bobby\AppData\Local\Temp\div9D3A.tmp --------- 0  
 30.01.2011 11:31     C:\Users\Bobby\AppData\Local\Temp\plugtmp-88 --------- 0  
 30.01.2011 10:26     C:\Users\Bobby\AppData\Local\Temp\glc5xpgn.bmp --------- 2527254  
 30.01.2011 10:19     C:\Users\Bobby\AppData\Local\Temp\9gjbv366.bmp --------- 2527254  
 30.01.2011 10:19     C:\Users\Bobby\AppData\Local\Temp\9j7j23km.bmp --------- 2527254  
 30.01.2011 09:48     C:\Users\Bobby\AppData\Local\Temp\3dom98nu.bmp --------- 2535054  
 30.01.2011 09:47     C:\Users\Bobby\AppData\Local\Temp\gisvabv1.bmp --------- 2535054  
 30.01.2011 09:47     C:\Users\Bobby\AppData\Local\Temp\ao8nh6c3.bmp --------- 2527254  
 30.01.2011 09:37     C:\Users\Bobby\AppData\Local\Temp\LPRealPhysik-10.pdf --------- 122376  
 30.01.2011 09:29     C:\Users\Bobby\AppData\Local\Temp\divF881.tmp --------- 0  
 28.01.2011 05:52     C:\Users\Bobby\AppData\Local\Temp\div89E8.tmp --------- 0  
 27.01.2011 14:47     C:\Users\Bobby\AppData\Local\Temp\div9D67.tmp --------- 0  
 27.01.2011 08:13     C:\Users\Bobby\AppData\Local\Temp\div93A7.tmp --------- 0  
 26.01.2011 19:14     C:\Users\Bobby\AppData\Local\Temp\plugtmp-87 --------- 0  
 26.01.2011 16:53     C:\Users\Bobby\AppData\Local\Temp\8cfee7e2e9b5fbfde3c42c18d1f7f474-1.dlc --------- 2052  
 26.01.2011 16:51     C:\Users\Bobby\AppData\Local\Temp\8cfee7e2e9b5fbfde3c42c18d1f7f474.dlc --------- 2052  
 26.01.2011 08:21     C:\Users\Bobby\AppData\Local\Temp\div9201.tmp --------- 0  
 26.01.2011 01:24     C:\Users\Bobby\AppData\Local\Temp\plugtmp-86 --------- 0  
 25.01.2011 08:21     C:\Users\Bobby\AppData\Local\Temp\div9117.tmp --------- 0  
 25.01.2011 08:20     C:\Users\Bobby\AppData\Local\Temp\flaCAD0.tmp --------- 23723768  
 25.01.2011 08:18     C:\Users\Bobby\AppData\Local\Temp\plugtmp-85 --------- 0  
 25.01.2011 08:11     C:\Users\Bobby\AppData\Local\Temp\div8AC1.tmp --------- 0  
 24.01.2011 21:20     C:\Users\Bobby\AppData\Local\Temp\wrd19f001c.~lk --------- 0  
 24.01.2011 13:47     C:\Users\Bobby\AppData\Local\Temp\divABA9.tmp --------- 0  
 23.01.2011 23:45     C:\Users\Bobby\AppData\Local\Temp\plugtmp-84 --------- 0  
 23.01.2011 20:08     C:\Users\Bobby\AppData\Local\Temp\qas8iyz2.bmp --------- 2535054  
 23.01.2011 19:58     C:\Users\Bobby\AppData\Local\Temp\LPRealPhysik-9.pdf --------- 122376  
 23.01.2011 10:46     C:\Users\Bobby\AppData\Local\Temp\jar_cache8117172662727340902.tmp --------- 3882  
 23.01.2011 10:46     C:\Users\Bobby\AppData\Local\Temp\jar_cache5819852832921733065.tmp --------- 2072  
 23.01.2011 10:46     C:\Users\Bobby\AppData\Local\Temp\jar_cache3835340739506342440.tmp --------- 2090  
 23.01.2011 10:43     C:\Users\Bobby\AppData\Local\Temp\div9D39.tmp --------- 0  
 22.01.2011 11:07     C:\Users\Bobby\AppData\Local\Temp\wrd741590.~lk --------- 0  
 22.01.2011 09:00     C:\Users\Bobby\AppData\Local\Temp\div955C.tmp --------- 0  
 21.01.2011 08:11     C:\Users\Bobby\AppData\Local\Temp\div9684.tmp --------- 0  
 20.01.2011 13:08     C:\Users\Bobby\AppData\Local\Temp\wrda900d4.~lk --------- 0  
 20.01.2011 10:04     C:\Users\Bobby\AppData\Local\Temp\div4A1.tmp --------- 0  
 18.01.2011 18:57     C:\Users\Bobby\AppData\Local\Temp\div1776.tmp --------- 0  
 18.01.2011 08:53     C:\Users\Bobby\AppData\Local\Temp\div5F4E.tmp --------- 0  
 17.01.2011 18:11     C:\Users\Bobby\AppData\Local\Temp\csxs-DRWV.log --------- 4616  
 17.01.2011 08:16     C:\Users\Bobby\AppData\Local\Temp\divA8FB.tmp --------- 0  
 16.01.2011 23:35     C:\Users\Bobby\AppData\Local\Temp\xqnoljl5.bmp --------- 1967670  
 16.01.2011 23:29     C:\Users\Bobby\AppData\Local\Temp\qa6nbypf.bmp --------- 2803014  
 16.01.2011 17:02     C:\Users\Bobby\AppData\Local\Temp\8nxowxvl.bmp --------- 9830454  
 16.01.2011 15:13     C:\Users\Bobby\AppData\Local\Temp\csxs2-PHXS.log --------- 100  
 16.01.2011 12:59     C:\Users\Bobby\AppData\Local\Temp\zmucremi.bmp --------- 1449670  
 15.01.2011 10:45     C:\Users\Bobby\AppData\Local\Temp\div2E7E.tmp --------- 0  
 14.01.2011 08:21     C:\Users\Bobby\AppData\Local\Temp\div8B7D.tmp --------- 0  
 13.01.2011 15:36     C:\Users\Bobby\AppData\Local\Temp\o9xgg9le.bmp --------- 2527254  
 13.01.2011 15:34     C:\Users\Bobby\AppData\Local\Temp\vqnv2y2r.bmp --------- 2527254  
 13.01.2011 15:26     C:\Users\Bobby\AppData\Local\Temp\div8AE0.tmp --------- 0  
 12.01.2011 15:56     C:\Users\Bobby\AppData\Local\Temp\lk73w7ve.bmp --------- 2527254  
 12.01.2011 15:54     C:\Users\Bobby\AppData\Local\Temp\zov7rgul.bmp --------- 2527254  
 12.01.2011 08:13     C:\Users\Bobby\AppData\Local\Temp\div959B.tmp --------- 0  
 11.01.2011 17:08     C:\Users\Bobby\AppData\Local\Temp\div8583.tmp --------- 0  
 10.01.2011 15:28     C:\Users\Bobby\AppData\Local\Temp\div5B0A.tmp --------- 0  
 10.01.2011 08:14     C:\Users\Bobby\AppData\Local\Temp\div9858.tmp --------- 0  
 09.01.2011 22:54     C:\Users\Bobby\AppData\Local\Temp\plugtmp-83 --------- 0  
 09.01.2011 22:38     C:\Users\Bobby\AppData\Local\Temp\lightroombearbeitetkleiner.7z --------- 13185266  
 09.01.2011 21:09     C:\Users\Bobby\AppData\Local\Temp\dsc06645.jpg --------- 139275  
 09.01.2011 14:01     C:\Users\Bobby\AppData\Local\Temp\LPRealPhysik-8.pdf --------- 122376  
 08.01.2011 21:41     C:\Users\Bobby\AppData\Local\Temp\wrd21303d4.~lk --------- 0  
 08.01.2011 12:01     C:\Users\Bobby\AppData\Local\Temp\div5BA6.tmp --------- 0  
 08.01.2011 01:23     C:\Users\Bobby\AppData\Local\Temp\Temp2 --------- 0  
 07.01.2011 11:42     C:\Users\Bobby\AppData\Local\Temp\div8027.tmp --------- 0  
 06.01.2011 11:29     C:\Users\Bobby\AppData\Local\Temp\div9423.tmp --------- 0  
 06.01.2011 02:44     C:\Users\Bobby\AppData\Local\Temp\plugtmp-82 --------- 0  
 05.01.2011 12:37     C:\Users\Bobby\AppData\Local\Temp\div9E31.tmp --------- 0  
 04.01.2011 11:30     C:\Users\Bobby\AppData\Local\Temp\div16E9.tmp --------- 0  
 03.01.2011 20:36     C:\Users\Bobby\AppData\Local\Temp\plugtmp-81 --------- 0  
 03.01.2011 20:35     C:\Users\Bobby\AppData\Local\Temp\mod892.tmp --------- 5  
 03.01.2011 11:24     C:\Users\Bobby\AppData\Local\Temp\div94CF.tmp --------- 0  
 02.01.2011 13:12     C:\Users\Bobby\AppData\Local\Temp\div9165.tmp --------- 0  
 02.01.2011 11:47     C:\Users\Bobby\AppData\Local\Temp\div89C7.tmp --------- 0  
 31.12.2010 17:53     C:\Users\Bobby\AppData\Local\Temp\jar_cache2136888344314885231.tmp --------- 465  
 31.12.2010 17:53     C:\Users\Bobby\AppData\Local\Temp\jar_cache5126299803735471706.tmp --------- 215  
 31.12.2010 17:53     C:\Users\Bobby\AppData\Local\Temp\jar_cache1884229192963736707.tmp --------- 18586  
 31.12.2010 17:53     C:\Users\Bobby\AppData\Local\Temp\jar_cache3907559928968600197.tmp --------- 130478  
 31.12.2010 17:53     C:\Users\Bobby\AppData\Local\Temp\jar_cache2773629804568237602.tmp --------- 5546  
 31.12.2010 12:27     C:\Users\Bobby\AppData\Local\Temp\div8E4A.tmp --------- 0  
 30.12.2010 12:11     C:\Users\Bobby\AppData\Local\Temp\divCB88.tmp --------- 0  
 29.12.2010 10:54     C:\Users\Bobby\AppData\Local\Temp\divB1A2.tmp --------- 0  
 29.12.2010 01:16     C:\Users\Bobby\AppData\Local\Temp\wqjtgtd1.bmp --------- 1854870  
 28.12.2010 10:28     C:\Users\Bobby\AppData\Local\Temp\divE5FA.tmp --------- 0  
 27.12.2010 13:14     C:\Users\Bobby\AppData\Local\Temp\div99AF.tmp --------- 0  
 26.12.2010 14:38     C:\Users\Bobby\AppData\Local\Temp\divC3AC.tmp --------- 0  
 25.12.2010 11:07     C:\Users\Bobby\AppData\Local\Temp\div93F5.tmp --------- 0  
 24.12.2010 11:06     C:\Users\Bobby\AppData\Local\Temp\div8804.tmp --------- 0  
 24.12.2010 01:42     C:\Users\Bobby\AppData\Local\Temp\plugtmp-80 --------- 0  
 23.12.2010 16:30     C:\Users\Bobby\AppData\Local\Temp\wrd1141e5c.~lk --------- 0  
 23.12.2010 11:30     C:\Users\Bobby\AppData\Local\Temp\div3A60.tmp --------- 0  
 22.12.2010 10:39     C:\Users\Bobby\AppData\Local\Temp\div889F.tmp --------- 0  
 21.12.2010 01:25     C:\Users\Bobby\AppData\Local\Temp\DSC00856.ARW.tiff.xmp --------- 7144  
 20.12.2010 10:51     C:\Users\Bobby\AppData\Local\Temp\div9991.tmp --------- 0  
 19.12.2010 22:50     C:\Users\Bobby\AppData\Local\Temp\plugtmp-79 --------- 0  
 19.12.2010 16:48     C:\Users\Bobby\AppData\Local\Temp\k5qvdrey.bmp --------- 6000054  
 19.12.2010 16:48     C:\Users\Bobby\AppData\Local\Temp\xav3e2md.bmp --------- 6000054  
 19.12.2010 11:24     C:\Users\Bobby\AppData\Local\Temp\divE13A.tmp --------- 0  
 18.12.2010 11:00     C:\Users\Bobby\AppData\Local\Temp\divD25B.tmp --------- 0  
 16.12.2010 15:00     C:\Users\Bobby\AppData\Local\Temp\divDDFF.tmp --------- 0  
 15.12.2010 14:58     C:\Users\Bobby\AppData\Local\Temp\kggkn5mh.bmp --------- 2527254  
 15.12.2010 14:29     C:\Users\Bobby\AppData\Local\Temp\divA61D.tmp --------- 0  
 14.12.2010 08:12     C:\Users\Bobby\AppData\Local\Temp\div97FA.tmp --------- 0  
 13.12.2010 22:42     C:\Users\Bobby\AppData\Local\Temp\plugtmp-78 --------- 0  
 12.12.2010 17:52     C:\Users\Bobby\AppData\Local\Temp\div866D.tmp --------- 0  
 12.12.2010 10:11     C:\Users\Bobby\AppData\Local\Temp\div9A2C.tmp --------- 0  
 11.12.2010 09:59     C:\Users\Bobby\AppData\Local\Temp\StructuredQuery.log --------- 2475  
 11.12.2010 09:00     C:\Users\Bobby\AppData\Local\Temp\div9720.tmp --------- 0  
 10.12.2010 15:08     C:\Users\Bobby\AppData\Local\Temp\div849A.tmp --------- 0  
 10.12.2010 08:05     C:\Users\Bobby\AppData\Local\Temp\div6D42.tmp --------- 0  
 09.12.2010 07:36     C:\Users\Bobby\AppData\Local\Temp\div9819.tmp --------- 0  
 08.12.2010 14:19     C:\Users\Bobby\AppData\Local\Temp\DSC03502.xmp --------- 7983  
 08.12.2010 11:13     C:\Users\Bobby\AppData\Local\Temp\divA43B.tmp --------- 0  
 07.12.2010 13:42     C:\Users\Bobby\AppData\Local\Temp\div1267.tmp --------- 0  
 06.12.2010 15:27     C:\Users\Bobby\AppData\Local\Temp\wrd16094c.~lk --------- 0  
 06.12.2010 15:03     C:\Users\Bobby\AppData\Local\Temp\div9990.tmp --------- 0  
 06.12.2010 08:04     C:\Users\Bobby\AppData\Local\Temp\div65A5.tmp --------- 0  
 05.12.2010 11:43     C:\Users\Bobby\AppData\Local\Temp\div5511.tmp --------- 0  
 04.12.2010 10:30     C:\Users\Bobby\AppData\Local\Temp\div47A9.tmp --------- 0  
 04.12.2010 09:40     C:\Users\Bobby\AppData\Local\Temp\div8803.tmp --------- 0  
 03.12.2010 18:04     C:\Users\Bobby\AppData\Local\Temp\{60fd0483-046d-4e43-976d-0efdfeca2aa0} --------- 0  
 03.12.2010 14:52     C:\Users\Bobby\AppData\Local\Temp\divF6EB.tmp --------- 0  
 02.12.2010 22:55     C:\Users\Bobby\AppData\Local\Temp\div959A.tmp --------- 0  
 02.12.2010 22:51     C:\Users\Bobby\AppData\Local\Temp\plugtmp-77 --------- 0  
 02.12.2010 14:57     C:\Users\Bobby\AppData\Local\Temp\wrdb8d15fc.~lk --------- 0  
 30.11.2010 09:07     C:\Users\Bobby\AppData\Local\Temp\div86DB.tmp --------- 0
         


Alt 05.07.2011, 14:38   #6
wursch
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



Und hier der zweite Teil von hjtscanlist

Code:
ATTFilter
 28.11.2010 10:19     C:\Users\Bobby\AppData\Local\Temp\jar_cache5982200485097599196.tmp --------- 853  
 28.11.2010 10:19     C:\Users\Bobby\AppData\Local\Temp\jar_cache1877199133028203941.tmp --------- 409  
 28.11.2010 10:19     C:\Users\Bobby\AppData\Local\Temp\jar_cache3926303217056426143.tmp --------- 414  
 28.11.2010 10:19     C:\Users\Bobby\AppData\Local\Temp\jar_cache8508163625815478769.tmp --------- 103  
 28.11.2010 10:19     C:\Users\Bobby\AppData\Local\Temp\jar_cache4001171948258088861.tmp --------- 448  
 28.11.2010 10:19     C:\Users\Bobby\AppData\Local\Temp\jar_cache8352408441756561420.tmp --------- 455  
 28.11.2010 10:16     C:\Users\Bobby\AppData\Local\Temp\jar_cache2724881653711752078.tmp --------- 907  
 28.11.2010 10:16     C:\Users\Bobby\AppData\Local\Temp\jar_cache7277221973162371878.tmp --------- 475  
 28.11.2010 10:16     C:\Users\Bobby\AppData\Local\Temp\jar_cache8551648749378959994.tmp --------- 427  
 28.11.2010 10:16     C:\Users\Bobby\AppData\Local\Temp\jar_cache137875352710570804.tmp --------- 480  
 28.11.2010 10:16     C:\Users\Bobby\AppData\Local\Temp\jar_cache5420661821302167175.tmp --------- 535  
 28.11.2010 10:16     C:\Users\Bobby\AppData\Local\Temp\jar_cache3288724881094022403.tmp --------- 43  
 28.11.2010 10:07     C:\Users\Bobby\AppData\Local\Temp\jar_cache8519232553088941114.tmp --------- 906  
 28.11.2010 10:07     C:\Users\Bobby\AppData\Local\Temp\jar_cache4037311948577134969.tmp --------- 639  
 28.11.2010 10:07     C:\Users\Bobby\AppData\Local\Temp\jar_cache703022164643613405.tmp --------- 58  
 28.11.2010 10:07     C:\Users\Bobby\AppData\Local\Temp\jar_cache2946312129598082100.tmp --------- 217  
 28.11.2010 10:06     C:\Users\Bobby\AppData\Local\Temp\jar_cache8528230224580864266.tmp --------- 2072  
 28.11.2010 10:06     C:\Users\Bobby\AppData\Local\Temp\jar_cache2675511969954931735.tmp --------- 2090  
 28.11.2010 10:06     C:\Users\Bobby\AppData\Local\Temp\jar_cache5411816289915762130.tmp --------- 3882  
 26.11.2010 15:06     C:\Users\Bobby\AppData\Local\Temp\plugtmp-76 --------- 0  
 23.11.2010 17:39     C:\Users\Bobby\AppData\Local\Temp\div5B96.tmp --------- 0  
 22.11.2010 13:39     C:\Users\Bobby\AppData\Local\Temp\divCC14.tmp --------- 0  
 21.11.2010 11:43     C:\Users\Bobby\AppData\Local\Temp\divA350.tmp --------- 0  
 20.11.2010 17:01     C:\Users\Bobby\AppData\Local\Temp\jar_cache3800684118998163054.tmp --------- 2072  
 20.11.2010 17:01     C:\Users\Bobby\AppData\Local\Temp\jar_cache7084778927374784029.tmp --------- 2090  
 20.11.2010 17:01     C:\Users\Bobby\AppData\Local\Temp\jar_cache8277386807200263352.tmp --------- 544  
 20.11.2010 17:01     C:\Users\Bobby\AppData\Local\Temp\jar_cache6862096778988866186.tmp --------- 504  
 20.11.2010 17:01     C:\Users\Bobby\AppData\Local\Temp\jar_cache4451919554277800220.tmp --------- 3882  
 20.11.2010 17:01     C:\Users\Bobby\AppData\Local\Temp\jar_cache340803613120615285.tmp --------- 812  
 20.11.2010 17:01     C:\Users\Bobby\AppData\Local\Temp\jar_cache2141033286888727077.tmp --------- 473  
 20.11.2010 17:01     C:\Users\Bobby\AppData\Local\Temp\jar_cache2056453103345082421.tmp --------- 680  
 20.11.2010 17:01     C:\Users\Bobby\AppData\Local\Temp\jar_cache806867715008166160.tmp --------- 615  
 20.11.2010 10:28     C:\Users\Bobby\AppData\Local\Temp\div31F8.tmp --------- 0  
 19.11.2010 15:02     C:\Users\Bobby\AppData\Local\Temp\div8593.tmp --------- 0  
 18.11.2010 15:24     C:\Users\Bobby\AppData\Local\Temp\yp7d5lj2.bmp --------- 2527254  
 18.11.2010 14:59     C:\Users\Bobby\AppData\Local\Temp\i7jn26ff.bmp --------- 2527254  
 18.11.2010 14:16     C:\Users\Bobby\AppData\Local\Temp\div845B.tmp --------- 0  
 17.11.2010 14:08     C:\Users\Bobby\AppData\Local\Temp\divA7C3.tmp --------- 0  
 16.11.2010 08:51     C:\Users\Bobby\AppData\Local\Temp\div8574.tmp --------- 0  
 15.11.2010 13:32     C:\Users\Bobby\AppData\Local\Temp\div903D.tmp --------- 0  
 14.11.2010 19:17     C:\Users\Bobby\AppData\Local\Temp\oywqo91n.bmp --------- 2535054  
 14.11.2010 19:15     C:\Users\Bobby\AppData\Local\Temp\5kw3mt2a.bmp --------- 2535054  
 14.11.2010 19:14     C:\Users\Bobby\AppData\Local\Temp\pi4ma7kf.bmp --------- 2535054  
 14.11.2010 19:12     C:\Users\Bobby\AppData\Local\Temp\0qevmrad.bmp --------- 2535054  
 14.11.2010 19:10     C:\Users\Bobby\AppData\Local\Temp\u1pcmr50.bmp --------- 2527254  
 14.11.2010 19:08     C:\Users\Bobby\AppData\Local\Temp\o4zumz7n.bmp --------- 2527254  
 14.11.2010 19:06     C:\Users\Bobby\AppData\Local\Temp\9p2pbrw0.bmp --------- 2535054  
 14.11.2010 18:25     C:\Users\Bobby\AppData\Local\Temp\knz5eb0f.bmp --------- 2527254  
 14.11.2010 18:22     C:\Users\Bobby\AppData\Local\Temp\8w8bdcb5.bmp --------- 2527254  
 14.11.2010 18:21     C:\Users\Bobby\AppData\Local\Temp\5z272vao.bmp --------- 2527254  
 14.11.2010 10:00     C:\Users\Bobby\AppData\Local\Temp\div6567.tmp --------- 0  
 13.11.2010 09:52     C:\Users\Bobby\AppData\Local\Temp\divC468.tmp --------- 0  
 12.11.2010 17:38     C:\Users\Bobby\AppData\Local\Temp\div83BF.tmp --------- 0  
 11.11.2010 15:28     C:\Users\Bobby\AppData\Local\Temp\oPackage --------- 0  
 11.11.2010 14:06     C:\Users\Bobby\AppData\Local\Temp\u34bk5s7.bmp --------- 2535054  
 11.11.2010 13:33     C:\Users\Bobby\AppData\Local\Temp\div869C.tmp --------- 0  
 10.11.2010 23:47     C:\Users\Bobby\AppData\Local\Temp\TW2E7A --------- 0  
 10.11.2010 23:27     C:\Users\Bobby\AppData\Local\Temp\DSC03769.xmp --------- 7840  
 10.11.2010 14:40     C:\Users\Bobby\AppData\Local\Temp\TWE8AA --------- 0  
 10.11.2010 14:16     C:\Users\Bobby\AppData\Local\Temp\div9452.tmp --------- 0  
 10.11.2010 08:03     C:\Users\Bobby\AppData\Local\Temp\div94B0.tmp --------- 0  
 09.11.2010 18:59     C:\Users\Bobby\AppData\Local\Temp\TWFCE0 --------- 0  
 09.11.2010 09:02     C:\Users\Bobby\AppData\Local\Temp\divD4DB.tmp --------- 0  
 09.11.2010 00:05     C:\Users\Bobby\AppData\Local\Temp\TWCEA1 --------- 0  
 09.11.2010 00:04     C:\Users\Bobby\AppData\Local\Temp\TWE2AD --------- 0  
 08.11.2010 13:31     C:\Users\Bobby\AppData\Local\Temp\div9C8C.tmp --------- 0  
 07.11.2010 11:55     C:\Users\Bobby\AppData\Local\Temp\div906C.tmp --------- 0  
 06.11.2010 08:31     C:\Users\Bobby\AppData\Local\Temp\div94E0.tmp --------- 0  
 05.11.2010 14:23     C:\Users\Bobby\AppData\Local\Temp\div9D38.tmp --------- 0  
 04.11.2010 00:32     C:\Users\Bobby\AppData\Local\Temp\jar_cache4296194067241058745.tmp --------- 535  
 04.11.2010 00:32     C:\Users\Bobby\AppData\Local\Temp\jar_cache7988253753367445826.tmp --------- 2090  
 04.11.2010 00:32     C:\Users\Bobby\AppData\Local\Temp\jar_cache1950812726001149612.tmp --------- 2072  
 04.11.2010 00:32     C:\Users\Bobby\AppData\Local\Temp\jar_cache3718951230741299669.tmp --------- 217  
 04.11.2010 00:32     C:\Users\Bobby\AppData\Local\Temp\jar_cache4822912109667625140.tmp --------- 43  
 04.11.2010 00:32     C:\Users\Bobby\AppData\Local\Temp\jar_cache4711332130742715798.tmp --------- 639  
 04.11.2010 00:32     C:\Users\Bobby\AppData\Local\Temp\jar_cache3774356276840170038.tmp --------- 58  
 04.11.2010 00:32     C:\Users\Bobby\AppData\Local\Temp\jar_cache8210699335531363982.tmp --------- 504  
 04.11.2010 00:32     C:\Users\Bobby\AppData\Local\Temp\jar_cache2939846490917868822.tmp --------- 473  
 04.11.2010 00:32     C:\Users\Bobby\AppData\Local\Temp\jar_cache4152317224994548500.tmp --------- 615  
 04.11.2010 00:32     C:\Users\Bobby\AppData\Local\Temp\jar_cache3050832056817904673.tmp --------- 544  
 04.11.2010 00:32     C:\Users\Bobby\AppData\Local\Temp\jar_cache2592611094972978983.tmp --------- 3882  
 04.11.2010 00:32     C:\Users\Bobby\AppData\Local\Temp\jar_cache4420878295686015208.tmp --------- 680  
 04.11.2010 00:32     C:\Users\Bobby\AppData\Local\Temp\jar_cache5045922598745632506.tmp --------- 812  
 03.11.2010 14:26     C:\Users\Bobby\AppData\Local\Temp\div8BDA.tmp --------- 0  
 02.11.2010 23:04     C:\Users\Bobby\AppData\Local\Temp\TWEA85 --------- 0  
 02.11.2010 23:04     C:\Users\Bobby\AppData\Local\Temp\TW7989 --------- 0  
 02.11.2010 22:50     C:\Users\Bobby\AppData\Local\Temp\plugtmp-75 --------- 0  
 02.11.2010 17:36     C:\Users\Bobby\AppData\Local\Temp\div4A29.tmp --------- 0  
 02.11.2010 08:38     C:\Users\Bobby\AppData\Local\Temp\div94DF.tmp --------- 0  
 02.11.2010 01:38     C:\Users\Bobby\AppData\Local\Temp\plugtmp-74 --------- 0  
 01.11.2010 17:49     C:\Users\Bobby\AppData\Local\Temp\z4jxaxpz.bmp --------- 43254  
 30.10.2010 09:05     C:\Users\Bobby\AppData\Local\Temp\div955B.tmp --------- 0  
 29.10.2010 15:16     C:\Users\Bobby\AppData\Local\Temp\div510C.tmp --------- 0  
 29.10.2010 07:12     C:\Users\Bobby\AppData\Local\Temp\div7FF8.tmp --------- 0  
 28.10.2010 13:23     C:\Users\Bobby\AppData\Local\Temp\LPRealPhysik-6.pdf --------- 122376  
 28.10.2010 13:23     C:\Users\Bobby\AppData\Local\Temp\plugtmp-73 --------- 0  
 28.10.2010 13:20     C:\Users\Bobby\AppData\Local\Temp\div8A73.tmp --------- 0  
 27.10.2010 21:33     C:\Users\Bobby\AppData\Local\Temp\plugtmp-72 --------- 0  
 27.10.2010 17:34     C:\Users\Bobby\AppData\Local\Temp\div538B.tmp --------- 0  
 26.10.2010 19:14     C:\Users\Bobby\AppData\Local\Temp\Physik-7.pdf --------- 188732  
 26.10.2010 16:44     C:\Users\Bobby\AppData\Local\Temp\div8EF5.tmp --------- 0  
 25.10.2010 13:21     C:\Users\Bobby\AppData\Local\Temp\div1A24.tmp --------- 0  
 25.10.2010 07:55     C:\Users\Bobby\AppData\Local\Temp\plugtmp-71 --------- 0  
 25.10.2010 07:52     C:\Users\Bobby\AppData\Local\Temp\div91D3.tmp --------- 0  
 24.10.2010 11:41     C:\Users\Bobby\AppData\Local\Temp\divCF3F.tmp --------- 0  
 23.10.2010 12:29     C:\Users\Bobby\AppData\Local\Temp\div9BC1.tmp --------- 0  
 23.10.2010 12:24     C:\Users\Bobby\AppData\Local\Temp\plugtmp-70 --------- 0  
 23.10.2010 12:22     C:\Users\Bobby\AppData\Local\Temp\fla5825.tmp --------- 26956554  
 23.10.2010 12:05     C:\Users\Bobby\AppData\Local\Temp\divB51B.tmp --------- 0  
 22.10.2010 23:08     C:\Users\Bobby\AppData\Local\Temp\TW13CB --------- 0  
 22.10.2010 12:26     C:\Users\Bobby\AppData\Local\Temp\div203C.tmp --------- 0  
 21.10.2010 13:13     C:\Users\Bobby\AppData\Local\Temp\divAEF3.tmp --------- 0  
 21.10.2010 12:55     C:\Users\Bobby\AppData\Local\Temp\plugtmp-69 --------- 0  
 21.10.2010 12:06     C:\Users\Bobby\AppData\Local\Temp\mod5BCC.tmp --------- 222  
 21.10.2010 12:06     C:\Users\Bobby\AppData\Local\Temp\mod59D7.tmp --------- 0  
 21.10.2010 12:06     C:\Users\Bobby\AppData\Local\Temp\mod517C.tmp --------- 5  
 21.10.2010 11:42     C:\Users\Bobby\AppData\Local\Temp\TW237D --------- 0  
 21.10.2010 11:40     C:\Users\Bobby\AppData\Local\Temp\TW651D --------- 0  
 21.10.2010 11:37     C:\Users\Bobby\AppData\Local\Temp\TWE36 --------- 0  
 21.10.2010 11:37     C:\Users\Bobby\AppData\Local\Temp\~DF0D9B7E7AAEDEF57D.TMP --------- 19398656  
 21.10.2010 11:05     C:\Users\Bobby\AppData\Local\Temp\TW7D46 --------- 0  
 21.10.2010 11:04     C:\Users\Bobby\AppData\Local\Temp\TW9058 --------- 0  
 21.10.2010 11:04     C:\Users\Bobby\AppData\Local\Temp\TWD5CF --------- 0  
 21.10.2010 11:02     C:\Users\Bobby\AppData\Local\Temp\TW3146 --------- 0  
 21.10.2010 10:55     C:\Users\Bobby\AppData\Local\Temp\TW8CFB --------- 0  
 21.10.2010 10:47     C:\Users\Bobby\AppData\Local\Temp\TWA653 --------- 0  
 21.10.2010 10:44     C:\Users\Bobby\AppData\Local\Temp\TW789E --------- 0  
 21.10.2010 10:44     C:\Users\Bobby\AppData\Local\Temp\TW5880 --------- 0  
 21.10.2010 10:43     C:\Users\Bobby\AppData\Local\Temp\TWCD8E --------- 0  
 21.10.2010 10:24     C:\Users\Bobby\AppData\Local\Temp\~DFCEFD3964DB0604F2.TMP --------- 19398656  
 21.10.2010 09:02     C:\Users\Bobby\AppData\Local\Temp\div9DD4.tmp --------- 0  
 21.10.2010 01:59     C:\Users\Bobby\AppData\Local\Temp\divA3DC.tmp --------- 0  
 20.10.2010 21:09     C:\Users\Bobby\AppData\Local\Temp\~DF5B5A389DFB68EFBD.TMP --------- 17629184  
 20.10.2010 19:43     C:\Users\Bobby\AppData\Local\Temp\~DFA5E663271EF2621A.TMP --------- 17629184  
 20.10.2010 18:47     C:\Users\Bobby\AppData\Local\Temp\NikHDR_lrsettings --------- 12  
 20.10.2010 18:46     C:\Users\Bobby\AppData\Local\Temp\NikHDR_config --------- 335  
 20.10.2010 10:11     C:\Users\Bobby\AppData\Local\Temp\div8F83.tmp --------- 0  
 20.10.2010 03:06     C:\Users\Bobby\AppData\Local\Temp\plugtmp-68 --------- 0  
 19.10.2010 13:34     C:\Users\Bobby\AppData\Local\Temp\divA727.tmp --------- 0  
 17.10.2010 17:02     C:\Users\Bobby\AppData\Local\Temp\NIKHDREfexPro.log --------- 2092  
 17.10.2010 17:01     C:\Users\Bobby\AppData\Local\Temp\NIKHDREfexPro_NAL.log --------- 74  
 17.10.2010 17:01     C:\Users\Bobby\AppData\Local\Temp\dd_vcredistUI79D0.txt --------- 12450  
 17.10.2010 17:01     C:\Users\Bobby\AppData\Local\Temp\dd_vcredistMSI79D0.txt --------- 357202  
 17.10.2010 17:01     C:\Users\Bobby\AppData\Local\Temp\dd_vcredistUI79C6.txt --------- 12530  
 17.10.2010 17:01     C:\Users\Bobby\AppData\Local\Temp\dd_vcredistMSI79C6.txt --------- 354070  
 17.10.2010 12:22     C:\Users\Bobby\AppData\Local\Temp\dd_vcredistUI23A9.txt --------- 11498  
 17.10.2010 12:22     C:\Users\Bobby\AppData\Local\Temp\dd_vcredistMSI23A9.txt --------- 401078  
 17.10.2010 12:22     C:\Users\Bobby\AppData\Local\Temp\dd_vcredistUI2388.txt --------- 11450  
 17.10.2010 12:22     C:\Users\Bobby\AppData\Local\Temp\dd_vcredistMSI2388.txt --------- 368218  
 17.10.2010 12:08     C:\Users\Bobby\AppData\Local\Temp\{d8063de3-7293-4fa9-9ad8-c0af9dd0daf9} --------- 0  
 17.10.2010 12:02     C:\Users\Bobby\AppData\Local\Temp\{17f9de64-d1eb-4b53-acb4-016ff0df5bae} --------- 0  
 17.10.2010 12:02     C:\Users\Bobby\AppData\Local\Temp\{0DFA2CDE-137A-4C08-886C-BAF3689DB86E} --------- 0  
 17.10.2010 12:02     C:\Users\Bobby\AppData\Local\Temp\{748653D1-8586-4101-8CF8-222C9FCACC68} --------- 0  
 17.10.2010 09:32     C:\Users\Bobby\AppData\Local\Temp\div84E7.tmp --------- 0  
 16.10.2010 11:12     C:\Users\Bobby\AppData\Local\Temp\div7A2E.tmp --------- 0  
 15.10.2010 10:15     C:\Users\Bobby\AppData\Local\Temp\div509F.tmp --------- 0  
 14.10.2010 18:30     C:\Users\Bobby\AppData\Local\Temp\plugtmp-67 --------- 0  
 14.10.2010 09:02     C:\Users\Bobby\AppData\Local\Temp\div8FC0.tmp --------- 0  
 13.10.2010 08:29     C:\Users\Bobby\AppData\Local\Temp\divA755.tmp --------- 0  
 12.10.2010 10:40     C:\Users\Bobby\AppData\Local\Temp\div9BF0.tmp --------- 0  
 11.10.2010 10:46     C:\Users\Bobby\AppData\Local\Temp\div9108.tmp --------- 0  
 10.10.2010 09:51     C:\Users\Bobby\AppData\Local\Temp\divA514.tmp --------- 0  
 09.10.2010 09:20     C:\Users\Bobby\AppData\Local\Temp\div8E79.tmp --------- 0  
 08.10.2010 13:34     C:\Users\Bobby\AppData\Local\Temp\div900E.tmp --------- 0  
 08.10.2010 10:07     C:\Users\Bobby\AppData\Local\Temp\DPInst_Monx86.exe --------- 75160  
 08.10.2010 10:07     C:\Users\Bobby\AppData\Local\Temp\DPInst_Monx64.exe --------- 75672  
 08.10.2010 10:06     C:\Users\Bobby\AppData\Local\Temp\OS_Detect.exe --------- 75152  
 08.10.2010 06:32     C:\Users\Bobby\AppData\Local\Temp\div27F9.tmp --------- 0  
 07.10.2010 13:49     C:\Users\Bobby\AppData\Local\Temp\div9AB8.tmp --------- 0  
 06.10.2010 22:34     C:\Users\Bobby\AppData\Local\Temp\{0f855c05-bf83-4ac3-a2ee-9f85bb323839} --------- 0  
 06.10.2010 22:33     C:\Users\Bobby\AppData\Local\Temp\{bf87098d-b1a0-43af-9d81-878654e71999} --------- 0  
 06.10.2010 22:25     C:\Users\Bobby\AppData\Local\Temp\VSDEF86.tmp --------- 0  
 06.10.2010 18:27     C:\Users\Bobby\AppData\Local\Temp\is6CEA.tmp --------- 0  
 06.10.2010 18:26     C:\Users\Bobby\AppData\Local\Temp\isA0C6.tmp --------- 0  
 06.10.2010 13:28     C:\Users\Bobby\AppData\Local\Temp\divC8BA.tmp --------- 0  
 05.10.2010 22:50     C:\Users\Bobby\AppData\Local\Temp\div8F63.tmp --------- 0  
 05.10.2010 21:38     C:\Users\Bobby\AppData\Local\Temp\is4CCE.tmp --------- 0  
 05.10.2010 21:31     C:\Users\Bobby\AppData\Local\Temp\isC315.tmp --------- 0  
 05.10.2010 21:31     C:\Users\Bobby\AppData\Local\Temp\is592C.tmp --------- 0  
 05.10.2010 21:05     C:\Users\Bobby\AppData\Local\Temp\is8A3A.tmp --------- 0  
 05.10.2010 21:00     C:\Users\Bobby\AppData\Local\Temp\is341F.tmp --------- 0  
 05.10.2010 20:51     C:\Users\Bobby\AppData\Local\Temp\is4619.tmp --------- 0  
 05.10.2010 20:51     C:\Users\Bobby\AppData\Local\Temp\isA4AC.tmp --------- 0  
 05.10.2010 20:48     C:\Users\Bobby\AppData\Local\Temp\U1Axt4Km.htm.part --------- 0  
 05.10.2010 20:47     C:\Users\Bobby\AppData\Local\Temp\is1D06.tmp --------- 0  
 05.10.2010 20:47     C:\Users\Bobby\AppData\Local\Temp\isF4DE.tmp --------- 0  
 05.10.2010 20:38     C:\Users\Bobby\AppData\Local\Temp\is6A1C.tmp --------- 0  
 05.10.2010 20:37     C:\Users\Bobby\AppData\Local\Temp\is5239.tmp --------- 0  
 05.10.2010 16:04     C:\Users\Bobby\AppData\Local\Temp\div1B4.tmp --------- 0  
 04.10.2010 12:50     C:\Users\Bobby\AppData\Local\Temp\divC216.tmp --------- 0  
 03.10.2010 10:34     C:\Users\Bobby\AppData\Local\Temp\div8B0F.tmp --------- 0  
 01.10.2010 18:30     C:\Users\Bobby\AppData\Local\Temp\plugtmp-66 --------- 0  
 01.10.2010 15:41     C:\Users\Bobby\AppData\Local\Temp\divA9D5.tmp --------- 0  
 01.10.2010 07:13     C:\Users\Bobby\AppData\Local\Temp\div909B.tmp --------- 0  
 30.09.2010 13:32     C:\Users\Bobby\AppData\Local\Temp\divA005.tmp --------- 0  
 30.09.2010 07:08     C:\Users\Bobby\AppData\Local\Temp\divA1AB.tmp --------- 0  
 27.09.2010 18:15     C:\Users\Bobby\AppData\Local\Temp\{41449af1-e2b4-4b68-b70a-b072d555e181} --------- 0  
 26.09.2010 19:58     C:\Users\Bobby\AppData\Local\Temp\DSC_0003.NEF-1.tiff.xmp --------- 7091  
 22.09.2010 14:35     C:\Users\Bobby\AppData\Local\Temp\{a6465287-43cc-481f-b52a-099167ee176f} --------- 0  
 20.09.2010 13:38     C:\Users\Bobby\AppData\Local\Temp\LPRealPhysik-7.pdf --------- 122376  
 18.09.2010 19:23     C:\Users\Bobby\AppData\Local\Temp\fheo1477.bmp --------- 15925302  
 18.09.2010 19:20     C:\Users\Bobby\AppData\Local\Temp\qcq0la46.bmp --------- 15925302  
 18.09.2010 19:11     C:\Users\Bobby\AppData\Local\Temp\n8938p8x.bmp --------- 15925302  
 18.09.2010 10:14     C:\Users\Bobby\AppData\Local\Temp\divE040.tmp --------- 0  
 17.09.2010 14:48     C:\Users\Bobby\AppData\Local\Temp\divA380.tmp --------- 0  
 16.09.2010 07:25     C:\Users\Bobby\AppData\Local\Temp\div8DCD.tmp --------- 0  
 15.09.2010 23:29     C:\Users\Bobby\AppData\Local\Temp\~4DAC.mp3 --------- 291960  
 15.09.2010 23:29     C:\Users\Bobby\AppData\Local\Temp\~4DAC.tmp --------- 0  
 15.09.2010 23:28     C:\Users\Bobby\AppData\Local\Temp\~501C.mp3 --------- 291960  
 15.09.2010 23:28     C:\Users\Bobby\AppData\Local\Temp\~501C.tmp --------- 0  
 15.09.2010 14:06     C:\Users\Bobby\AppData\Local\Temp\div8B5D.tmp --------- 0  
 14.09.2010 16:47     C:\Users\Bobby\AppData\Local\Temp\jar_cache3365351495356586498.tmp --------- 2344  
 14.09.2010 16:47     C:\Users\Bobby\AppData\Local\Temp\jar_cache9072242550413067640.tmp --------- 2344  
 14.09.2010 07:43     C:\Users\Bobby\AppData\Local\Temp\div6103.tmp --------- 0  
 13.09.2010 12:45     C:\Users\Bobby\AppData\Local\Temp\div89B8.tmp --------- 0  
 12.09.2010 20:12     C:\Users\Bobby\AppData\Local\Temp\~DFAF48F924414AC390.TMP --------- 147456  
 12.09.2010 20:11     C:\Users\Bobby\AppData\Local\Temp\plugtmp-65 --------- 0  
 12.09.2010 12:56     C:\Users\Bobby\AppData\Local\Temp\div89E7.tmp --------- 0  
 12.09.2010 09:14     C:\Users\Bobby\AppData\Local\Temp\div90BA.tmp --------- 0  
 11.09.2010 08:36     C:\Users\Bobby\AppData\Local\Temp\div1EC6.tmp --------- 0  
 10.09.2010 22:49     C:\Users\Bobby\AppData\Local\Temp\plugtmp-64 --------- 0  
 10.09.2010 14:00     C:\Users\Bobby\AppData\Local\Temp\divB0C7.tmp --------- 0  
 10.09.2010 07:50     C:\Users\Bobby\AppData\Local\Temp\divE9E1.tmp --------- 0  
 09.09.2010 22:25     C:\Users\Bobby\AppData\Local\Temp\modF98F.tmp --------- 222  
 09.09.2010 22:25     C:\Users\Bobby\AppData\Local\Temp\modD873.tmp --------- 5  
 09.09.2010 22:19     C:\Users\Bobby\AppData\Local\Temp\plugtmp-63 --------- 0  
 09.09.2010 14:23     C:\Users\Bobby\AppData\Local\Temp\LPRealPhysik-5.pdf --------- 122376  
 09.09.2010 14:23     C:\Users\Bobby\AppData\Local\Temp\~DF98CAD69355A686E4.TMP --------- 147456  
 09.09.2010 14:09     C:\Users\Bobby\AppData\Local\Temp\div9E41.tmp --------- 0  
 09.09.2010 07:05     C:\Users\Bobby\AppData\Local\Temp\div8361.tmp --------- 0  
 08.09.2010 22:40     C:\Users\Bobby\AppData\Local\Temp\plugtmp-62 --------- 0  
 08.09.2010 13:36     C:\Users\Bobby\AppData\Local\Temp\~DF31F30BDE645B34D2.TMP --------- 147456  
 08.09.2010 13:19     C:\Users\Bobby\AppData\Local\Temp\div972F.tmp --------- 0  
 08.09.2010 07:15     C:\Users\Bobby\AppData\Local\Temp\divA4E5.tmp --------- 0  
 07.09.2010 16:39     C:\Users\Bobby\AppData\Local\Temp\div8333.tmp --------- 0  
 07.09.2010 00:00     C:\Users\Bobby\AppData\Local\Temp\plugtmp-61 --------- 0  
 06.09.2010 13:00     C:\Users\Bobby\AppData\Local\Temp\LPRealPhysik-4.pdf --------- 122376  
 06.09.2010 12:41     C:\Users\Bobby\AppData\Local\Temp\Physik-6.pdf --------- 188732  
 06.09.2010 12:41     C:\Users\Bobby\AppData\Local\Temp\LPRealPhysik-3.pdf --------- 122376  
 06.09.2010 12:35     C:\Users\Bobby\AppData\Local\Temp\~DFFF42CDE8B4CBE5D1.TMP --------- 147456  
 06.09.2010 07:07     C:\Users\Bobby\AppData\Local\Temp\div8258.tmp --------- 0  
 05.09.2010 23:01     C:\Users\Bobby\AppData\Local\Temp\plugtmp-60 --------- 0  
 05.09.2010 13:06     C:\Users\Bobby\AppData\Local\Temp\LPRealMathe-5.pdf --------- 240940  
 05.09.2010 12:46     C:\Users\Bobby\AppData\Local\Temp\LPRealPhysik-2.pdf --------- 122376  
 05.09.2010 12:10     C:\Users\Bobby\AppData\Local\Temp\~DFEA52470767B72BB3.TMP --------- 147456  
 05.09.2010 12:05     C:\Users\Bobby\AppData\Local\Temp\divFEC8.tmp --------- 0  
 05.09.2010 01:52     C:\Users\Bobby\AppData\Local\Temp\plugtmp-59 --------- 0  
 05.09.2010 00:34     C:\Users\Bobby\AppData\Local\Temp\~DF9D075E12D8E47746.TMP --------- 147456  
 05.09.2010 00:10     C:\Users\Bobby\AppData\Local\Temp\02-6.wmv --------- 2077496  
 05.09.2010 00:09     C:\Users\Bobby\AppData\Local\Temp\01-5.wmv --------- 2149490  
 05.09.2010 00:07     C:\Users\Bobby\AppData\Local\Temp\04-3.wmv --------- 2301521  
 05.09.2010 00:07     C:\Users\Bobby\AppData\Local\Temp\03-3.wmv --------- 2197515  
 05.09.2010 00:07     C:\Users\Bobby\AppData\Local\Temp\02-5.wmv --------- 2269521  
 05.09.2010 00:06     C:\Users\Bobby\AppData\Local\Temp\01-4.wmv --------- 2333521  
 05.09.2010 00:06     C:\Users\Bobby\AppData\Local\Temp\15_6_k.wmv --------- 1394924  
 05.09.2010 00:03     C:\Users\Bobby\AppData\Local\Temp\div7F1D.tmp --------- 0  
 04.09.2010 20:24     C:\Users\Bobby\AppData\Local\Temp\plugtmp-58 --------- 0  
 04.09.2010 09:26     C:\Users\Bobby\AppData\Local\Temp\div8DDD.tmp --------- 0  
 03.09.2010 07:04     C:\Users\Bobby\AppData\Local\Temp\div2F68.tmp --------- 0  
 03.09.2010 00:08     C:\Users\Bobby\AppData\Local\Temp\plugtmp-57 --------- 0  
 02.09.2010 19:19     C:\Users\Bobby\AppData\Local\Temp\SetupAdmin584.log --------- 2118379  
 02.09.2010 19:19     C:\Users\Bobby\AppData\Local\Temp\QTInstallCode.log --------- 2795  
 02.09.2010 19:19     C:\Users\Bobby\AppData\Local\Temp\qtplugin.log --------- 3976  
 02.09.2010 19:16     C:\Users\Bobby\AppData\Local\Temp\iTunesSetupC8C.log --------- 2026  
 02.09.2010 19:16     C:\Users\Bobby\AppData\Local\Temp\MSIe1f02.LOG --------- 572  
 02.09.2010 16:51     C:\Users\Bobby\AppData\Local\Temp\debra4.mpg --------- 3505316  
 02.09.2010 16:50     C:\Users\Bobby\AppData\Local\Temp\debra1.mpg --------- 3919632  
 02.09.2010 15:15     C:\Users\Bobby\AppData\Local\Temp\~DFE9A6D402FD77387F.TMP --------- 147456  
 02.09.2010 07:05     C:\Users\Bobby\AppData\Local\Temp\div8E2C.tmp --------- 0  
 01.09.2010 22:57     C:\Users\Bobby\AppData\Local\Temp\mod7B99.tmp --------- 5  
 01.09.2010 22:56     C:\Users\Bobby\AppData\Local\Temp\plugtmp-56 --------- 0  
 01.09.2010 22:46     C:\Users\Bobby\AppData\Local\Temp\LPRealPhysik-1.pdf --------- 122376  
 01.09.2010 19:07     C:\Users\Bobby\AppData\Local\Temp\v0129c.wmv --------- 4298495  
 01.09.2010 19:06     C:\Users\Bobby\AppData\Local\Temp\3528_02_15sec_03.wmv --------- 1629664  
 01.09.2010 19:05     C:\Users\Bobby\AppData\Local\Temp\V11295_big_05.mpg --------- 3915780  
 01.09.2010 19:04     C:\Users\Bobby\AppData\Local\Temp\V08666_big_05.mpg --------- 2533380  
 01.09.2010 19:02     C:\Users\Bobby\AppData\Local\Temp\1mov-1.wmv --------- 1653620  
 01.09.2010 19:02     C:\Users\Bobby\AppData\Local\Temp\2mov-2.wmv --------- 1653620  
 01.09.2010 19:01     C:\Users\Bobby\AppData\Local\Temp\3mov.wmv --------- 1637620  
 01.09.2010 19:01     C:\Users\Bobby\AppData\Local\Temp\2mov-1.wmv --------- 1581620  
 01.09.2010 19:00     C:\Users\Bobby\AppData\Local\Temp\04-2.wmv --------- 2293521  
 01.09.2010 19:00     C:\Users\Bobby\AppData\Local\Temp\03-2.wmv --------- 2325521  
 01.09.2010 19:00     C:\Users\Bobby\AppData\Local\Temp\02-4.wmv --------- 2197521  
 01.09.2010 18:59     C:\Users\Bobby\AppData\Local\Temp\02-3.wmv --------- 2197521  
 01.09.2010 18:59     C:\Users\Bobby\AppData\Local\Temp\01-3.wmv --------- 2221521  
 01.09.2010 18:57     C:\Users\Bobby\AppData\Local\Temp\2mov.wmv --------- 1645620  
 01.09.2010 18:57     C:\Users\Bobby\AppData\Local\Temp\1mov.wmv --------- 1629620  
 01.09.2010 14:07     C:\Users\Bobby\AppData\Local\Temp\~DF2FC28824974F08F1.TMP --------- 147456  
 01.09.2010 13:19     C:\Users\Bobby\AppData\Local\Temp\divC744.tmp --------- 0  
 01.09.2010 07:03     C:\Users\Bobby\AppData\Local\Temp\div1498.tmp --------- 0  
 01.09.2010 07:00     C:\Users\Bobby\AppData\Local\Temp\flaE38.tmp --------- 24313274  
 01.09.2010 06:59     C:\Users\Bobby\AppData\Local\Temp\plugtmp-55 --------- 0  
 01.09.2010 06:52     C:\Users\Bobby\AppData\Local\Temp\div9387.tmp --------- 0  
 31.08.2010 16:34     C:\Users\Bobby\AppData\Local\Temp\div864E.tmp --------- 0  
 31.08.2010 07:44     C:\Users\Bobby\AppData\Local\Temp\divA43A.tmp --------- 0  
 30.08.2010 12:32     C:\Users\Bobby\AppData\Local\Temp\divF6A.tmp --------- 0  
 29.08.2010 07:31     C:\Users\Bobby\AppData\Local\Temp\divAA71.tmp --------- 0  
 29.08.2010 01:49     C:\Users\Bobby\AppData\Local\Temp\plugtmp-54 --------- 0  
 28.08.2010 09:15     C:\Users\Bobby\AppData\Local\Temp\div8C47.tmp --------- 0  
 27.08.2010 14:00     C:\Users\Bobby\AppData\Local\Temp\divCB97.tmp --------- 0  
 26.08.2010 21:47     C:\Users\Bobby\AppData\Local\Temp\plugtmp-53 --------- 0  
 26.08.2010 19:23     C:\Users\Bobby\AppData\Local\Temp\~DF50D41159F30CD53D.TMP --------- 49152  
 26.08.2010 15:14     C:\Users\Bobby\AppData\Local\Temp\div8F24.tmp --------- 0  
 26.08.2010 07:10     C:\Users\Bobby\AppData\Local\Temp\div96D2.tmp --------- 0  
 26.08.2010 07:10     C:\Users\Bobby\AppData\Local\Temp\History --------- 0  
 26.08.2010 07:10     C:\Users\Bobby\AppData\Local\Temp\Cookies --------- 0  
 26.08.2010 07:10     C:\Users\Bobby\AppData\Local\Temp\Temporary Internet Files --------- 0  
 25.08.2010 23:47     C:\Users\Bobby\AppData\Local\Temp\divCF7E.tmp --------- 0  
 25.08.2010 06:55     C:\Users\Bobby\AppData\Local\Temp\div6EB9.tmp --------- 0  
 24.08.2010 16:47     C:\Users\Bobby\AppData\Local\Temp\Physik-5.pdf --------- 188732  
 24.08.2010 15:52     C:\Users\Bobby\AppData\Local\Temp\div1DFB.tmp --------- 0  
 24.08.2010 07:39     C:\Users\Bobby\AppData\Local\Temp\divFE7A.tmp --------- 0  
 23.08.2010 14:44     C:\Users\Bobby\AppData\Local\Temp\div9F4A.tmp --------- 0  
 23.08.2010 06:55     C:\Users\Bobby\AppData\Local\Temp\div21C2.tmp --------- 0  
 22.08.2010 10:10     C:\Users\Bobby\AppData\Local\Temp\div7CDC.tmp --------- 0  
 22.08.2010 02:14     C:\Users\Bobby\AppData\Local\Temp\plugtmp-52 --------- 0  
 22.08.2010 01:20     C:\Users\Bobby\AppData\Local\Temp\pornstar_katarina_kat_fucking_movie_4.mpg --------- 2553856  
 22.08.2010 01:20     C:\Users\Bobby\AppData\Local\Temp\pornstar_katarina_kat_fucking_movie_1.mpg --------- 2375680  
 21.08.2010 19:41     C:\Users\Bobby\AppData\Local\Temp\~DFE3570129E9907D99.TMP --------- 147456  
 21.08.2010 09:14     C:\Users\Bobby\AppData\Local\Temp\div87B5.tmp --------- 0  
 21.08.2010 00:53     C:\Users\Bobby\AppData\Local\Temp\plugtmp-51 --------- 0  
 20.08.2010 23:59     C:\Users\Bobby\AppData\Local\Temp\LPRealMathe-4.pdf --------- 240940  
 20.08.2010 13:53     C:\Users\Bobby\AppData\Local\Temp\div8FEF.tmp --------- 0  
 20.08.2010 06:50     C:\Users\Bobby\AppData\Local\Temp\divCE36.tmp --------- 0  
 19.08.2010 14:42     C:\Users\Bobby\AppData\Local\Temp\divF95B.tmp --------- 0  
 19.08.2010 06:52     C:\Users\Bobby\AppData\Local\Temp\div278C.tmp --------- 0  
 18.08.2010 14:05     C:\Users\Bobby\AppData\Local\Temp\div9414.tmp --------- 0  
 18.08.2010 07:35     C:\Users\Bobby\AppData\Local\Temp\div1B9A.tmp --------- 0  
 17.08.2010 23:29     C:\Users\Bobby\AppData\Local\Temp\mod509D.tmp --------- 222  
 17.08.2010 23:29     C:\Users\Bobby\AppData\Local\Temp\~DFEC9706E274A72E63.TMP --------- 147456  
 17.08.2010 23:29     C:\Users\Bobby\AppData\Local\Temp\mod4CF4.tmp --------- 140350  
 17.08.2010 23:29     C:\Users\Bobby\AppData\Local\Temp\mod4B5E.tmp --------- 947  
 17.08.2010 23:29     C:\Users\Bobby\AppData\Local\Temp\mod2EB7.tmp --------- 5  
 17.08.2010 23:29     C:\Users\Bobby\AppData\Local\Temp\plugtmp-50 --------- 0  
 17.08.2010 20:04     C:\Users\Bobby\AppData\Local\Temp\LPRealMathe-3.pdf --------- 240940  
 17.08.2010 19:20     C:\Users\Bobby\AppData\Local\Temp\LPRealPhysik.pdf --------- 122376  
 17.08.2010 19:01     C:\Users\Bobby\AppData\Local\Temp\Physik-4.pdf --------- 188732  
 17.08.2010 15:04     C:\Users\Bobby\AppData\Local\Temp\Elternbrief OS.doc --------- 27136  
 17.08.2010 15:00     C:\Users\Bobby\AppData\Local\Temp\div8EC7.tmp --------- 0  
 17.08.2010 07:37     C:\Users\Bobby\AppData\Local\Temp\divF620.tmp --------- 0  
 16.08.2010 13:28     C:\Users\Bobby\AppData\Local\Temp\LPRealMathe-2.pdf --------- 240940  
 16.08.2010 12:39     C:\Users\Bobby\AppData\Local\Temp\divAB99.tmp --------- 0  
 16.08.2010 06:39     C:\Users\Bobby\AppData\Local\Temp\divA2D3.tmp --------- 0  
 15.08.2010 13:38     C:\Users\Bobby\AppData\Local\Temp\TempFolder.aaa --------- 0  
 15.08.2010 09:25     C:\Users\Bobby\AppData\Local\Temp\LPRealMathe-1.pdf --------- 240940  
 15.08.2010 09:18     C:\Users\Bobby\AppData\Local\Temp\div1016.tmp --------- 0  
 15.08.2010 00:58     C:\Users\Bobby\AppData\Local\Temp\02-2.wmv --------- 2645483  
 15.08.2010 00:58     C:\Users\Bobby\AppData\Local\Temp\01-2.wmv --------- 2645483  
 15.08.2010 00:52     C:\Users\Bobby\AppData\Local\Temp\plugtmp-49 --------- 0  
 14.08.2010 10:11     C:\Users\Bobby\AppData\Local\Temp\Physik-3.pdf --------- 188732  
 14.08.2010 10:01     C:\Users\Bobby\AppData\Local\Temp\div9C0.tmp --------- 0  
 13.08.2010 08:41     C:\Users\Bobby\AppData\Local\Temp\divAF80.tmp --------- 0  
 13.08.2010 01:24     C:\Users\Bobby\AppData\Local\Temp\plugtmp-48 --------- 0  
 12.08.2010 17:20     C:\Users\Bobby\AppData\Local\Temp\04-1.wmv --------- 8391175  
 12.08.2010 17:19     C:\Users\Bobby\AppData\Local\Temp\03-1.wmv --------- 9466375  
 12.08.2010 17:19     C:\Users\Bobby\AppData\Local\Temp\02-1.wmv --------- 8976775  
 12.08.2010 17:18     C:\Users\Bobby\AppData\Local\Temp\01-1.wmv --------- 10419975  
 12.08.2010 09:02     C:\Users\Bobby\AppData\Local\Temp\div4549.tmp --------- 0  
 12.08.2010 00:07     C:\Users\Bobby\AppData\Local\Temp\plugtmp-47 --------- 0  
 11.08.2010 12:29     C:\Users\Bobby\AppData\Local\Temp\ftdiport.cat --------- 10928  
 11.08.2010 12:29     C:\Users\Bobby\AppData\Local\Temp\ftdibus.cat --------- 11832  
 11.08.2010 09:40     C:\Users\Bobby\AppData\Local\Temp\~DFD0EDE6018EBFD0E7.TMP --------- 147456  
 11.08.2010 09:38     C:\Users\Bobby\AppData\Local\Temp\divFD13.tmp --------- 0  
 11.08.2010 04:36     C:\Users\Bobby\AppData\Local\Temp\plugtmp-46 --------- 0  
 10.08.2010 15:17     C:\Users\Bobby\AppData\Local\Temp\scoped_dir26868 --------- 0  
 10.08.2010 15:17     C:\Users\Bobby\AppData\Local\Temp\scoped_dir28904 --------- 0  
 10.08.2010 12:10     C:\Users\Bobby\AppData\Local\Temp\scoped_dir5708 --------- 0  
 10.08.2010 12:10     C:\Users\Bobby\AppData\Local\Temp\scoped_dir23022 --------- 0  
 10.08.2010 10:41     C:\Users\Bobby\AppData\Local\Temp\div8304.tmp --------- 0  
 09.08.2010 18:29     C:\Users\Bobby\AppData\Local\Temp\kqpmdzs812m --------- 14142  
 09.08.2010 10:56     C:\Users\Bobby\AppData\Local\Temp\div8C95.tmp --------- 0  
 08.08.2010 18:51     C:\Users\Bobby\AppData\Local\Temp\divB70E.tmp --------- 0  
 06.08.2010 12:02     C:\Users\Bobby\AppData\Local\Temp\div8B2E.tmp --------- 0  
 06.08.2010 09:44     C:\Users\Bobby\AppData\Local\Temp\div8861.tmp --------- 0  
 05.08.2010 10:28     C:\Users\Bobby\AppData\Local\Temp\div872A.tmp --------- 0  
 04.08.2010 13:07     C:\Users\Bobby\AppData\Local\Temp\divD586.tmp --------- 0  
 04.08.2010 10:16     C:\Users\Bobby\AppData\Local\Temp\div67F5.tmp --------- 0  
 03.08.2010 09:47     C:\Users\Bobby\AppData\Local\Temp\div1C46.tmp --------- 0  
 02.08.2010 17:19     C:\Users\Bobby\AppData\Local\Temp\divADDB.tmp --------- 0  
 02.08.2010 10:58     C:\Users\Bobby\AppData\Local\Temp\div8499.tmp --------- 0  
 01.08.2010 13:27     C:\Users\Bobby\AppData\Local\Temp\LaunchEFLCc_Data_DFE --------- 0  
 01.08.2010 13:26     C:\Users\Bobby\AppData\Local\Temp\LaunchEFLC_Data_DFE --------- 0  
 01.08.2010 13:24     C:\Users\Bobby\AppData\Local\Temp\drm_dyndata_7410004.dll --------- 208896  
 01.08.2010 13:24     C:\Users\Bobby\AppData\Local\Temp\{727094E1-78FB-41DD-BA03-E80868CD6C31} --------- 0  
 01.08.2010 13:23     C:\Users\Bobby\AppData\Local\Temp\{52D6F584-175E-42FB-875A-83128C332CFC} --------- 0  
 01.08.2010 13:23     C:\Users\Bobby\AppData\Local\Temp\mtka_tmp --------- 0  
 31.07.2010 13:35     C:\Users\Bobby\AppData\Local\Temp\scoped_dir17226 --------- 0  
 31.07.2010 13:35     C:\Users\Bobby\AppData\Local\Temp\scoped_dir3464 --------- 0  
 31.07.2010 10:32     C:\Users\Bobby\AppData\Local\Temp\div3F8E.tmp --------- 0  
----------------------------------------

 
C:\Program Files

 01.07.2011 18:52     C:\Program Files\DIFX --------- 0  
 22.05.2011 22:42     C:\Program Files\Adobe --------- 0  
 02.09.2010 19:20     C:\Program Files\iTunes --------- 4096  
 02.09.2010 19:20     C:\Program Files\iPod --------- 0  
 02.09.2010 19:19     C:\Program Files\Common Files --------- 4096  
 02.09.2010 19:19     C:\Program Files\Bonjour --------- 0  
 09.08.2010 20:11     C:\Program Files\Tablet --------- 4096  
 09.08.2010 20:10     C:\Program Files\WTouch --------- 0  
 01.05.2010 19:18     C:\Program Files\DivX --------- 0  
 29.04.2010 11:33     C:\Program Files\nik --------- 0  
 29.04.2010 03:37     C:\Program Files\Realtek --------- 0  
 29.04.2010 02:41     C:\Program Files\Microsoft Office --------- 0  
 28.04.2010 23:53     C:\Program Files\Windows NT --------- 4096  
 28.04.2010 23:53     C:\Program Files\Gemeinsame Dateien --------- 0  
 14.07.2009 20:18     C:\Program Files\DVD Maker --------- 4096  
 14.07.2009 20:18     C:\Program Files\Windows Journal --------- 4096  
 14.07.2009 20:18     C:\Program Files\Microsoft Games --------- 4096  
 14.07.2009 19:58     C:\Program Files\Windows Sidebar --------- 4096  
 14.07.2009 19:58     C:\Program Files\Windows Mail --------- 0  
 14.07.2009 19:58     C:\Program Files\Windows Photo Viewer --------- 4096  
 14.07.2009 19:58     C:\Program Files\Windows Media Player --------- 4096  
 14.07.2009 19:58     C:\Program Files\Internet Explorer --------- 4096  
 14.07.2009 19:58     C:\Program Files\Windows Defender --------- 4096  
 14.07.2009 07:32     C:\Program Files\Windows Portable Devices --------- 0  
 14.07.2009 07:32     C:\Program Files\Reference Assemblies --------- 0  
 14.07.2009 07:32     C:\Program Files\MSBuild --------- 0  
 14.07.2009 07:09     C:\Program Files\Uninstall Information --------- 0  
 14.07.2009 06:54     C:\Program Files\desktop.ini --------- 174  
----------------------------------------

 
C:\ProgramData\.. 

Bobby    
Administrator    
Default    
Public    
Default User    
All Users    
desktop.ini    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0         1.428 K
smss.exe                       260 Services                   0         1.024 K
csrss.exe                      392 Services                   0         4.032 K
wininit.exe                    488 Services                   0         4.152 K
csrss.exe                      512 Console                    1        20.168 K
services.exe                   536 Services                   0        10.008 K
lsass.exe                      552 Services                   0        11.332 K
lsm.exe                        560 Services                   0         4.220 K
svchost.exe                    684 Services                   0         8.728 K
winlogon.exe                   748 Console                    1         6.856 K
nvvsvc.exe                     804 Services                   0         3.384 K
svchost.exe                    840 Services                   0         7.908 K
svchost.exe                    904 Services                   0        24.540 K
svchost.exe                    968 Services                   0       121.720 K
svchost.exe                    112 Services                   0        31.656 K
svchost.exe                    856 Services                   0        16.252 K
Pen_TouchService.exe          1068 Services                   0         4.076 K
rundll32.exe                  1184 Console                    1         6.972 K
wisptis.exe                   1216 Console                    1         9.388 K
svchost.exe                   1308 Services                   0        14.892 K
spoolsv.exe                   1452 Services                   0        12.844 K
sched.exe                     1488 Services                   0         1.836 K
svchost.exe                   1512 Services                   0        19.496 K
avguard.exe                   1648 Services                   0        17.936 K
AppleMobileDeviceService.     1676 Services                   0         4.536 K
BSHService.exe                1704 Services                   0        14.264 K
mDNSResponder.exe             1740 Services                   0         5.280 K
CableAssociation.exe          1780 Services                   0         5.812 K
ICQ Service.exe               1828 Services                   0         6.600 K
nlssrv32.exe                  1888 Services                   0         2.476 K
SbieSvc.exe                   1948 Services                   0         4.104 K
svchost.exe                   2008 Services                   0         7.544 K
Pen_Tablet.exe                2032 Services                   0         4.980 K
avshadow.exe                  2172 Services                   0         3.812 K
conhost.exe                   2180 Services                   0         2.384 K
WUDFHost.exe                  2732 Services                   0         6.344 K
taskhost.exe                  2868 Console                    1         7.908 K
svchost.exe                   2912 Services                   0         5.608 K
wisptis.exe                   2920 Console                    1        50.116 K
dwm.exe                       2932 Console                    1        78.572 K
explorer.exe                  2992 Console                    1        77.916 K
TabTip.exe                    3032 Console                    1        12.620 K
Pen_TouchUser.exe             3048 Console                    1        10.128 K
TabTip32.exe                  2392 Console                    1         2.652 K
Pen_TabletUser.exe            2880 Console                    1         5.060 K
Pen_Tablet.exe                2128 Console                    1        18.368 K
mbamservice.exe               2108 Services                   0        42.808 K
rundll32.exe                  2384 Console                    1         5.884 K
RAVCpl64.exe                  3092 Console                    1        10.316 K
Bamboo Dock.exe               3176 Console                    1        29.040 K
acrotray.exe                  3412 Console                    1         4.600 K
DivXUpdate.exe                3472 Console                    1        15.828 K
iTunesHelper.exe              3524 Console                    1        12.528 K
avgnt.exe                     3536 Console                    1         6.160 K
mbamgui.exe                   3544 Console                    1         7.020 K
iPodService.exe               3332 Services                   0         6.992 K
SearchIndexer.exe             3860 Services                   0        35.144 K
wmpnetwk.exe                  3944 Services                   0        18.476 K
svchost.exe                   3908 Services                   0        15.612 K
svchost.exe                   3160 Services                   0        13.256 K
svchost.exe                   4420 Services                   0        34.692 K
InputPersonalization.exe      3152 Console                    1         2.052 K
firefox.exe                   3264 Console                    1        90.480 K
SearchProtocolHost.exe        4008 Services                   0         8.124 K
SearchFilterHost.exe           172 Services                   0         6.384 K
cmd.exe                       1496 Console                    1         3.464 K
conhost.exe                   4344 Console                    1         7.116 K
dllhost.exe                   4356 Console                    1         5.776 K
tasklist.exe                  4736 Console                    1         5.216 K
WmiPrvSE.exe                  3904 Services                   0         5.916 K

 
***** Ende des Scans 05.07.2011 um 15:22:45,68 ***
         
Und alle Programme:

Code:
ATTFilter
7-Zip 4.65		26.09.2010		
Acrobat.com	Adobe Systems Incorporated	28.04.2010		1.2.443
Adobe AIR	Adobe Systems Inc.	14.08.2010		1.5.3.9130
Adobe Anchor Service x64 CS4		28.04.2010		
Adobe CMaps x64 CS4		28.04.2010		
Adobe Community Help	Adobe Systems Incorporated	06.05.2010		3.0.0.400
Adobe Creative Suite 4 Master Collection	Adobe Systems Incorporated	28.04.2010	224MB	4.0
Adobe CSI CS4 x64		28.04.2010		
Adobe Drive CS4 x64		28.04.2010		
Adobe Flash Player 10 ActiveX	Adobe Systems, Inc.	28.04.2010	1,96MB	10.0.2.54
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	01.04.2011	6,00MB	10.2.153.1
Adobe Fonts All x64		28.04.2010		
Adobe InDesign CS4 Icon Handler x64		28.04.2010		
Adobe Linguistics CS4 x64		28.04.2010		
Adobe Media Player	Adobe Systems Incorporated	28.04.2010		1.1
Adobe PDF Library Files x64 CS4		28.04.2010		
Adobe Photoshop CS4 (64 Bit)		28.04.2010		
Adobe Photoshop CS5	Adobe Systems Incorporated	06.05.2010	2.595MB	12.0
Adobe Photoshop Lightroom 2.7	Adobe	10.05.2010	103,8MB	2.7
Adobe Photoshop Lightroom 3 64-bit	Adobe	15.06.2010	251MB	3.0.2
Adobe Type Support x64 CS4		28.04.2010		
Adobe WinSoft Linguistics Plugin x64		28.04.2010		
Apple Application Support	Apple Inc.	01.09.2010	42,8MB	1.3.2
Apple Mobile Device Support	Apple Inc.	01.09.2010	20,7MB	3.2.0.47
Apple Software Update	Apple Inc.	01.09.2010	2,26MB	2.1.2.120
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver	Atheros Communications Inc.	28.04.2010		1.0.0.18
Avira AntiVir Personal - Free Antivirus	Avira GmbH	03.07.2011	74,3MB	10.0.0.650
Backup Service Home 3.3.1.4	Alexander Seeliger Software	22.06.2010	5,56MB	3.3.1.4
Bamboo	Wacom Technology Corp.	08.08.2010		
Bamboo Dock 3.3	Wacom Co., Ltd.	14.08.2010		3.3
Bonjour	Apple Inc.	01.09.2010	1,75MB	2.0.3.0
Call of Duty(R) 4 - Modern Warfare(TM)	Activision	25.05.2010	2.281MB	1.4
Capture One 6.2	Phase One A/S	30.06.2011	418MB	6.2.49650.20
CCleaner	Piriform	04.07.2011		3.08
Color Efex Pro 3.0 Complete	Nik Software, Inc.	28.04.2010		3.1.0.0
Dfine 2.0	Nik Software, Inc.	28.04.2010		2.1.0.2
DirSync  2.92	Stephen Kalisch	05.05.2010		
DivX-Setup	DivX, Inc. 	12.05.2010		1.0.1.5
Dragon Age: Origins	Electronic Arts, Inc.	28.09.2010		1.04
fc-prints	HP Silverwire	08.01.2011		
Foto-Mosaik-Edda 5.5.9	Steffen Schirmer	26.05.2010	3,43MB	
Grand Theft Auto: Episodes From Liberty City	Rockstar Games	31.07.2010		1.1.0.0
HDR Efex Pro	Nik Software, Inc.	16.10.2010		1.0.0.0
iColor Display 3.7.3.0 (nur entfernen)		03.07.2011		
ICQ Toolbar	ICQ	10.03.2011		3.0.0
ICQ7.4	ICQ	10.03.2011		7.4
Image Trends' Fisheye-Hemi Plug-In 1.1.6	Image Trends, Inc. 	05.10.2010	5,49MB	1.1.6
iTunes	Apple Inc.	01.09.2010	136,9MB	10.0.0.68
Java(TM) 6 Update 15	Sun Microsystems, Inc.	10.05.2010	95,0MB	6.0.150
JDownloader	AppWork UG (haftungsbeschränkt)	10.05.2010		0.89
Livebrush Mini	MoreMeYou	14.08.2010		1.1.2
Malwarebytes' Anti-Malware Version 1.51.0.1200	Malwarebytes Corporation	04.07.2011	13,8MB	1.51.0.1200
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	30.06.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	30.06.2011	2,94MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	30.06.2011	52,0MB	4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	30.06.2011	10,7MB	4.0.30319
Microsoft Games for Windows - LIVE	Microsoft Corporation	31.07.2010	8,31MB	3.1.186.0
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	31.07.2010	32,3MB	3.1.99.0
Microsoft Office Ultimate 2007	Microsoft Corporation	28.04.2010		12.0.6215.1000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	17.04.2011	2,69MB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	28.04.2010	2,25MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	16.10.2010	0,76MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	28.04.2010	2,06MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	16.10.2010	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	30.04.2010	0,58MB	9.0.30729.4148
Mozilla Firefox (3.6.18)	Mozilla	24.06.2011		3.6.18 (de)
Mozilla Firefox (3.6.3)	Mozilla	28.04.2010		3.6.3 (de)
Nimo Codecs Pack v5.0 (Remove Only)		17.05.2010		
NVIDIA Drivers		28.04.2010		
NVIDIA PhysX	NVIDIA Corporation	26.09.2010	119,9MB	9.09.0203
Pano2VR - Garden Gnome Software		28.04.2010		
Photoshop Camera Raw_x64		28.04.2010		
PokerStars.net	PokerStars.net	30.04.2010		
Portal 2		27.06.2011		
Portrait Professional Max 6.3	Anthropics Technology Ltd.	06.05.2011		6.3
PTGui Pro 8.2.1	New House Internet Services B.V.	28.04.2010		
QuickTime	Apple Inc.	01.09.2010	73,7MB	7.67.75.0
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	28.04.2010		6.0.1.5859
Sandboxie 3.442 (64-bit)		15.06.2010		
Sharpener Pro 3.0	Nik Software, Inc.	28.04.2010		3.0.0.2
Silver Efex Pro	Nik Software, Inc.	28.04.2010		1.001
Skype Toolbars	Skype Technologies S.A.	04.05.2010	6,09MB	1.0.4051
Skype™ 4.2	Skype Technologies S.A.	04.05.2010	31,7MB	4.2.163
Sony Image Data Suite	Sony Corporation	28.02.2011		3.0.00.08270
StarCraft II	Blizzard Entertainment	18.05.2011		1.3.3.18574
Team Fortress 2	Valve	12.06.2010		
Tourweaver 5.00 Professional Edition	Easypano Holdings Inc.	19.10.2010		
Trillian	Cerulean Studios, LLC	10.03.2011		
Trillian Toolbar	Ask.com	10.03.2011	2,57MB	1.9.1.0
Viveza 2	Nik Software, Inc.	28.04.2010		2.0.0.1
Warcraft III		10.06.2010		
Warcraft III: All Products		10.06.2010		
WebTablet IE Plugin	Wacom Technology Corp.	08.08.2010		1.1.0.5
WebTablet Netscape Plugin	Wacom Technology Corp.	08.08.2010		1.1.0.4
Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)	FTDI	29.04.2010		10/22/2009 2.06.00
Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)	FTDI	30.04.2010		10/22/2009 2.06.00
Windows-Treiberpaket - Leaf Imaging Ltd. Image  (02/11/2010 )	Leaf Imaging Ltd.	30.06.2011		02/11/2010 
WinPcap 4.1.2	CACE Technologies	27.08.2010		4.1.0.2001
WinRAR		28.04.2010		
WUSB WinDrivers v.14.0.22.0		28.02.2011
         

Alt 05.07.2011, 21:49   #7
wursch
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



Der PC ist übrigens vollständig von Netzwerk und Internet getrennt nachdem ich alles heruntergeladen hatte.

Ich habe nochmal mit Antivir gescanne und dabei hat sich auch eine Infektion von Platte D und E gezeigt.

vermutlich müssen dort dann auch die Masterbootrekorten neu geschrieben werden.
USB Sticks die ich mal angeschlossen hatte usw habe ich auch mit dem CAPLOCK gedrückt an einen anderen PC angeschlossen und gescannt. dort ist nichts zu finden.

Ich unternehme aber nichts weiteres sondern warte hier auf weitere Anweisungen.
Ich find das absolut toll das es Menschen gibt die das hier machen und so tolle Hilfe anbieten. Habe mich inzwischen schon ganz viel durchs Forum gelesen.
Bis hierhin auf jedenfall schonmal vielen vielen Dank! Das macht mir irgendwie mit das es eventuell noch was zu retten gibt.

Alt 06.07.2011, 07:41   #8
kira
/// Helfer-Team
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



Zitat:
Zitat von wursch Beitrag anzeigen
Zudem ist mir aufgefallen das ich noch ein altes Windows System auf der Platte drauf habe (Windiws.old) und da waren scheinbar auch noch versäuchungen drin. Das hatte ich damals neu aufgespielt weil es auch versäucht war, aber hatte es nicht gelöscht.
Alte Sicherungen etc können natürlich auch Viren enthalten. Man sollte bei Malwarebefall vollständig die Festplatte formatieren

TDSSKiller von Kaspersky
  • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
  • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
  • deaktiviere vorübergehend dein AntiVirus-Programm
  • Starte die TDSSKiller.exe durch Doppelklick.
  • Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
    Bestätige das ggfs. mit Y(es).
    Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
  • Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.
Hier findest Du eine ausführlichere Anleitung.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 06.07.2011, 09:37   #9
wursch
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



WOW Toll!

Der Sinowal.F wurde als bereinigt angezeigt und Antivir findet ihn auch nichtmehr im Scan des Masterbot.

Ich lasse gerade noch einen vollständigen Scan des Systems durchlaufen.
Hoffe das auf den anderen beiden Platten auch nichtsmehr auftaucht.

Code:
ATTFilter
2011/07/06 09:08:12.0438 3136	TDSS rootkit removing tool 2.5.9.0 Jul  1 2011 18:45:21
2011/07/06 09:08:12.0485 3136	================================================================================
2011/07/06 09:08:12.0485 3136	SystemInfo:
2011/07/06 09:08:12.0485 3136	
2011/07/06 09:08:12.0485 3136	OS Version: 6.1.7600 ServicePack: 0.0
2011/07/06 09:08:12.0485 3136	Product type: Workstation
2011/07/06 09:08:12.0485 3136	ComputerName: BOBBY-PC
2011/07/06 09:08:12.0486 3136	UserName: Bobby
2011/07/06 09:08:12.0486 3136	Windows directory: C:\Windows
2011/07/06 09:08:12.0486 3136	System windows directory: C:\Windows
2011/07/06 09:08:12.0486 3136	Running under WOW64
2011/07/06 09:08:12.0486 3136	Processor architecture: Intel x64
2011/07/06 09:08:12.0486 3136	Number of processors: 2
2011/07/06 09:08:12.0486 3136	Page size: 0x1000
2011/07/06 09:08:12.0486 3136	Boot type: Normal boot
2011/07/06 09:08:12.0486 3136	================================================================================
2011/07/06 09:08:14.0416 3136	Initialize success
2011/07/06 09:08:21.0119 3724	================================================================================
2011/07/06 09:08:21.0119 3724	Scan started
2011/07/06 09:08:21.0119 3724	Mode: Manual; 
2011/07/06 09:08:21.0119 3724	================================================================================
2011/07/06 09:08:21.0740 3724	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/06 09:08:21.0771 3724	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/06 09:08:21.0800 3724	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/06 09:08:21.0871 3724	adfs            (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/07/06 09:08:22.0050 3724	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/06 09:08:22.0097 3724	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/06 09:08:22.0123 3724	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/06 09:08:22.0175 3724	AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/07/06 09:08:22.0212 3724	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/06 09:08:22.0354 3724	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/06 09:08:22.0414 3724	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/06 09:08:22.0462 3724	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/06 09:08:22.0481 3724	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/06 09:08:22.0502 3724	amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/06 09:08:22.0522 3724	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/06 09:08:22.0546 3724	amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/06 09:08:22.0707 3724	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/06 09:08:22.0758 3724	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/06 09:08:22.0779 3724	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/06 09:08:22.0821 3724	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/06 09:08:22.0842 3724	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/06 09:08:22.0990 3724	avgntflt        (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/06 09:08:23.0016 3724	avipbb          (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/06 09:08:23.0098 3724	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/06 09:08:23.0145 3724	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/06 09:08:23.0284 3724	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/06 09:08:23.0350 3724	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/06 09:08:23.0389 3724	bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/06 09:08:23.0416 3724	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/06 09:08:23.0439 3724	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/06 09:08:23.0551 3724	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/06 09:08:23.0577 3724	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/06 09:08:23.0621 3724	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/06 09:08:23.0640 3724	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/06 09:08:23.0683 3724	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/06 09:08:23.0748 3724	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/06 09:08:23.0841 3724	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/06 09:08:23.0894 3724	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/06 09:08:23.0947 3724	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/06 09:08:24.0115 3724	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/06 09:08:24.0158 3724	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/06 09:08:24.0190 3724	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/06 09:08:24.0216 3724	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/06 09:08:24.0270 3724	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/06 09:08:24.0313 3724	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/06 09:08:24.0483 3724	DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/07/06 09:08:24.0505 3724	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/06 09:08:24.0535 3724	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/06 09:08:24.0601 3724	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/06 09:08:24.0670 3724	DWA             (774608ed43b7d0abe859d6c6a6457419) C:\Windows\system32\DRIVERS\WSR_DWA.SYS
2011/07/06 09:08:24.0812 3724	DXGKrnl         (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/06 09:08:24.0889 3724	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/06 09:08:24.0951 3724	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/06 09:08:24.0976 3724	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/06 09:08:25.0127 3724	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/06 09:08:25.0153 3724	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/06 09:08:25.0176 3724	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/06 09:08:25.0199 3724	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/06 09:08:25.0228 3724	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/06 09:08:25.0270 3724	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/06 09:08:25.0410 3724	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/06 09:08:25.0446 3724	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/06 09:08:25.0471 3724	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/06 09:08:25.0525 3724	FTDIBUS         (7442bca60ed46cc31c2f39728bbdd9ad) C:\Windows\system32\drivers\ftdibus.sys
2011/07/06 09:08:25.0552 3724	FTSER2K         (121af3148cdda212cffbc4f6240699c2) C:\Windows\system32\drivers\ftser2k.sys
2011/07/06 09:08:25.0585 3724	fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/06 09:08:25.0718 3724	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/06 09:08:25.0765 3724	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/06 09:08:25.0790 3724	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/06 09:08:25.0854 3724	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/06 09:08:25.0889 3724	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/06 09:08:25.0914 3724	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/06 09:08:25.0933 3724	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/06 09:08:26.0054 3724	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/06 09:08:26.0101 3724	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/06 09:08:26.0131 3724	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/06 09:08:26.0177 3724	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/06 09:08:26.0250 3724	hwa             (a2d61e2b35435fc3fbe2feeab0bd0809) C:\Windows\system32\DRIVERS\WSR_HWA.SYS
2011/07/06 09:08:26.0414 3724	HWARadio        (882ffbf9065d2ecc86f92923ce7f3b86) C:\Windows\system32\DRIVERS\WSR_RCI.SYS
2011/07/06 09:08:26.0463 3724	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/06 09:08:26.0502 3724	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/06 09:08:26.0530 3724	iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/06 09:08:26.0580 3724	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/06 09:08:26.0671 3724	IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/06 09:08:26.0777 3724	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/06 09:08:26.0813 3724	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/06 09:08:26.0842 3724	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/06 09:08:26.0868 3724	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/06 09:08:26.0894 3724	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/06 09:08:26.0963 3724	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/06 09:08:26.0975 3724	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/06 09:08:27.0082 3724	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/06 09:08:27.0118 3724	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/06 09:08:27.0149 3724	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/06 09:08:27.0167 3724	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/06 09:08:27.0182 3724	KSecPkg         (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/06 09:08:27.0230 3724	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/06 09:08:27.0338 3724	L1E             (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys
2011/07/06 09:08:27.0404 3724	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/06 09:08:27.0452 3724	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/06 09:08:27.0477 3724	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/06 09:08:27.0524 3724	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/06 09:08:27.0547 3724	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/06 09:08:27.0665 3724	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/06 09:08:27.0711 3724	MBAMProtector   (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys
2011/07/06 09:08:27.0740 3724	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/06 09:08:27.0760 3724	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/06 09:08:27.0826 3724	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/06 09:08:27.0864 3724	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/06 09:08:27.0975 3724	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/06 09:08:28.0006 3724	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/06 09:08:28.0057 3724	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/06 09:08:28.0083 3724	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/06 09:08:28.0127 3724	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/06 09:08:28.0157 3724	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/06 09:08:28.0181 3724	mrxsmb          (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/06 09:08:28.0293 3724	mrxsmb10        (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/06 09:08:28.0322 3724	mrxsmb20        (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/06 09:08:28.0345 3724	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/06 09:08:28.0370 3724	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/06 09:08:28.0444 3724	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/06 09:08:28.0463 3724	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/06 09:08:28.0484 3724	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/06 09:08:28.0600 3724	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/06 09:08:28.0635 3724	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/06 09:08:28.0654 3724	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/06 09:08:28.0683 3724	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/06 09:08:28.0734 3724	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/06 09:08:28.0754 3724	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/06 09:08:28.0779 3724	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/06 09:08:28.0893 3724	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/06 09:08:28.0921 3724	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/06 09:08:28.0966 3724	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/06 09:08:29.0001 3724	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/06 09:08:29.0054 3724	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/06 09:08:29.0079 3724	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/06 09:08:29.0183 3724	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/06 09:08:29.0201 3724	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/06 09:08:29.0218 3724	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/06 09:08:29.0240 3724	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/06 09:08:29.0303 3724	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/06 09:08:29.0472 3724	NPF             (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
2011/07/06 09:08:29.0516 3724	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/06 09:08:29.0535 3724	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/06 09:08:29.0580 3724	Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/07/06 09:08:29.0605 3724	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/06 09:08:29.0805 3724	nvlddmkm        (12bdf9809840ae7cc9ab627b3bb933c5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/06 09:08:30.0071 3724	nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/06 09:08:30.0083 3724	nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/06 09:08:30.0098 3724	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/06 09:08:30.0143 3724	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/06 09:08:30.0183 3724	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/06 09:08:30.0206 3724	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/06 09:08:30.0243 3724	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/06 09:08:30.0280 3724	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/06 09:08:30.0308 3724	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/06 09:08:30.0445 3724	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/06 09:08:30.0471 3724	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/06 09:08:30.0572 3724	Ph3xIB64        (1e81496aff9d7fa2b4c4032b746de5b9) C:\Windows\system32\DRIVERS\Ph3xIB64.sys
2011/07/06 09:08:30.0632 3724	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/06 09:08:30.0765 3724	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/06 09:08:30.0806 3724	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/06 09:08:30.0850 3724	PxHlpa64        (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/06 09:08:30.0890 3724	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/06 09:08:30.0927 3724	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/06 09:08:31.0053 3724	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/06 09:08:31.0078 3724	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/06 09:08:31.0137 3724	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/06 09:08:31.0156 3724	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/06 09:08:31.0180 3724	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/06 09:08:31.0196 3724	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/06 09:08:31.0221 3724	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/06 09:08:31.0246 3724	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/06 09:08:31.0372 3724	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/06 09:08:31.0403 3724	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/06 09:08:31.0416 3724	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/06 09:08:31.0443 3724	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/06 09:08:31.0479 3724	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/06 09:08:31.0654 3724	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/06 09:08:31.0727 3724	SbieDrv         (d8a6fedfb83deedfeca8218b195495f4) E:\Sandboxie\SbieDrv.sys
2011/07/06 09:08:31.0762 3724	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/06 09:08:31.0792 3724	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/06 09:08:31.0824 3724	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/06 09:08:31.0850 3724	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/06 09:08:31.0866 3724	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/06 09:08:31.0892 3724	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/06 09:08:31.0927 3724	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/06 09:08:32.0046 3724	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/06 09:08:32.0056 3724	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/06 09:08:32.0081 3724	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/06 09:08:32.0131 3724	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/06 09:08:32.0158 3724	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/06 09:08:32.0180 3724	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/06 09:08:32.0275 3724	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/06 09:08:32.0365 3724	sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2011/07/06 09:08:32.0529 3724	srv             (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/07/06 09:08:32.0551 3724	srv2            (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/06 09:08:32.0570 3724	srvnet          (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/06 09:08:32.0614 3724	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/06 09:08:32.0655 3724	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/06 09:08:32.0844 3724	Tcpip           (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/07/06 09:08:32.0895 3724	TCPIP6          (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/06 09:08:32.0925 3724	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/06 09:08:32.0947 3724	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/06 09:08:32.0965 3724	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/06 09:08:32.0996 3724	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/06 09:08:33.0138 3724	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/06 09:08:33.0202 3724	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/06 09:08:33.0254 3724	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/06 09:08:33.0319 3724	TunnelDrv       (3473ec97b6263d72495e998f0d04dfb4) C:\Windows\system32\DRIVERS\WSR_CBA.SYS
2011/07/06 09:08:33.0453 3724	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/06 09:08:33.0485 3724	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/06 09:08:33.0521 3724	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/06 09:08:33.0546 3724	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/06 09:08:33.0574 3724	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/06 09:08:33.0637 3724	USBAAPL64       (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2011/07/06 09:08:33.0666 3724	usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/06 09:08:33.0807 3724	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/06 09:08:33.0832 3724	usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/06 09:08:33.0867 3724	usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/06 09:08:33.0899 3724	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/06 09:08:33.0937 3724	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/06 09:08:33.0957 3724	USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/06 09:08:34.0090 3724	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/06 09:08:34.0125 3724	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/06 09:08:34.0166 3724	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/06 09:08:34.0189 3724	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/06 09:08:34.0215 3724	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/06 09:08:34.0242 3724	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/06 09:08:34.0263 3724	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/06 09:08:34.0406 3724	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/06 09:08:34.0430 3724	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/06 09:08:34.0457 3724	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/06 09:08:34.0482 3724	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/07/06 09:08:34.0552 3724	wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/07/06 09:08:34.0575 3724	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/06 09:08:34.0618 3724	wacomvhid       (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/07/06 09:08:34.0778 3724	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/06 09:08:34.0787 3724	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/06 09:08:34.0827 3724	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/06 09:08:34.0860 3724	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/06 09:08:34.0908 3724	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/06 09:08:34.0926 3724	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/06 09:08:35.0080 3724	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/06 09:08:35.0147 3724	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/06 09:08:35.0197 3724	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/06 09:08:35.0249 3724	WSR_USF         (42d0234614f6365356e1d3e4ac3ad2b3) C:\Windows\system32\Drivers\WSR_USF.sys
2011/07/06 09:08:35.0270 3724	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/06 09:08:35.0379 3724	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/06 09:08:35.0440 3724	X-Rite          (1d9d643cb69654973a0551c17312034f) C:\Windows\system32\DRIVERS\XrUsb64.sys
2011/07/06 09:08:35.0475 3724	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/06 09:08:35.0489 3724	MBR (0x1B8)     (39f7a052d4ffd519e42acced17e3f572) \Device\Harddisk1\DR1
2011/07/06 09:08:35.0495 3724	\Device\Harddisk1\DR1 - detected Backdoor.Win32.Sinowal.knf (0)
2011/07/06 09:08:35.0501 3724	MBR (0x1B8)     (c1a5e26b17e02714c20979349c18dd25) \Device\Harddisk2\DR2
2011/07/06 09:08:35.0506 3724	\Device\Harddisk2\DR2 - detected Backdoor.Win32.Sinowal.knf (0)
2011/07/06 09:08:35.0528 3724	MBR (0x1B8)     (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk12\DR12
2011/07/06 09:08:42.0981 3724	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk13\DR13
2011/07/06 09:08:42.0990 3724	MBR (0x1B8)     (efc7c81313f264515d62137a5404c4e0) \Device\Harddisk14\DR15
2011/07/06 09:08:43.0805 3724	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
2011/07/06 09:08:44.0233 3724	Boot (0x1200)   (e9f4d6fb9a410629d55508f202ab4fc4) \Device\Harddisk0\DR0\Partition0
2011/07/06 09:08:44.0243 3724	Boot (0x1200)   (2417833460bb281e26b8a5b11f78066a) \Device\Harddisk1\DR1\Partition0
2011/07/06 09:08:44.0252 3724	Boot (0x1200)   (24254313a3a3d78122feb269cab3b036) \Device\Harddisk2\DR2\Partition0
2011/07/06 09:08:44.0268 3724	Boot (0x1200)   (e08f96b3546c1b3a6f980e54c9e46945) \Device\Harddisk12\DR12\Partition0
2011/07/06 09:08:44.0275 3724	Boot (0x1200)   (441096a9c34fe912606da60352f56c88) \Device\Harddisk13\DR13\Partition0
2011/07/06 09:08:44.0287 3724	Boot (0x1200)   (a51368bb04259483c8f5f0b040286db9) \Device\Harddisk3\DR3\Partition0
2011/07/06 09:08:44.0292 3724	================================================================================
2011/07/06 09:08:44.0292 3724	Scan finished
2011/07/06 09:08:44.0292 3724	================================================================================
2011/07/06 09:08:44.0299 3356	Detected object count: 2
2011/07/06 09:08:44.0299 3356	Actual detected object count: 2
2011/07/06 09:09:14.0133 3356	\Device\Harddisk1\DR1 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
2011/07/06 09:09:14.0133 3356	\Device\Harddisk1\DR1 - ok
2011/07/06 09:09:14.0133 3356	Backdoor.Win32.Sinowal.knf(\Device\Harddisk1\DR1) - User select action: Cure 
2011/07/06 09:09:14.0157 3356	\Device\Harddisk2\DR2 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
2011/07/06 09:09:14.0157 3356	\Device\Harddisk2\DR2 - ok
2011/07/06 09:09:14.0157 3356	Backdoor.Win32.Sinowal.knf(\Device\Harddisk2\DR2) - User select action: Cure 
2011/07/06 09:09:20.0786 1264	Deinitialize success
         
Ich hab schon einiges gelesen wo ich mir es eingefangen haben kann.
PDF Reader aktualisieren usw werde ich dann gleich machen wenn ich bescheid bekomme das ich den PC wieder ans Netzwerk und ins Internet lassen kann.

Und noch eine Frage.
Den Defogger hatte ich ja anfangs gestartet wie es in der Anleitung steht. Den muss ich dann wenn wir ganz fertig sind nochmal starten und dann den anderen Reiter anklicken.

Alt 07.07.2011, 05:53   #10
kira
/// Helfer-Team
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



Zitat:
Zitat von wursch Beitrag anzeigen
Den Defogger hatte ich ja anfangs gestartet wie es in der Anleitung steht. Den muss ich dann wenn wir ganz fertig sind nochmal starten und dann den anderen Reiter anklicken.
den Defogger auf wieder auf "Re-enable" stellen

1.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

2.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

3.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

4.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

5.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 07.07.2011, 23:58   #11
wursch
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



Hui das war ein ganzes Stück Arbeit. Der Onlinescan hat 8 Stunden in Anspruch genommen weil ich alle Speichermedien mit Bildern usw angeschlossen habe.
Leider finde ich davon den Log ist.
Es wurde aber nichts gefunden.

Hier die anderne Logs:

Code:
ATTFilter
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 07/07/2011 bei 02:35 PM

Version der Applikation : 4.55.1000

Version der Kern-Datenbank : 7381
Version der Spur-Datenbank : 5193

Scan Art       : kompletter Scann
Totale Scann-Zeit : 01:28:54

Gescannte Speicherelemente  : 652
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 13657
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 42956
Erfasste Datei-Elemente   : 0
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.07.2011 00:16:20 - Run 3
OTL by OldTimer - Version 3.2.26.0     Folder = C:\Users\Bobby\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 52,94% Memory free
12,00 Gb Paging File | 9,46 Gb Available in Paging File | 78,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 299,53 Gb Free Space | 64,31% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 317,12 Gb Free Space | 34,04% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 311,91 Gb Free Space | 66,97% Space Free | Partition Type: NTFS
Drive L: | 465,65 Gb Total Space | 2,74 Gb Free Space | 0,59% Space Free | Partition Type: FAT32
Drive M: | 298,09 Gb Total Space | 151,34 Gb Free Space | 50,77% Space Free | Partition Type: NTFS
Drive O: | 931,51 Gb Total Space | 107,92 Gb Free Space | 11,59% Space Free | Partition Type: NTFS
Drive T: | 7,45 Gb Total Space | 6,37 Gb Free Space | 85,48% Space Free | Partition Type: FAT32
 
Computer Name: BOBBY-PC | User Name: Bobby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.05 09:14:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
PRC - [2011.06.25 20:07:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Mozilla Firefox\firefox.exe
PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.04.21 07:52:36 | 000,269,480 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.10.04 00:16:26 | 000,063,488 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.08.15 13:36:57 | 000,178,176 | ---- | M] () -- E:\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
PRC - [2010.04.13 00:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- E:\DAEMON Tools Lite\DTLite.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.05 09:14:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.04.29 01:31:16 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.04 19:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- E:\SupantiSpy\SASCORE64.EXE -- (!SASCORE)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.21 07:52:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.27 12:06:16 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.10.04 00:16:26 | 000,063,488 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.07.13 14:26:12 | 000,719,216 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010.07.13 14:26:08 | 007,329,648 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.04.29 00:45:13 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.17 12:56:30 | 000,094,440 | ---- | M] (tzuk) [Auto | Running] -- E:\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.26 12:21:06 | 000,016,384 | ---- | M] (Alexander Seeliger Software) [Auto | Running] -- E:\Backup Service Home 3\BSHService.exe -- (Backup Service Home-Dienst)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.29 20:16:26 | 001,405,440 | ---- | M] (Wisair Ltd.) [Auto | Running] -- E:\Hama\WUSB\Association\CableAssociation.exe -- (CableAssociation)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.06.17 12:35:49 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.17 12:35:49 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.04.29 00:38:01 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.03.31 03:58:04 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.10.22 17:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009.10.22 17:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009.09.21 16:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009.08.23 13:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.02.01 18:22:16 | 000,799,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSR_HWA.SYS -- (hwa)
DRV:64bit: - [2009.02.01 18:22:16 | 000,141,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSR_RCI.SYS -- (HWARadio)
DRV:64bit: - [2009.02.01 18:22:14 | 000,440,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_DWA.SYS -- (DWA)
DRV:64bit: - [2009.01.27 13:22:08 | 000,071,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_CBA.SYS -- (TunnelDrv)
DRV:64bit: - [2009.01.08 16:18:32 | 000,046,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_USF.sys -- (WSR_USF)
DRV:64bit: - [2007.02.16 21:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007.01.29 10:01:34 | 000,033,600 | ---- | M] (X-Rite, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XrUsb64.sys -- (X-Rite)
DRV - [2010.04.17 12:56:26 | 000,134,760 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- E:\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010.02.17 20:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\SupantiSpy\sasdifsv64.sys -- (SASDIFSV)
DRV - [2010.02.17 20:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\SupantiSpy\saskutil64.sys -- (SASKUTIL)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 B7 26 59 A0 6B CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.65
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firefox\components [2011.07.04 13:12:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firefox\plugins [2011.07.07 14:45:03 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firefox\components [2011.07.04 13:12:56 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firefox\plugins [2011.07.07 14:45:03 | 000,000,000 | ---D | M]
 
[2010.04.29 00:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby\AppData\Roaming\mozilla\Extensions
[2011.07.07 14:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bobby\AppData\Roaming\mozilla\Firefox\Profiles\7ihbmt81.default\extensions
[2011.07.07 14:46:15 | 000,000,000 | ---D | M] ("Exif Viewer") -- C:\Users\Bobby\AppData\Roaming\mozilla\Firefox\Profiles\7ihbmt81.default\extensions\exif_viewer@mozilla.doslash.org
[2011.07.02 19:31:11 | 000,001,056 | ---- | M] () -- C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\7ihbmt81.default\searchplugins\icqplugin.xml
[2011.07.07 14:45:04 | 000,000,000 | ---D | M] (Java Console) -- D:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2010.04.29 01:18:57 | 000,001,300 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Bamboo Dock] E:\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] E:\SupantiSpy\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.19 21:02:05 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{42a06ce3-536b-11df-bc5b-00248c0ef764}\Shell - "" = AutoRun
O33 - MountPoints2\{42a06ce3-536b-11df-bc5b-00248c0ef764}\Shell\AutoRun\command - "" = N:\start.exe
O33 - MountPoints2\{ec09433e-5316-11df-a516-00248c0ef764}\Shell - "" = AutoRun
O33 - MountPoints2\{ec09433e-5316-11df-a516-00248c0ef764}\Shell\AutoRun\command - "" = K:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.07 14:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.07.07 14:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.07.07 14:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.07.07 14:45:03 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.07.07 14:45:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.07.07 14:45:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.07.07 14:45:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.07.07 13:03:35 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\SUPERAntiSpyware.com
[2011.07.07 13:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.07.07 13:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.07.07 13:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011.07.07 12:21:26 | 000,900,384 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Bobby\Desktop\jre-6u26-windows-i586-iftw.exe
[2011.07.05 15:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.07.05 15:12:38 | 000,000,000 | ---D | C] -- C:\Users\Bobby\Desktop\Alter log
[2011.07.05 09:45:46 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Malwarebytes
[2011.07.05 09:45:40 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.05 09:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.05 09:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.05 09:45:37 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.05 09:14:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
[2011.07.04 13:21:29 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Avira
[2011.07.04 13:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.07.04 13:18:33 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.07.04 13:18:33 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.07.04 13:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.07.01 18:50:45 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\Phase_One
[2011.07.01 18:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Phase One
[2011.07.01 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\CaptureOne
[2011.07.01 18:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phase One
[2011.07.01 18:46:24 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bobby\Desktop\TDSSKiller.exe
[2011.07.01 18:36:29 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2011.07.01 18:36:29 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011.07.01 18:36:29 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011.07.01 18:36:29 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011.07.01 18:36:29 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011.07.01 18:36:29 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2011.07.01 18:36:28 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2011.07.01 18:36:28 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011.06.28 02:36:11 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\SKIDROW
[2011.06.28 02:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011.06.27 15:24:38 | 000,000,000 | ---D | C] -- C:\Users\Bobby\Desktop\Zeitrelais
[2011.06.12 07:43:49 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Yxyni
[2011.06.12 07:43:49 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Caze
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.07 14:44:51 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.07.07 14:44:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.07.07 14:44:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.07.07 14:44:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.07.07 13:03:27 | 000,000,659 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.07.07 13:01:37 | 000,007,832 | ---- | M] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay3.prefs
[2011.07.07 13:01:29 | 000,000,497 | -H-- | M] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay3.lic
[2011.07.07 13:01:04 | 000,103,506 | ---- | M] () -- C:\Users\Bobby\Documents\cc_20110707_130053.reg
[2011.07.07 12:24:58 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.07 12:24:58 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.07 12:17:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.07 12:17:15 | 536,125,439 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.07 12:12:34 | 000,900,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Bobby\Desktop\jre-6u26-windows-i586-iftw.exe
[2011.07.05 15:24:41 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.05 15:21:45 | 000,030,259 | ---- | M] () -- C:\Users\Bobby\Desktop\hjtscanlist.bat
[2011.07.05 09:45:40 | 000,000,627 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.05 09:14:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
[2011.07.04 23:21:45 | 000,050,477 | ---- | M] () -- C:\Users\Bobby\Desktop\Defogger.exe
[2011.07.04 22:57:10 | 000,000,620 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuatoCalibrationLoader.lnk
[2011.07.04 22:57:10 | 000,000,415 | ---- | M] () -- C:\Users\Public\Desktop\iColor Display 3.7.3.0.lnk
[2011.07.04 22:18:00 | 000,089,088 | ---- | M] () -- C:\Users\Bobby\Desktop\mbr.exe
[2011.07.04 13:18:37 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.07.03 22:04:21 | 000,006,692 | ---- | M] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay.prefs
[2011.07.03 22:01:54 | 000,000,390 | ---- | M] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay.lic
[2011.07.03 00:27:19 | 000,216,179 | ---- | M] () -- C:\Users\Bobby\Desktop\klein.jpg
[2011.07.01 18:46:24 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bobby\Desktop\TDSSKiller.exe
[2011.07.01 18:40:33 | 001,588,294 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.01 18:40:33 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.01 18:40:33 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.01 18:40:33 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.01 18:40:33 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.01 18:40:20 | 001,588,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.28 02:35:06 | 000,000,596 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011.06.27 23:37:05 | 001,923,697 | ---- | M] () -- C:\Users\Bobby\Desktop\Entstehender TaT.jpg
[2011.06.26 04:30:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2011.06.17 12:35:49 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.06.17 12:35:49 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2011.07.07 13:03:27 | 000,000,659 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.07.07 13:00:57 | 000,103,506 | ---- | C] () -- C:\Users\Bobby\Documents\cc_20110707_130053.reg
[2011.07.05 15:24:41 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.05 09:45:40 | 000,000,627 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.04 23:21:39 | 000,050,477 | ---- | C] () -- C:\Users\Bobby\Desktop\Defogger.exe
[2011.07.04 22:57:10 | 000,000,415 | ---- | C] () -- C:\Users\Public\Desktop\iColor Display 3.7.3.0.lnk
[2011.07.04 22:17:59 | 000,089,088 | ---- | C] () -- C:\Users\Bobby\Desktop\mbr.exe
[2011.07.04 13:18:37 | 000,000,758 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.07.03 00:27:18 | 000,216,179 | ---- | C] () -- C:\Users\Bobby\Desktop\klein.jpg
[2011.07.01 19:25:11 | 001,923,697 | ---- | C] () -- C:\Users\Bobby\Desktop\Entstehender TaT.jpg
[2011.07.01 18:39:07 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.28 02:35:06 | 000,000,596 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011.04.23 12:40:56 | 000,006,692 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay.prefs
[2011.04.23 12:39:29 | 000,000,390 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay.lic
[2011.04.21 22:41:15 | 000,007,832 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay3.prefs
[2011.04.21 22:41:15 | 000,000,497 | -H-- | C] () -- C:\Users\Bobby\AppData\Roaming\iColorDisplay3.lic
[2011.02.09 14:09:40 | 000,000,132 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.01.17 00:27:25 | 000,001,456 | ---- | C] () -- C:\Users\Bobby\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.01.16 22:26:42 | 000,000,132 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.10.17 17:01:27 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC64.dll
[2010.10.04 00:16:26 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
[2010.09.04 23:46:41 | 000,007,606 | ---- | C] () -- C:\Users\Bobby\AppData\Local\Resmon.ResmonCfg
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.06.16 16:51:17 | 000,001,512 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.06.11 17:44:33 | 000,044,918 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.05.26 21:25:17 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini
[2010.05.05 22:10:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.29 11:13:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.04.29 03:35:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.12.18 11:58:28 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2007.12.28 17:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll
[2002.04.21 20:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002.04.19 16:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\SysWow64\libpostproc.dll
[2002.04.19 15:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2002.04.02 00:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2002.04.02 00:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002.04.02 00:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2002.02.21 18:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2001.06.22 13:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\MPEG2DEC.dll
 
========== LOP Check ==========
 
[2010.06.23 19:11:32 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Alexosoft
[2011.05.07 08:56:05 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Anthropics
[2011.07.04 13:20:48 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Caze
[2010.09.20 21:05:08 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.08.15 13:50:16 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
[2011.07.07 12:59:13 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\DAEMON Tools Lite
[2010.04.29 00:31:13 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\DAEMON Tools Pro
[2010.10.06 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\ePaperPress
[2010.04.29 02:06:30 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\FlashFXP
[2010.04.29 02:04:09 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\GardenGnomeSoftware
[2011.03.13 10:55:54 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\ICQ
[2010.10.06 23:36:21 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\jpg-Illuminator
[2010.05.06 18:55:48 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Nik Software
[2010.04.29 02:06:01 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Notepad++
[2010.05.11 23:47:07 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Orbit
[2011.05.23 21:09:43 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\PTGui
[2010.05.07 00:47:01 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.04.18 02:40:17 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\The Creative Assembly
[2011.03.11 15:50:38 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Trillian
[2010.08.15 13:37:58 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Wacom
[2010.08.15 13:38:00 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2011.07.04 13:07:14 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Yxyni
[2011.06.26 04:30:00 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2011.04.01 13:47:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Bobby\Desktop\SDIM0119.AVI:TOC.WMV

< End of report >
         
--- --- ---

[/Code]

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.07.2011 00:16:20 - Run 3
OTL by OldTimer - Version 3.2.26.0     Folder = C:\Users\Bobby\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 52,94% Memory free
12,00 Gb Paging File | 9,46 Gb Available in Paging File | 78,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 299,53 Gb Free Space | 64,31% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 317,12 Gb Free Space | 34,04% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 311,91 Gb Free Space | 66,97% Space Free | Partition Type: NTFS
Drive L: | 465,65 Gb Total Space | 2,74 Gb Free Space | 0,59% Space Free | Partition Type: FAT32
Drive M: | 298,09 Gb Total Space | 151,34 Gb Free Space | 50,77% Space Free | Partition Type: NTFS
Drive O: | 931,51 Gb Total Space | 107,92 Gb Free Space | 11,59% Space Free | Partition Type: NTFS
Drive T: | 7,45 Gb Total Space | 6,37 Gb Free Space | 85,48% Space Free | Partition Type: FAT32
 
Computer Name: BOBBY-PC | User Name: Bobby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1387BA33-3FAC-49E9-B545-0E8D3BBC550B}" = Adobe Photoshop Lightroom 3 64-bit
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = WUSB WinDrivers v.14.0.22.0
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"A35BD68D4A1B3E191138E3C9AA417190A9468F7E" = Windows-Treiberpaket - Leaf Imaging Ltd. Image  (02/11/2010 )
"CaptureOne6_is1" = Capture One 6.2
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"Sandboxie" = Sandboxie 3.442 (64-bit)
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F4B91C5-4524-02A6-1D9B-5AE52CE2E0F4}" = Bamboo Dock
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15A60757-91A9-8875-17C4-7E5C4A7E17AF}" = Livebrush Mini
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4BC51F3D-288E-433A-A428-9A9C34F7F835}" = Image Trends' Fisheye-Hemi Plug-In 1.1.6
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5979B77A-9AE6-4E75-AED8-283C5E16C02D}_is1" = Backup Service Home 3.3.1.4
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B0513493-04B9-4F21-B4AB-83E750D54256}" = Adobe Photoshop Lightroom 2.7
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda 5.5.9
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bamboo Dock" = Bamboo Dock 3.3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1" = Livebrush Mini
"Dfine 2.0" = Dfine 2.0
"DirSync" = DirSync  2.92
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"fc-prints" = fc-prints 
"HDR Efex Pro" = HDR Efex Pro
"ICQToolbar" = ICQ Toolbar
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = WUSB WinDrivers v.14.0.22.0
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"MediaPortal" = MediaPortal
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"Pano2VR" = Pano2VR - Garden Gnome Software
"Pen Tablet Driver" = Bamboo
"PokerStars.net" = PokerStars.net
"Portrait Professional Max 6_is1" = Portrait Professional Max 6.3
"Postal 2_is1" = Portal 2
"PTGui" = PTGui Pro 8.2.1
"Sharpener Pro 3.0" = Sharpener Pro 3.0
"Silver Efex Pro" = Silver Efex Pro
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"Trillian" = Trillian
"Tw500_pro_is1" = Tourweaver 5.00 Professional Edition
"ULTIMATER" = Microsoft Office Ultimate 2007
"Viveza 2" = Viveza 2
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"Warcraft III" = Warcraft III
"WinPcapInst" = WinPcap 4.1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"iColorDisplay" = iColor Display 3.7.3.0 (nur entfernen)
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.06.2011 04:21:06 | Computer Name = Bobby-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.06.2011 07:39:39 | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Acrobat.exe, Version: 9.0.0.332, 
Zeitstempel: 0x4850eb76  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdb3b  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000cdcbb  ID des fehlerhaften
 Prozesses: 0xb40  Startzeit der fehlerhaften Anwendung: 0x01cc34bee1b66d32  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 239d8cf5-a0b2-11e0-92dd-00248c0ef764
 
Error - 29.06.2011 05:24:22 | Computer Name = Bobby-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 29.06.2011 10:12:33 | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: portal2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d4c804d  Name des fehlerhaften Moduls: valve_avi.dll, Version: 0.0.0.0, Zeitstempel:
 0x4daa2f8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004473  ID des fehlerhaften Prozesses:
 0x1358  Startzeit der fehlerhaften Anwendung: 0x01cc36654c4b0a0b  Pfad der fehlerhaften
 Anwendung: E:\Portal 2\portal2.exe  Pfad des fehlerhaften Moduls: e:\portal 2\bin\valve_avi.dll
Berichtskennung:
 d4aa1c4e-a259-11e0-90f8-00248c0ef764
 
Error - 02.07.2011 02:49:20 | Computer Name = Bobby-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.07.2011 16:28:14 | Computer Name = Bobby-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.0.0.0,
 Zeitstempel: 0x4bbc5b10  Name des fehlerhaften Moduls: HDR Efex Pro.8bf_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4ca9115a  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x000007fee5d15b45  ID des fehlerhaften Prozesses: 0x1304  Startzeit der fehlerhaften
 Anwendung: 0x01cc38e9e230a41e  Pfad der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe
 Photoshop CS5 (64 Bit)\Photoshop.exe  Pfad des fehlerhaften Moduls: HDR Efex Pro.8bf
Berichtskennung:
 cf7f3bba-a4e9-11e0-a9ff-00248c0ef764
 
Error - 03.07.2011 04:46:26 | Computer Name = Bobby-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 04.07.2011 18:30:51 | Computer Name = Bobby-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 05.07.2011 20:19:47 | Computer Name = Bobby-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 07.07.2011 06:41:00 | Computer Name = Bobby-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 03.01.2011 11:54:31 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
Error - 04.01.2011 07:53:20 | Computer Name = Bobby-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk8\DR8 gefunden.
 
Error - 04.01.2011 09:47:37 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
Error - 05.01.2011 06:41:57 | Computer Name = Bobby-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 05.01.2011 07:12:50 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
Error - 07.01.2011 19:13:24 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
Error - 08.01.2011 09:01:17 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
Error - 08.01.2011 13:00:45 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
Error - 09.01.2011 16:17:04 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
Error - 15.01.2011 07:34:15 | Computer Name = Bobby-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
--- --- ---

[/Code]

Bin echt total Dankbar für die Hilfe!
Alleine hätte ich das nie hinbekommen.

Und irgendwie ist das auch schon spannend zu sehen was am nächsten Tag gemacht werden muss.

Alt 08.07.2011, 06:14   #12
kira
/// Helfer-Team
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



Hast Du die folgenden Zeilen in der Hosts selbst eingetragen bzw absichtlich zugefügt? Wenn ja, warum?
Zitat:
O1 HOSTS File: ([2010.04.29 01:18:57 | 000,001,300 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 08.07.2011, 10:07   #13
wursch
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



Ja das hab ich geändert weil Photoshop und die ganzen Adobe Produkte wie Bridge usw sich automatisch updaten wollen und das immer aufpoppt.

Habe gelesen das man den Lokalhost angeben soll und dann greift das nichtmehr ständig aufs Internet zu

Updaten kann ich nun einzelne Komponenten seperat indem ich beispielsweise das Cameraraw Update manuell von Adobe herunterlade.

Noch eine Sache war das ich Filterplugins für Photoshop habe die nur 32 Bit unterstützen und nicht unter dem Photpshop 64 Bit laufen.
Das heisst ich hab immer meine ältere Version von (CS4) und benutze damit die Plugins.
Zum sonstigen Bildbearbeiten nehme ich dann die 64 Bit Version (CS5).

Alt 09.07.2011, 07:46   #14
kira
/// Helfer-Team
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 09.07.2011, 10:21   #15
wursch
 
BOO/Sinowal.F in Masterbootsektor - Standard

BOO/Sinowal.F in Masterbootsektor



Keine Auffälligkeiten,
keine Probleme

Ich freu mich total!

Antwort

Themen zu BOO/Sinowal.F in Masterbootsektor
adware.adrotator, aktion, behauptet, boo/sinowal.f, boo/sinowal.f., code, cs4/contributeieplugin.dll, datei, error, gen, hacktool.wpakill, handle, log, malware.trace, mas, masterbootsektor, nichts, programm, steal, stealth, trojan.agent, trojan.downloader, trojan.fraudtool, unerwünschtes, unerwünschtes programm



Ähnliche Themen: BOO/Sinowal.F in Masterbootsektor


  1. BOO/TDss.O im Masterbootsektor
    Log-Analyse und Auswertung - 17.04.2014 (11)
  2. Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)
    Log-Analyse und Auswertung - 14.09.2012 (27)
  3. BOO/Dosump.A in Masterbootsektor
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (5)
  4. Boo.Whistler.A im Masterbootsektor
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (1)
  5. BOO/TDss.M in Masterbootsektor
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (22)
  6. Wie entferne ich BDS/Sinowal.knfal oder generell Sinowal?
    Plagegeister aller Art und deren Bekämpfung - 31.12.2011 (17)
  7. BDS/Sinowal.knfal im Masterbootsektor HDO sagt Virenprogramm
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (12)
  8. Boo Whistler im Masterbootsektor
    Log-Analyse und Auswertung - 07.09.2011 (18)
  9. 'BOO/Sinowal.F' im Masterbootsektor gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.03.2011 (11)
  10. RKIT/MBR.Sinowal.J ...Boo/Sinowal.C ...W32/Stanit
    Plagegeister aller Art und deren Bekämpfung - 25.02.2011 (15)
  11. BOO/Sinowal.F in Masterbootsektor und Bootsektor D (Win Xp SP 2)
    Plagegeister aller Art und deren Bekämpfung - 24.09.2010 (24)
  12. BOO/Sinowal.F im Masterbootsektor entdeckt - Brauche schnelle Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 15.09.2010 (7)
  13. Masterbootsektor mit BOO/Sinowal.F infiziert
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (11)
  14. BOO/Sinowal.F in Masterbootsektor
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (17)
  15. BOO/Sinowal.C im Masterbootsektor
    Plagegeister aller Art und deren Bekämpfung - 19.07.2009 (6)
  16. AntiVir Warnung im Masterbootsektor
    Log-Analyse und Auswertung - 12.11.2008 (9)
  17. Masterbootsektor HD5 BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 08.09.2008 (24)

Zum Thema BOO/Sinowal.F in Masterbootsektor - Ich habe wie der Titel schon sagt ein Sinowal-F Problem. Jedenfalls behauptet Antivir das ich es in Masterbotsektor 1 und 2 hätte Zitat: Die Datei 'Masterbootsektor HD2' enthielt einen Virus - BOO/Sinowal.F in Masterbootsektor...
Archiv
Du betrachtest: BOO/Sinowal.F in Masterbootsektor auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.