Office läst sich nicht starten auch nicht nach neuinstallation Malware?

NoobTroll · 12.10.2010, 01:37

Office wurde schon x mal Deinstalliert und Installiert ohne Fehler,
Microsoft Office2007 doch immer der gleiche fehler, desweiteren
werden Systemlogs haufen Sicherheits Erfolgsüberwachungen eingetragen,
HijackThis hatt auch nicht gleich gestartet, hab auf Test.exe umgetauft
HijackThis.exe hatt sich nie gestartet.

Bitte um überprüfung ob was schief ist.

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:33:59, on 12.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Bs4\EXE\AInstallService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
C:\Programme\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Programme\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\TeamViewer\Version5\TeamViewer.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\EFI\EFI Designer Edition\EFI_Designer_Edition_Control.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Downloads\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.gmx.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EFI_Designer_Edition_Control] "C:\Programme\EFI\EFI Designer Edition\EFI_Designer_Edition_Control.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "E:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Google Sidewiki... - res://E:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196936908733
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - h**p://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6775B23-B38F-4D9D-BF3D-0A4D57E84189}: NameServer = 213.33.99.70,80.120.17.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{22C7C0A4-AC09-40D4-AB99-3F999D88813B}: NameServer = 213.33.99.70,80.120.17.70
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: AUER Install-Service - Unknown owner - C:\Bs4\EXE\AInstallService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Programme\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programme\UltraVNC\WinVNC.exe

--
End of file - 10781 bytes

Bitte sagen fals noch welche logs benötigt werden.
Ps.: C:\ D:\= Festplatte mit system und daten partition; f:\ g:\ DVD-Laufwerke E:\ hab ich z.b. nicht einmal.

Chris4You · 12.10.2010, 08:31

Hi,

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

chris

NoobTroll · 12.10.2010, 12:36

Benutzer wurde durch MaxMuster ersetzt.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4799

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12.10.2010 13:32:25
mbam-log-2010-10-12 (13-32-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 305047
Laufzeit: 56 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\MaxMuster\Anwendungsdaten\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR08.062\MaxMuster\Anwendungsdaten\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\MaxMuster\Anwendungsdaten\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{958617B5-D426-4C54-A150-BCC2DED80B40}\RP467\A0075022.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\MaxMuster\Anwendungsdaten\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.

Chris4You · 12.10.2010, 13:16

Hi,

poste noch das OTL-Log...

chris

NoobTroll · 12.10.2010, 13:34

otl.txt
user wieder mit maxmuster und http mit h**p ersetzt
Gernot ist ein 2 Benutzer der nicht mehr verwendet wird.

Code:

ATTFilter

OTL logfile created on: 12.10.2010 14:21:05 - Run 1
OTL by OldTimer - Version 3.2.15.1     Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 81,74 Gb Total Space | 55,05 Gb Free Space | 67,35% Space Free | Partition Type: NTFS
Drive D: | 384,02 Gb Total Space | 371,92 Gb Free Space | 96,85% Space Free | Partition Type: NTFS
Drive O: | 446,22 Gb Total Space | 282,10 Gb Free Space | 63,22% Space Free | Partition Type: NTFS
Drive R: | 446,22 Gb Total Space | 282,10 Gb Free Space | 63,22% Space Free | Partition Type: NTFS
Drive U: | 446,22 Gb Total Space | 282,10 Gb Free Space | 63,22% Space Free | Partition Type: NTFS
 
Computer Name: KALKULATIONZIBA | User Name: MaxMuster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\WINDOWS\system32\rdpclip.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\UltraVNC\winvnc.exe (UltraVNC)
PRC - C:\Programme\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\EFI\EFI Designer Edition\EFI_Designer_Edition_Control.exe (Electronics for Imaging)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\BS4\EXE\AInstallService.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Norton Internet Security\Engine\18.1.0.37\asOEHook.dll (Symantec Corporation)
MOD - C:\Programme\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\msvcr90.dll (Microsoft Corporation)
MOD - C:\Programme\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\msvcp90.dll (Microsoft Corporation)
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (GEARSecurity) -- C:\WINDOWS\System32\GEARSec.exe File not found
SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (NIS) -- C:\Programme\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (DWMRCS) -- C:\WINDOWS\System32\DWRCS.EXE (DameWare Development LLC)
SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Autodesk Licensing Service) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (winvnc) -- C:\Programme\UltraVNC\WinVNC.exe (UltraVNC)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (AUER Install-Service) -- C:\BS4\EXE\AInstallService.exe ()
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (symsnap) -- C:\WINDOWS\System32\DRIVERS\symsnap.sys File not found
DRV - (SymIM) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found
DRV - (EverestDriver) -- H:\Everest UE 4.20.1183-reg\kerneld.wnt File not found
DRV - (NAVEX15) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101011.054\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101011.054\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101011.001\IDSXpx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys (Symantec Corporation)
DRV - (CBUSB) -- C:\WINDOWS\system32\drivers\CBUSB.sys (MARX CryptoTech LP)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1201000.025\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMDS.SYS (Symantec Corporation)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (dwvkbd) -- C:\WINDOWS\system32\drivers\dwvkbd.sys (DameWare)
DRV - (DwMirror) -- C:\WINDOWS\system32\drivers\DamewareMini.sys (DameWare Development, Inc.)
DRV - (WIBUKEY) -- C:\WINDOWS\system32\drivers\WibuKey.sys (WIBU-SYSTEMS AG)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\RTL8187.sys (Realtek Semiconductor Corporation                           )
DRV - (ADIDTSFiltService) -- C:\WINDOWS\system32\drivers\adidts.sys (Analog Devices, Inc.)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows (R) 2000 DDK provider)
DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (RT61) Linksys Wireless-G PCI Adapter Driver(RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (vnccom) -- C:\WINDOWS\system32\drivers\vnccom.SYS (RDV Soft)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = h**p://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.gmx.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "h**p://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "h**p://www.gmx.at/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.1
 
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010.10.05 22:29:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010.10.05 22:28:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.28 03:27:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.12 01:49:37 | 000,000,000 | ---D | M]
 
[2010.08.27 22:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MaxMuster\Anwendungsdaten\Mozilla\Extensions
[2010.10.12 00:31:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MaxMuster\Anwendungsdaten\Mozilla\Firefox\Profiles\37e89ex7.default\extensions
[2010.10.05 22:42:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\MaxMuster\Anwendungsdaten\Mozilla\Firefox\Profiles\37e89ex7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.09 17:06:24 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\MaxMuster\Anwendungsdaten\Mozilla\Firefox\Profiles\37e89ex7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.10.12 00:31:15 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.04 11:17:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.22 18:57:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.04 10:48:22 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009.03.24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.08.28 03:27:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.28 03:27:31 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.28 03:27:31 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.28 03:27:31 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.28 03:27:31 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2002.08.29 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [EFI_Designer_Edition_Control] C:\Programme\EFI\EFI Designer Edition\EFI_Designer_Edition_Control.exe (Electronics for Imaging)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [swg] E:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196936908733 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} h**p://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} h**p://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.96.0.4 195.70.224.45
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\MaxMuster\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\MaxMuster\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.05 20:45:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c58951f2-3932-11dc-8ac3-000fb572e563}\Shell - "" = AutoRun
O33 - MountPoints2\{c58951f2-3932-11dc-8ac3-000fb572e563}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c58951f2-3932-11dc-8ac3-000fb572e563}\Shell\AutoRun\command - "" = F:\OnSpcLCK.exe -- File not found
O33 - MountPoints2\{d5c8bc4c-377d-11dd-b545-0018f304ef7b}\Shell - "" = AutoRun
O33 - MountPoints2\{d5c8bc4c-377d-11dd-b545-0018f304ef7b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d5c8bc4c-377d-11dd-b545-0018f304ef7b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.12 12:20:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MaxMuster\Anwendungsdaten\Malwarebytes
[2010.10.12 12:19:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.10.12 12:19:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.10.12 12:19:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.12 12:19:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.10.12 01:46:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010.10.12 01:45:46 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.10.12 01:11:25 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio
[2010.10.12 00:27:14 | 000,000,000 | ---D | C] -- C:\Programme\HD Tune
[2010.10.11 06:05:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MaxMuster\Desktop\Microsoft Office 2007
[2010.10.11 05:31:37 | 000,000,000 | ---D | C] -- C:\Downloads
[2010.10.07 17:27:57 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010.10.06 04:43:40 | 000,000,000 | ---D | C] -- C:\NBRT
[2010.10.05 23:00:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Adobe PDF
[2010.10.05 22:37:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MaxMuster\Desktop\system
[2010.10.05 22:29:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Symantec
[2010.10.05 22:29:00 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010.10.05 22:29:00 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010.10.05 22:29:00 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2010.10.05 22:28:46 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1201000.025\SymEFA.sys
[2010.10.05 22:28:46 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1201000.025\srtsp.sys
[2010.10.05 22:28:46 | 000,369,072 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1201000.025\symtdi.sys
[2010.10.05 22:28:46 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1201000.025\SymDS.sys
[2010.10.05 22:28:46 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1201000.025\symtdiv.sys
[2010.10.05 22:28:46 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1201000.025\symnets.sys
[2010.10.05 22:28:46 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1201000.025\srtspx.sys
[2010.10.05 22:28:45 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1201000.025\Ironx86.sys
[2010.10.05 22:28:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2010.10.05 22:28:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1201000.025
[2010.10.05 22:28:26 | 000,000,000 | ---D | C] -- C:\Programme\Norton Internet Security
[2010.10.05 22:28:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton
[2010.10.05 22:26:52 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2010.10.05 22:26:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller
[2010.10.05 19:56:05 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\MaxMuster\Recent
[2010.10.05 19:55:22 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.10.05 19:54:56 | 000,000,000 | ---D | C] -- U:\Eigene Dateien\MaxMuster\Downloads
[2010.10.05 17:22:39 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.10.05 15:48:57 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.10.05 15:46:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.10.05 07:29:20 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010.09.21 14:05:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MaxMuster\Desktop\Disg
[2010.09.12 16:12:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MaxMuster\Lokale Einstellungen\Anwendungsdaten\Ahead
[2010.09.12 14:57:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EFI
[2010.04.22 16:52:03 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe60F.dll
[2010.04.22 16:35:41 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe490.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 U:\Eigene Dateien\MaxMuster\*.tmp files -> U:\Eigene Dateien\MaxMuster\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.12 14:23:08 | 2675,524,607 | ---- | M] () -- U:\Eigene Dateien\MaxMuster\MaxMuster08.pst
[2010.10.12 14:23:07 | 294,601,728 | ---- | M] () -- U:\Eigene Dateien\MaxMuster\archive.pst
[2010.10.12 14:12:50 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
[2010.10.12 14:12:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.12 14:01:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.10.12 13:49:00 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_TECHNIK_Gernot.job
[2010.10.12 13:39:04 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System32\PSLOG
[2010.10.12 13:38:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.12 13:38:57 | 000,376,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.12 12:25:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.10.12 12:16:29 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\MaxMuster\Desktop\Microsoft Office Outlook 2007.lnk
[2010.10.06 05:40:18 | 000,009,088 | ---- | M] () -- C:\Dokumente und Einstellungen\MaxMuster\Desktop\outlook_ie_thunderbird_passwort_show.zip
[2010.10.05 23:02:16 | 000,001,720 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2010.10.05 22:29:13 | 000,698,594 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\Cat.DB
[2010.10.05 22:29:00 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010.10.05 22:29:00 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010.10.05 22:29:00 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010.10.05 22:29:00 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010.10.05 22:22:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\schass
[2010.10.05 19:57:18 | 000,228,276 | ---- | M] () -- U:\Eigene Dateien\MaxMuster\cc_20101005_195709.reg
[2010.09.30 07:44:38 | 004,215,568 | ---- | M] () -- U:\Eigene Dateien\MaxMuster\Zimmermann EG-Neu 17 10 07.pln
[2010.09.14 12:12:00 | 000,032,272 | ---- | M] () -- U:\Eigene Dateien\MaxMuster\Tiefbau.xlsx
[2010.09.14 12:04:00 | 000,013,116 | ---- | M] () -- U:\Eigene Dateien\MaxMuster\Zusammenfassung.xlsx
[2010.09.13 16:11:03 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010.09.13 15:46:08 | 000,012,676 | ---- | M] () -- U:\Eigene Dateien\MaxMuster\Stahl.xlsx
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 U:\Eigene Dateien\MaxMuster\*.tmp files -> U:\Eigene Dateien\MaxMuster\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.12 01:59:38 | 000,002,607 | ---- | C] () -- C:\Dokumente und Einstellungen\MaxMuster\Desktop\Microsoft Office Outlook 2007.lnk
[2010.10.05 23:02:16 | 000,002,319 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
[2010.10.05 23:02:16 | 000,001,720 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2010.10.05 22:29:04 | 000,698,594 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\Cat.DB
[2010.10.05 22:28:35 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\SymEFA.inf
[2010.10.05 22:28:35 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\SymDS.inf
[2010.10.05 22:28:35 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\SymNetV.inf
[2010.10.05 22:28:35 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\SymNet.inf
[2010.10.05 22:28:35 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\srtspx.inf
[2010.10.05 22:28:35 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\srtsp.inf
[2010.10.05 22:28:35 | 000,000,741 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\Iron.inf
[2010.10.05 22:28:29 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\symnetv.cat
[2010.10.05 22:28:29 | 000,007,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\SymNet.cat
[2010.10.05 22:28:28 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\SymEFA.cat
[2010.10.05 22:28:28 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\srtspx.cat
[2010.10.05 22:28:28 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\SymDS.cat
[2010.10.05 22:28:28 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\srtsp.cat
[2010.10.05 22:28:28 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\iron.cat
[2010.10.05 22:28:28 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\isolate.ini
[2010.10.05 22:18:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\schass
[2010.10.05 19:57:15 | 000,228,276 | ---- | C] () -- U:\Eigene Dateien\MaxMuster\cc_20101005_195709.reg
[2010.09.30 07:44:29 | 004,215,568 | ---- | C] () -- U:\Eigene Dateien\MaxMuster\Zimmermann EG-Neu 17 10 07.pln
[2010.09.13 16:06:53 | 000,013,116 | ---- | C] () -- U:\Eigene Dateien\MaxMuster\Zusammenfassung.xlsx
[2010.09.13 16:06:36 | 000,012,676 | ---- | C] () -- U:\Eigene Dateien\MaxMuster\Stahl.xlsx
[2010.09.13 16:06:07 | 000,032,272 | ---- | C] () -- U:\Eigene Dateien\MaxMuster\Tiefbau.xlsx
[2010.08.28 01:04:29 | 000,000,094 | ---- | C] () -- C:\WINDOWS\InstallDE.ini
[2010.08.27 23:16:28 | 024,064,302 | ---- | C] () -- C:\Programme\BS4_5.rar
[2010.08.27 22:54:19 | 000,020,480 | ---- | C] () -- C:\Dokumente und Einstellungen\MaxMuster\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.27 22:54:19 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\MaxMuster\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.08.27 22:53:27 | 000,000,239 | ---- | C] () -- C:\Dokumente und Einstellungen\MaxMuster\Anwendungsdaten\default.rss
[2009.12.14 12:40:09 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2008.12.11 12:12:20 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll
[2008.12.11 12:12:20 | 000,000,101 | ---- | C] () -- C:\WINDOWS\PSXLPR.INI
[2008.07.13 20:51:51 | 000,000,713 | ---- | C] () -- C:\WINDOWS\System32\DWRCCMDError.ini
[2008.07.12 13:12:42 | 000,008,782 | ---- | C] () -- C:\WINDOWS\System32\DWRCS.INI
[2008.06.21 19:16:25 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008.06.21 19:15:42 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008.06.08 06:23:25 | 000,012,618 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LuUninstall.LiveUpdate
[2008.06.04 09:44:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.04.24 17:28:32 | 000,000,296 | ---- | C] () -- C:\WINDOWS\PlotFlow.INI
[2008.04.09 15:12:01 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2008.03.21 15:03:48 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.03.04 16:08:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.01.31 11:28:03 | 000,000,072 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008.01.31 11:28:02 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2008.01.30 12:12:13 | 000,000,996 | ---- | C] () -- C:\WINDOWS\AuerSetups.ini
[2008.01.27 21:38:54 | 000,000,056 | ---- | C] () -- C:\WINDOWS\hpdj500.ini
[2007.12.06 16:42:31 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.12.06 16:29:18 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.12.05 20:51:15 | 000,024,776 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007.12.05 20:51:00 | 000,024,376 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.12.05 20:50:58 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007.12.05 20:50:55 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.12.05 20:37:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.10.04 18:14:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.10.04 18:14:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.10.04 18:14:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.10.04 18:14:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.10.04 18:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.08.27 16:44:34 | 002,326,528 | ---- | C] () -- C:\WINDOWS\System32\ccme_eccaccel.dll
[2007.08.27 16:44:34 | 000,901,120 | ---- | C] () -- C:\WINDOWS\System32\ccme_ecc.dll
[2007.08.27 16:44:34 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\ccme_base.dll
[2007.08.27 16:44:34 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\cryptocme2.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 116 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6B364EF3

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 12.10.2010 14:21:05 - Run 1
OTL by OldTimer - Version 3.2.15.1     Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 81,74 Gb Total Space | 55,05 Gb Free Space | 67,35% Space Free | Partition Type: NTFS
Drive D: | 384,02 Gb Total Space | 371,92 Gb Free Space | 96,85% Space Free | Partition Type: NTFS
Drive O: | 446,22 Gb Total Space | 282,10 Gb Free Space | 63,22% Space Free | Partition Type: NTFS
Drive R: | 446,22 Gb Total Space | 282,10 Gb Free Space | 63,22% Space Free | Partition Type: NTFS
Drive U: | 446,22 Gb Total Space | 282,10 Gb Free Space | 63,22% Space Free | Partition Type: NTFS
 
Computer Name: KALKULATIONZIBA | User Name: MaxMuster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.scr [@ = AutoCADScriptFile] -- E:\WINDOWS\system32\notepad.exe File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22009
"6129:TCP" = 6129:TCP:LocalSubNet:Enabled:DameWare Mini Remote Control Service
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Graphisoft\ArchiCAD 10\ArchiCAD.exe" = C:\Programme\Graphisoft\ArchiCAD 10\ArchiCAD.exe:*:Enabled:ArchiCAD 10.0.0 Component -- (Graphisoft R&D)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\IFXADR2.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\IFXADR2.EXE:*:Enabled:Adressbuch -- (RICOH Co.,Ltd.)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{235BBFC6-D863-4066-A01A-3BD504C31031}" = Nero 7 Ultra Edition
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 21
"{2FEA5F73-9E83-47A9-99E8-47CDDC949C7F}" = AUER Success 2005 R2
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5783F2D7-4001-0407-0002-0060B0CE6BBA}" = AutoCAD 2006 - Deutsch
"{5783F2D7-4004-0407-0002-0060B0CE6BBA}" = Autodesk Architectural Desktop 2006 - Deutsch
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F99A160-EF05-4523-94EA-91853B9734FF}" = HP Designjet 500 - 800 series
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B3F4499-32E6-470D-8586-E6C03420F889}" = ASUS WiFi-AP Solo
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{975C8028-51D8-44A9-9585-82E9810FE96A}" = hp LaserJet 1000
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B17B605B-C603-4BC7-A515-BD8F02F97A0C}" = EFI Designer Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9C13822-A638-4331-99A3-4498A5901693}" = Media Go
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F038622F-6F90-432F-8116-2B49C8D7A806}" = AUER Success NG
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"001FFFFFFF10FF00FF0901F05F02F000-R1" = ArchiCAD 10 R1 AUT
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"CCleaner" = CCleaner
"DamewareMirror" = DameWare Development Mirror Driver Uninstall
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"GanttProject" = GanttProject
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"hp deskjet 995c series_Driver" = hp deskjet 995c series
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2FEA5F73-9E83-47A9-99E8-47CDDC949C7F}" = AUER Success 2005
"LAN-Fax Dienstprogramme" = LAN-Fax Dienstprogramme
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"PrintServer Network driver" = PrintServer Network driver
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WET7Cable" = Windows-EasyTransfer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.10.2010 21:04:02 | Computer Name = KALKULATIONZIBA | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft .NET Framework 3.5 SP1 -- Bei der Installation 
dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das
 Paket betreffendes Problem vor. Der Fehlercode ist 2908. Argumente: {DFA7A51E-D3DB-499C-B31C-C175F1C42640},
 , 
 
Error - 11.10.2010 21:04:02 | Computer Name = KALKULATIONZIBA | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft .NET Framework 3.5 SP1 -- Bei der Installation 
dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das
 Paket betreffendes Problem vor. Der Fehlercode ist 2908. Argumente: {29F5E014-84A2-4323-A79D-8D3A1353201E},
 , 
 
Error - 11.10.2010 21:04:02 | Computer Name = KALKULATIONZIBA | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft .NET Framework 3.5 SP1 -- Bei der Installation 
dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das
 Paket betreffendes Problem vor. Der Fehlercode ist 2908. Argumente: {7D20733A-394B-4460-80E9-7D22FCC9D02F},
 , 
 
Error - 11.10.2010 21:04:02 | Computer Name = KALKULATIONZIBA | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft .NET Framework 3.5 SP1 -- Bei der Installation 
dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das
 Paket betreffendes Problem vor. Der Fehlercode ist 2908. Argumente: {E8DBD7C9-15EA-4CB8-9C45-2C8656498C8B},
 , 
 
Error - 11.10.2010 21:04:02 | Computer Name = KALKULATIONZIBA | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft .NET Framework 3.5 SP1 -- Bei der Installation 
dieses Pakets ist ein unerwarteter Fehler aufgetreten. Es liegt eventuell ein das
 Paket betreffendes Problem vor. Der Fehlercode ist 2908. Argumente: {61775C9A-C3D3-4B0A-BB9B-A202EFD2F892},
 , 
 
Error - 11.10.2010 21:04:02 | Computer Name = KALKULATIONZIBA | Source = MsiInstaller | ID = 11935
Description = Produkt: Microsoft .NET Framework 3.5 SP1 -- Error 1935.Während der
 Installation der Assembly "System.Web.Extensions,version="3.5.0.0",publicKeyToken="31bf3856ad364e35",processorArchitecture="MSIL",fileVersion="3.5.30729.3644",culture="neutral""
 ist ein Fehler aufgetreten. Weitere Informationen finden Sie unter Hilfe und Support.
 HRESULT: 0x8002802F, Assemblyschnittstelle: , Funktion: CreateAssemblyCache, Komponente:
 {6DFB7651-EAF0-4E6B-824E-8CE0562BAD2D}
 
Error - 11.10.2010 21:04:02 | Computer Name = KALKULATIONZIBA | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 3.5 SP1 - Update "KB2416473" konnte
 nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei
 C:\WINDOWS\system32\config\SYSTEM~1\LOKALE~1\Temp\Microsoft .NET Framework 3.5-KB2416473_20101012_010357515-Msi0.txt
 enthalten.
 
Error - 12.10.2010 01:32:00 | Computer Name = KALKULATIONZIBA | Source = Windows Search Service | ID = 3083
Description = Fehler beim Laden des Protokollhandlers Search.OneIndexHandler.1. 
Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden.  .  
 
Error - 12.10.2010 06:16:30 | Computer Name = KALKULATIONZIBA | Source = Windows Search Service | ID = 3083
Description = Fehler beim Laden des Protokollhandlers Search.OneIndexHandler.1. 
Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden.  .  
 
Error - 12.10.2010 07:40:08 | Computer Name = KALKULATIONZIBA | Source = Windows Search Service | ID = 3083
Description = Fehler beim Laden des Protokollhandlers Search.OneIndexHandler.1. 
Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden.  .  
 
[ System Events ]
Error - 11.10.2010 19:44:47 | Computer Name = KALKULATIONZIBA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "WSearch"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error - 11.10.2010 19:44:48 | Computer Name = KALKULATIONZIBA | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows
 Search.
 
Error - 11.10.2010 19:44:48 | Computer Name = KALKULATIONZIBA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 11.10.2010 19:51:43 | Computer Name = KALKULATIONZIBA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "WSearch"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error - 11.10.2010 19:51:43 | Computer Name = KALKULATIONZIBA | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows
 Search.
 
Error - 11.10.2010 19:51:43 | Computer Name = KALKULATIONZIBA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 11.10.2010 21:00:39 | Computer Name = KALKULATIONZIBA | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Security Update for Microsoft .NET Framework 
1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447)
 
Error - 11.10.2010 21:02:21 | Computer Name = KALKULATIONZIBA | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Security Update for Microsoft .NET Framework 
2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241)
 
Error - 11.10.2010 21:03:59 | Computer Name = KALKULATIONZIBA | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Microsoft .NET Framework*3.5 SP1- und .NET Framework
 2.0 SP2-Update für Windows Server*2003 und Windows*XP x86 (KB982524)
 
Error - 11.10.2010 21:04:09 | Computer Name = KALKULATIONZIBA | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Security Update for Microsoft .NET Framework 
3.5 SP1 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86
 (KB2416473)
 
 
< End of report >

Danke für die hilfe Chris

Chris4You · 12.10.2010, 14:08

Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe60F.dll
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe490.dll
C:\WINDOWS\System32\Bot.dll
C:\WINDOWS\pw32a.dll
C:\WINDOWS\patchw32.dll

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [swg] E:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O33 - MountPoints2\{c58951f2-3932-11dc-8ac3-000fb572e563}\Shell - "" = AutoRun
O33 - MountPoints2\{c58951f2-3932-11dc-8ac3-000fb572e563}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c58951f2-3932-11dc-8ac3-000fb572e563}\Shell\AutoRun\command - "" = F:\OnSpcLCK.exe -- File not found
O33 - MountPoints2\{d5c8bc4c-377d-11dd-b545-0018f304ef7b}\Shell - "" = AutoRun
O33 - MountPoints2\{d5c8bc4c-377d-11dd-b545-0018f304ef7b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d5c8bc4c-377d-11dd-b545-0018f304ef7b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
[2010.10.12 14:01:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job


:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = dword:0x00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = dword:0x00


:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

chris

NoobTroll · 12.10.2010, 23:05

Die logs der 4 Files von VirusTotal:

Angeordnet laut angegebener Liste von dir.

Code:

ATTFilter

File name:
hpe60F.dll
Submission date:
2010-10-12 13:59:41 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 43 (0.0%)
	
VT Community

not reviewed
 Safety score: - 
Compact
Print results
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2010.10.12.02	2010.10.12	-
AntiVir	7.10.12.190	2010.10.12	-
Antiy-AVL	2.0.3.7	2010.10.12	-
Authentium	5.2.0.5	2010.10.12	-
Avast	4.8.1351.0	2010.10.12	-
Avast5	5.0.594.0	2010.10.12	-
AVG	9.0.0.851	2010.10.12	-
BitDefender	7.2	2010.10.12	-
CAT-QuickHeal	11.00	2010.10.12	-
ClamAV	0.96.2.0-git	2010.10.12	-
Comodo	6364	2010.10.12	-
DrWeb	5.0.2.03300	2010.10.12	-
Emsisoft	5.0.0.50	2010.10.12	-
eSafe	7.0.17.0	2010.10.12	-
eTrust-Vet	36.1.7906	2010.10.12	-
F-Prot	4.6.2.117	2010.10.11	-
F-Secure	9.0.15370.0	2010.10.12	-
Fortinet	4.2.249.0	2010.10.12	-
GData	21	2010.10.12	-
Ikarus	T3.1.1.90.0	2010.10.12	-
Jiangmin	13.0.900	2010.10.12	-
K7AntiVirus	9.65.2724	2010.10.11	-
Kaspersky	7.0.0.125	2010.10.12	-
McAfee	5.400.0.1158	2010.10.12	-
McAfee-GW-Edition	2010.1C	2010.10.12	-
Microsoft	1.6201	2010.10.12	-
NOD32	5524	2010.10.12	-
Norman	6.06.07	2010.10.11	-
nProtect	2010-10-12.01	2010.10.12	-
Panda	10.0.2.7	2010.10.12	-
PCTools	7.0.3.5	2010.10.12	-
Prevx	3.0	2010.10.12	-
Rising	22.69.01.04	2010.10.12	-
Sophos	4.58.0	2010.10.12	-
Sunbelt	7043	2010.10.12	-
SUPERAntiSpyware	4.40.0.1006	2010.10.12	-
Symantec	20101.2.0.161	2010.10.12	-
TheHacker	6.7.0.1.055	2010.10.12	-
TrendMicro	9.120.0.1004	2010.10.12	-
TrendMicro-HouseCall	9.120.0.1004	2010.10.12	-
VBA32	3.12.14.1	2010.10.12	-
ViRobot	2010.9.25.4060	2010.10.12	-
VirusBuster	12.67.13.0	2010.10.11	-
Additional information
Show all
MD5   : cbf470b77b2db2f25c56e05ce391f18a
SHA1  : a7b49ae6c6ab2f51d27bea49c624680066315676
SHA256: 45a2f8fae3d3284373a0a7b4927f2bb3757cd39abecb2b0e7c26540fc52618d1
ssdeep: 1536:ozd7hp4RSHW845Q79h13eUXumGshGkPmXKtjh/grW+rqt9ah5YcGCiW60hx0/:ox7hp4wF
7pOUxEXAaWVt9ah5Yc3ikb
File size : 148736 bytes
First seen: 2009-06-13 12:16:41
Last seen : 2010-10-12 13:59:41
TrID:
DirectShow filter (77.7%)
Win32 Executable MS Visual C++ (generic) (14.5%)
Win32 Executable Generic (3.2%)
Win32 Dynamic Link Library (generic) (2.9%)
Generic Win/DOS Executable (0.7%)
sigcheck:
publisher....: Avanquest Software
copyright....: (c) Avanquest Software. All rights reserved.
product......: n/a
description..: IElevator Class Container
original name: hpe.dll
internal name: hpe.dll
file version.: 1.0.0.1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x99A2
timedatestamp....: 0x48FC5993 (Mon Oct 20 10:12:35 2008)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x136AC, 0x14000, 6.53, 80e52cbc0030ab9449bfc8d6568c1d12
.orpc, 0x15000, 0x10B, 0x1000, 0.63, d8694bc4991f6d3aeb70d641fa9d0c27
.rdata, 0x16000, 0x5250, 0x6000, 4.73, 31c12082bb7762abe7f95f89a439ba47
.data, 0x1C000, 0x3360, 0x2000, 2.47, 2062d0ef765365095d27a6c56f108d70
.rsrc, 0x20000, 0x1758, 0x2000, 5.03, 19d1be11dad75848d23b02583af72a4c
.reloc, 0x22000, 0x21B4, 0x3000, 3.61, 63c3f20f17858eb8ae606d8f14c535b3

[[ 8 import(s) ]]
KERNEL32.dll: CreateFileA, GetPrivateProfileStringW, GetTempFileNameW, DeleteFileW, CopyFileW, GetThreadLocale, SetThreadLocale, UnmapViewOfFile, SetFilePointer, WriteFile, CreateFileW, GetFileSize, CreateFileMappingW, MapViewOfFile, GetModuleHandleW, LoadLibraryExW, FindResourceW, LoadResource, SizeofResource, MultiByteToWideChar, GetModuleFileNameW, LeaveCriticalSection, EnterCriticalSection, InterlockedDecrement, InterlockedIncrement, lstrcmpiW, DeleteCriticalSection, InitializeCriticalSection, RaiseException, lstrlenW, LoadLibraryW, GetProcAddress, FreeLibrary, OutputDebugStringW, GetCurrentProcess, CloseHandle, GetVersionExW, FlushFileBuffers, GetLastError, ReadFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, HeapSize, Sleep, SetLastError, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetOEMCP, GetCPInfo, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetModuleFileNameA, GetStdHandle, GetConsoleCP, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, LoadLibraryA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, WideCharToMultiByte, InterlockedExchange, GetACP, GetLocaleInfoA, GetVersionExA, HeapFree, HeapAlloc, RtlUnwind, HeapReAlloc, GetCurrentThreadId, GetCommandLineA, GetProcessHeap, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, GetModuleHandleA, ExitProcess, FreeEnvironmentStringsW
USER32.dll: CharNextW, wsprintfW, wsprintfA, UnregisterClassA
ADVAPI32.dll: RegOpenKeyW, RegEnumKeyExW, RegQueryInfoKeyW, RegDeleteValueW, RegDeleteKeyW, MakeSelfRelativeSD, RegOpenKeyExW, RegQueryValueExW, AddAccessDeniedAce, AddAccessAllowedAce, EqualSid, DeleteAce, LookupAccountNameW, InitializeAcl, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, AddAce, GetAclInformation, LookupAccountSidW, GetAce, AllocateAndInitializeSid, IsValidSid, CopySid, FreeSid, OpenProcessToken, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorLength, RegSetValueExW, RegCloseKey, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorOwner, GetLengthSid, GetSecurityDescriptorGroup, MakeAbsoluteSD, InitializeSecurityDescriptor
SHELL32.dll: SHGetFolderPathW
ole32.dll: StringFromGUID2, CoCreateInstance, CoTaskMemAlloc, CoTaskMemRealloc, CoTaskMemFree
OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
SHLWAPI.dll: PathRemoveExtensionW, PathAddExtensionW, PathAppendW, PathRemoveFileSpecW
RPCRT4.dll: NdrDllUnregisterProxy, NdrDllRegisterProxy, NdrCStdStubBuffer2_Release, NdrDllCanUnloadNow, NdrDllGetClassObject, NdrOleAllocate, NdrOleFree, IUnknown_QueryInterface_Proxy, IUnknown_AddRef_Proxy, IUnknown_Release_Proxy, NdrStubForwardingFunction, NdrStubCall2

[[ 4 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 86016
CompanyName: Avanquest Software
EntryPoint: 0x99a2
FileDescription: IElevator Class Container
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 145 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 1.0.0.1
FileVersionNumber: 1.0.0.1
ImageVersion: 0.0
InitializedDataSize: 53248
InternalName: hpe.dll
LanguageCode: English (U.S.)
LegalCopyright: (c) Avanquest Software. All rights reserved.
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename: hpe.dll
PEType: PE32
ProductVersion: 1.0.0.1
ProductVersionNumber: 1.0.0.1
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:10:20 12:12:35+02:00
UninitializedDataSize: 0

















File name:
hpe490.dll
Submission date:
2010-10-12 14:03:36 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 41 (0.0%)
	
VT Community

not reviewed
 Safety score: - 
Compact
Print results
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2010.10.12.02	2010.10.12	-
AntiVir	7.10.12.190	2010.10.12	-
Antiy-AVL	2.0.3.7	2010.10.12	-
Authentium	5.2.0.5	2010.10.12	-
Avast	4.8.1351.0	2010.10.12	-
Avast5	5.0.594.0	2010.10.12	-
AVG	9.0.0.851	2010.10.12	-
BitDefender	7.2	2010.10.12	-
CAT-QuickHeal	11.00	2010.10.12	-
ClamAV	0.96.2.0-git	2010.10.12	-
Comodo	6364	2010.10.12	-
DrWeb	5.0.2.03300	2010.10.12	-
eSafe	7.0.17.0	2010.10.12	-
eTrust-Vet	36.1.7906	2010.10.12	-
F-Prot	4.6.2.117	2010.10.11	-
F-Secure	9.0.15370.0	2010.10.12	-
Fortinet	4.2.249.0	2010.10.12	-
GData	21	2010.10.12	-
Ikarus	T3.1.1.90.0	2010.10.12	-
Jiangmin	13.0.900	2010.10.12	-
K7AntiVirus	9.65.2724	2010.10.11	-
McAfee	5.400.0.1158	2010.10.12	-
McAfee-GW-Edition	2010.1C	2010.10.12	-
Microsoft	1.6201	2010.10.12	-
NOD32	5524	2010.10.12	-
Norman	6.06.07	2010.10.11	-
nProtect	2010-10-12.01	2010.10.12	-
Panda	10.0.2.7	2010.10.12	-
PCTools	7.0.3.5	2010.10.12	-
Prevx	3.0	2010.10.12	-
Rising	22.69.01.04	2010.10.12	-
Sophos	4.58.0	2010.10.12	-
Sunbelt	7043	2010.10.12	-
SUPERAntiSpyware	4.40.0.1006	2010.10.12	-
Symantec	20101.2.0.161	2010.10.12	-
TheHacker	6.7.0.1.055	2010.10.12	-
TrendMicro	9.120.0.1004	2010.10.12	-
TrendMicro-HouseCall	9.120.0.1004	2010.10.12	-
VBA32	3.12.14.1	2010.10.12	-
ViRobot	2010.9.25.4060	2010.10.12	-
VirusBuster	12.67.13.0	2010.10.11	-
Additional information
Show all
MD5   : cbf470b77b2db2f25c56e05ce391f18a
SHA1  : a7b49ae6c6ab2f51d27bea49c624680066315676
SHA256: 45a2f8fae3d3284373a0a7b4927f2bb3757cd39abecb2b0e7c26540fc52618d1
ssdeep: 1536:ozd7hp4RSHW845Q79h13eUXumGshGkPmXKtjh/grW+rqt9ah5YcGCiW60hx0/:ox7hp4wF
7pOUxEXAaWVt9ah5Yc3ikb
File size : 148736 bytes
First seen: 2009-06-13 12:16:41
Last seen : 2010-10-12 14:03:36
TrID:
DirectShow filter (77.7%)
Win32 Executable MS Visual C++ (generic) (14.5%)
Win32 Executable Generic (3.2%)
Win32 Dynamic Link Library (generic) (2.9%)
Generic Win/DOS Executable (0.7%)
sigcheck:
publisher....: Avanquest Software
copyright....: (c) Avanquest Software. All rights reserved.
product......: n/a
description..: IElevator Class Container
original name: hpe.dll
internal name: hpe.dll
file version.: 1.0.0.1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x99A2
timedatestamp....: 0x48FC5993 (Mon Oct 20 10:12:35 2008)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x136AC, 0x14000, 6.53, 80e52cbc0030ab9449bfc8d6568c1d12
.orpc, 0x15000, 0x10B, 0x1000, 0.63, d8694bc4991f6d3aeb70d641fa9d0c27
.rdata, 0x16000, 0x5250, 0x6000, 4.73, 31c12082bb7762abe7f95f89a439ba47
.data, 0x1C000, 0x3360, 0x2000, 2.47, 2062d0ef765365095d27a6c56f108d70
.rsrc, 0x20000, 0x1758, 0x2000, 5.03, 19d1be11dad75848d23b02583af72a4c
.reloc, 0x22000, 0x21B4, 0x3000, 3.61, 63c3f20f17858eb8ae606d8f14c535b3

[[ 8 import(s) ]]
KERNEL32.dll: CreateFileA, GetPrivateProfileStringW, GetTempFileNameW, DeleteFileW, CopyFileW, GetThreadLocale, SetThreadLocale, UnmapViewOfFile, SetFilePointer, WriteFile, CreateFileW, GetFileSize, CreateFileMappingW, MapViewOfFile, GetModuleHandleW, LoadLibraryExW, FindResourceW, LoadResource, SizeofResource, MultiByteToWideChar, GetModuleFileNameW, LeaveCriticalSection, EnterCriticalSection, InterlockedDecrement, InterlockedIncrement, lstrcmpiW, DeleteCriticalSection, InitializeCriticalSection, RaiseException, lstrlenW, LoadLibraryW, GetProcAddress, FreeLibrary, OutputDebugStringW, GetCurrentProcess, CloseHandle, GetVersionExW, FlushFileBuffers, GetLastError, ReadFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, HeapSize, Sleep, SetLastError, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetOEMCP, GetCPInfo, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetModuleFileNameA, GetStdHandle, GetConsoleCP, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, LoadLibraryA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, WideCharToMultiByte, InterlockedExchange, GetACP, GetLocaleInfoA, GetVersionExA, HeapFree, HeapAlloc, RtlUnwind, HeapReAlloc, GetCurrentThreadId, GetCommandLineA, GetProcessHeap, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, GetModuleHandleA, ExitProcess, FreeEnvironmentStringsW
USER32.dll: CharNextW, wsprintfW, wsprintfA, UnregisterClassA
ADVAPI32.dll: RegOpenKeyW, RegEnumKeyExW, RegQueryInfoKeyW, RegDeleteValueW, RegDeleteKeyW, MakeSelfRelativeSD, RegOpenKeyExW, RegQueryValueExW, AddAccessDeniedAce, AddAccessAllowedAce, EqualSid, DeleteAce, LookupAccountNameW, InitializeAcl, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, AddAce, GetAclInformation, LookupAccountSidW, GetAce, AllocateAndInitializeSid, IsValidSid, CopySid, FreeSid, OpenProcessToken, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorLength, RegSetValueExW, RegCloseKey, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorOwner, GetLengthSid, GetSecurityDescriptorGroup, MakeAbsoluteSD, InitializeSecurityDescriptor
SHELL32.dll: SHGetFolderPathW
ole32.dll: StringFromGUID2, CoCreateInstance, CoTaskMemAlloc, CoTaskMemRealloc, CoTaskMemFree
OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
SHLWAPI.dll: PathRemoveExtensionW, PathAddExtensionW, PathAppendW, PathRemoveFileSpecW
RPCRT4.dll: NdrDllUnregisterProxy, NdrDllRegisterProxy, NdrCStdStubBuffer2_Release, NdrDllCanUnloadNow, NdrDllGetClassObject, NdrOleAllocate, NdrOleFree, IUnknown_QueryInterface_Proxy, IUnknown_AddRef_Proxy, IUnknown_Release_Proxy, NdrStubForwardingFunction, NdrStubCall2

[[ 4 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 86016
CompanyName: Avanquest Software
EntryPoint: 0x99a2
FileDescription: IElevator Class Container
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 145 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 1.0.0.1
FileVersionNumber: 1.0.0.1
ImageVersion: 0.0
InitializedDataSize: 53248
InternalName: hpe.dll
LanguageCode: English (U.S.)
LegalCopyright: (c) Avanquest Software. All rights reserved.
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename: hpe.dll
PEType: PE32
ProductVersion: 1.0.0.1
ProductVersionNumber: 1.0.0.1
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:10:20 12:12:35+02:00
UninitializedDataSize: 0
















 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
Bot.dll
Submission date:
2010-10-12 14:05:44 (UTC)
Current status:
queued (#2) queued (#2) analysing finished
Result:
0/ 39 (0.0%)
	
VT Community

not reviewed
 Safety score: - 
Compact
Print results
Antivirus 	Version 	Last Update 	Result
AntiVir	7.10.12.190	2010.10.12	-
Antiy-AVL	2.0.3.7	2010.10.12	-
Authentium	5.2.0.5	2010.10.12	-
Avast	4.8.1351.0	2010.10.12	-
Avast5	5.0.594.0	2010.10.12	-
AVG	9.0.0.851	2010.10.12	-
BitDefender	7.2	2010.10.12	-
CAT-QuickHeal	11.00	2010.10.12	-
ClamAV	0.96.2.0-git	2010.10.12	-
Comodo	6364	2010.10.12	-
DrWeb	5.0.2.03300	2010.10.12	-
Emsisoft	5.0.0.50	2010.10.12	-
eSafe	7.0.17.0	2010.10.12	-
eTrust-Vet	36.1.7906	2010.10.12	-
F-Prot	4.6.2.117	2010.10.11	-
Fortinet	4.2.249.0	2010.10.12	-
GData	21	2010.10.12	-
Ikarus	T3.1.1.90.0	2010.10.12	-
Jiangmin	13.0.900	2010.10.12	-
K7AntiVirus	9.65.2724	2010.10.11	-
Kaspersky	7.0.0.125	2010.10.12	-
McAfee	5.400.0.1158	2010.10.12	-
McAfee-GW-Edition	2010.1C	2010.10.12	-
Microsoft	1.6201	2010.10.12	-
NOD32	5524	2010.10.12	-
Norman	6.06.07	2010.10.11	-
nProtect	2010-10-12.01	2010.10.12	-
Panda	10.0.2.7	2010.10.12	-
PCTools	7.0.3.5	2010.10.12	-
Prevx	3.0	2010.10.12	-
Rising	22.69.01.04	2010.10.12	-
Sophos	4.58.0	2010.10.12	-
Sunbelt	7043	2010.10.12	-
SUPERAntiSpyware	4.40.0.1006	2010.10.12	-
Symantec	20101.2.0.161	2010.10.12	-
TheHacker	6.7.0.1.055	2010.10.12	-
TrendMicro-HouseCall	9.120.0.1004	2010.10.12	-
ViRobot	2010.9.25.4060	2010.10.12	-
VirusBuster	12.67.13.0	2010.10.11	-
Additional information
Show all
MD5   : c3ca8406ccbc947cd467eed6f1239da3
SHA1  : 425c61cc333f86d65b74826434b60ac46c2cc769
SHA256: 8c162dc18d18d7d95f576250984bc718ce90f2dfc604264b164adf5cf1b550d2
ssdeep: 3072:7k4FxcUdkQrmmkl0qdjlVfDybC2jtQ9tH3xgGY0WK:A4FWEkkveIbve9tH3E
File size : 212992 bytes
First seen: 2009-11-10 12:09:42
Last seen : 2010-10-12 14:05:44
TrID:
Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
sigcheck:
publisher....:
copyright....: Copyright (C) 1999
product......: Bot Dynamic Link Library
description..: Bot DLL
original name: Bot.DLL
internal name: Bot
file version.: 1, 0, 0, 3
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: Armadillo v1.xx - v2.xx
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x9958
timedatestamp....: 0x43D8B090 (Thu Jan 26 11:20:48 2006)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1D1EE, 0x1E000, 6.54, 68c81ab078bc750b1882e28e97e2593c
.rdata, 0x1F000, 0x62D4, 0x7000, 4.50, 0201b741c71c3a91bd538b931ad5ff04
.data, 0x26000, 0x272C0, 0x4000, 2.29, 12ffea214226b32576309201006b713e
.rsrc, 0x4E000, 0x4558, 0x5000, 3.54, 6c5a13de65927da19ed662723ec531e8
.reloc, 0x53000, 0x433C, 0x5000, 4.16, aaed25a7f8add459e0312d7b0eb4337c

[[ 9 import(s) ]]
NETAPI32.dll: Netbios
KERNEL32.dll: FindResourceExA, GetFileAttributesA, GetFileSize, GetFileTime, GetCPInfo, GetOEMCP, FileTimeToSystemTime, FileTimeToLocalFileTime, RtlUnwind, GetCommandLineA, ExitProcess, TerminateProcess, HeapFree, HeapAlloc, RaiseException, HeapSize, HeapReAlloc, GetACP, GetTimeZoneInformation, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, LCMapStringA, LCMapStringW, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetProcessVersion, WritePrivateProfileStringA, GlobalFlags, MulDiv, SetErrorMode, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalAlloc, GetFullPathNameA, lstrcpynA, GetVolumeInformationA, FindFirstFileA, FindClose, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileA, GetCurrentProcess, DuplicateHandle, GetLastError, GetVersionExA, LocalFree, LoadLibraryA, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GetModuleHandleA, GetProcAddress, GlobalUnlock, SetLastError, FreeLibrary, FindResourceA, LoadResource, LockResource, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedDecrement, InterlockedIncrement, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalDeleteAtom, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, GetSystemDirectoryA, lstrcpyA, lstrcmpA, Sleep, GlobalAlloc, GetTickCount, GlobalFree, FreeEnvironmentStringsA
USER32.dll: CopyRect, GetClientRect, ScreenToClient, AdjustWindowRectEx, GetSysColor, MapWindowPoints, SendDlgItemMessageA, UpdateWindow, LoadIconA, SetDlgItemTextA, IsDialogMessageA, SetWindowTextA, LoadStringA, CharUpperA, UnregisterClassA, GetClassNameA, PtInRect, ClientToScreen, GetDC, ReleaseDC, TabbedTextOutA, DrawTextA, GrayStringA, LoadCursorA, GetSysColorBrush, DestroyMenu, GetTopWindow, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, CreateWindowExA, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, DefWindowProcA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, RegisterWindowMessageA, SystemParametersInfoA, IsIconic, GetWindowPlacement, EndDialog, IsWindow, GetSystemMetrics, CreateDialogIndirectParamA, DestroyWindow, GetWindowRect, SetWindowPos, ShowWindow, GetCapture, SetActiveWindow, GetAsyncKeyState, SetFocus, GetDlgItem, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, PostQuitMessage, wsprintfA, GetParent, PostMessageA, EnableWindow, SendMessageA, MapDialogRect
GDI32.dll: SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, GetDeviceCaps, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, EnumFontFamiliesExA, GetStockObject, RestoreDC, SelectObject, SaveDC, DeleteDC, DeleteObject, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateBitmap
comdlg32.dll: GetFileTitleA
WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter, ConfigurePortA, AddPortA, AddMonitorA
ADVAPI32.dll: RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey
COMCTL32.dll: PropertySheetA, CreatePropertySheetPageA, -, DestroyPropertySheetPage
WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

[[ 4 export(s) ]]
Callme, ClientCallme, NTCallme, NTClientCallme
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 122880
Comments:
CompanyName:
EntryPoint: 0x9958
FileDescription: Bot DLL
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 208 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 1, 0, 0, 3
FileVersionNumber: 1.0.0.3
ImageVersion: 0.0
InitializedDataSize: 233472
InternalName: Bot
LanguageCode: English (U.S.)
LegalCopyright: Copyright (C) 1999
LegalTrademarks:
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename: Bot.DLL
PEType: PE32
PrivateBuild:
ProductName: Bot Dynamic Link Library
ProductVersion: 1, 0, 0, 3
ProductVersionNumber: 1.0.0.3
SpecialBuild:
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2006:01:26 12:20:48+01:00
UninitializedDataSize: 0








 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
pw32a.dll
Submission date:
2010-10-12 14:10:45 (UTC)
Current status:
queued (#2) queued (#2) analysing finished
Result:
0/ 42 (0.0%)
	
VT Community

not reviewed
 Safety score: - 
Compact
Print results
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2010.10.12.02	2010.10.12	-
AntiVir	7.10.12.190	2010.10.12	-
Antiy-AVL	2.0.3.7	2010.10.12	-
Authentium	5.2.0.5	2010.10.12	-
Avast	4.8.1351.0	2010.10.12	-
Avast5	5.0.594.0	2010.10.12	-
AVG	9.0.0.851	2010.10.12	-
BitDefender	7.2	2010.10.12	-
CAT-QuickHeal	11.00	2010.10.12	-
ClamAV	0.96.2.0-git	2010.10.12	-
Comodo	6364	2010.10.12	-
DrWeb	5.0.2.03300	2010.10.12	-
Emsisoft	5.0.0.50	2010.10.12	-
eSafe	7.0.17.0	2010.10.12	-
eTrust-Vet	36.1.7906	2010.10.12	-
F-Prot	4.6.2.117	2010.10.11	-
F-Secure	9.0.15370.0	2010.10.12	-
Fortinet	4.2.249.0	2010.10.12	-
GData	21	2010.10.12	-
Ikarus	T3.1.1.90.0	2010.10.12	-
Jiangmin	13.0.900	2010.10.12	-
K7AntiVirus	9.65.2724	2010.10.11	-
Kaspersky	7.0.0.125	2010.10.12	-
McAfee	5.400.0.1158	2010.10.12	-
McAfee-GW-Edition	2010.1C	2010.10.12	-
Microsoft	1.6201	2010.10.12	-
NOD32	5524	2010.10.12	-
Norman	6.06.07	2010.10.11	-
nProtect	2010-10-12.01	2010.10.12	-
Panda	10.0.2.7	2010.10.12	-
PCTools	7.0.3.5	2010.10.12	-
Prevx	3.0	2010.10.12	-
Rising	22.69.01.04	2010.10.12	-
Sophos	4.58.0	2010.10.12	-
Sunbelt	7043	2010.10.12	-
SUPERAntiSpyware	4.40.0.1006	2010.10.12	-
Symantec	20101.2.0.161	2010.10.12	-
TheHacker	6.7.0.1.055	2010.10.12	-
TrendMicro-HouseCall	9.120.0.1004	2010.10.12	-
VBA32	3.12.14.1	2010.10.12	-
ViRobot	2010.9.25.4060	2010.10.12	-
VirusBuster	12.67.13.0	2010.10.11	-
Additional information
Show all
MD5   : 41ec2f399c8f8ec7502d063b4a0f6555
SHA1  : baafe8f11186ee25a1411611716b0008364886d4
SHA256: fe61e74aee977247f56ddba1580389583c0eeb869f47b1ec174d7899baaec46e
ssdeep: 6144:1NUnGpRo+R1xy0igTsmG2XFNtm8uP+YFpM5ZWOs7aB88C7RC:1NFo+Vy0tJG2VNtmTpM5g
ugRC
File size : 215144 bytes
First seen: 2009-03-10 12:47:33
Last seen : 2010-10-12 14:10:45
TrID:
Win32 Executable MS Visual C++ (generic) (65.1%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Pocket Soft, Inc.
copyright....: (C) Copyright Pocket Soft, Inc., 2007. All Rights Reserved.
product......: RTPatch
description..: RTPatch Executable
original name: n/a
internal name:
file version.: 10.50
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x221CC
timedatestamp....: 0x45A695B1 (Thu Jan 11 19:53:21 2007)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x29212, 0x29400, 6.43, 6a963777c1de6565aa604d6df4524e56
.bss, 0x2B000, 0x4904, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rdata, 0x30000, 0xF9, 0x200, 3.12, d2bc4ed2fced1e5671422089cf4e4b86
.data, 0x31000, 0x3234, 0x3400, 4.31, aee6bc3a3ccd710a27812c6baec57ee2
.idata, 0x35000, 0x12DE, 0x1400, 5.28, 921b51d757fe9a9bcfbe59162129da5b
.edata, 0x37000, 0x194, 0x200, 4.38, 714a597b16d46512e1ddfbb99b1e4b76
.rsrc, 0x38000, 0x1B90, 0x1C00, 5.50, 2329c08734c413aeb6e5ee8b6cf9157c
.reloc, 0x3A000, 0x3150, 0x3200, 6.65, 8501cb880183dd912cff25e6c0b50fe3

[[ 5 import(s) ]]
USER32.dll: wsprintfA, LoadStringA, OemToCharA, TranslateMessage, PeekMessageA, DispatchMessageA, DdeDisconnect, CharToOemA, DdeUninitialize, DdeFreeStringHandle, DdeClientTransaction, DdeCreateDataHandle, DdeInitializeA, DdeConnect, DdeCreateStringHandleA, wvsprintfA
ADVAPI32.dll: RegCloseKey, RegQueryInfoKeyA, RegEnumValueA, RegEnumKeyA, RegEnumValueW, RegSetValueExW, RegEnumKeyW, RegDeleteValueA, RegDeleteValueW, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegDeleteKeyA, RegDeleteKeyW, RegEnumKeyExA, SetFileSecurityW, GetFileSecurityW, RegOpenKeyExA, RegSetValueExA, RegCreateKeyExA, RegQueryValueExA, FreeSid, RevertToSelf, AccessCheck, IsValidSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, AddAccessAllowedAce, InitializeAcl, GetLengthSid, InitializeSecurityDescriptor, AllocateAndInitializeSid, OpenProcessToken, OpenThreadToken, ImpersonateSelf
ole32.dll: CoUninitialize, CoInitialize
VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoA, GetFileVersionInfoW, GetFileVersionInfoSizeA, VerQueryValueA
KERNEL32.dll: CreateMutexA, DeleteFileA, GetProfileSectionA, VirtualAlloc, GetPrivateProfileSectionA, ReadFile, WriteFile, VirtualFree, CreateDirectoryA, GetLogicalDrives, FlushFileBuffers, DeleteFileW, GetFileType, MoveFileW, GetDriveTypeW, GetCommandLineA, GetCurrentProcessId, GetCPInfo, GetOEMCP, GetACP, GetTimeZoneInformation, GetStartupInfoA, GlobalFree, GlobalAlloc, MulDiv, GetVersion, FreeLibrary, GetDriveTypeA, GetProcAddress, LoadLibraryA, SetEndOfFile, SetFilePointer, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetFileSize, CreateFileA, GetWindowsDirectoryA, GetShortPathNameA, GetFullPathNameA, MoveFileExW, MoveFileExA, CopyFileA, GetFileAttributesA, GetModuleFileNameA, MoveFileA, SetEnvironmentVariableA, GetTempPathA, SetErrorMode, LockResource, SetFileApisToANSI, ReleaseMutex, AreFileApisANSI, WaitForSingleObject, LocalFree, GetLastError, LocalAlloc, GetCurrentProcess, GetCurrentThread, GetLocalTime, GetDiskFreeSpaceA, GetSystemDirectoryA, WideCharToMultiByte, FindNextFileW, SetStdHandle, GetProfileStringA, GetPrivateProfileStringA, GetSystemTime, FindNextFileA, SetFileAttributesA, WriteProfileStringA, WriteProfileSectionA, WritePrivateProfileStringA, WritePrivateProfileSectionA, WriteProfileStringW, WritePrivateProfileStringW, CopyFileW, GetExitCodeProcess, CreateProcessA, lstrcmpiA, CreateFileW, GetSystemInfo, GetFileAttributesW, LoadResource, FindResourceA, SetFileApisToOEM, MultiByteToWideChar, GetVolumeInformationA, FindClose, GetStdHandle, FindFirstFileW, FindFirstFileA, GetModuleHandleA, FileTimeToSystemTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileAttributesW, SetFileTime, GetCurrentDirectoryA, GetShortPathNameW, GetFullPathNameW, CreateDirectoryW, RaiseException, RtlUnwind, RemoveDirectoryW, RemoveDirectoryA, SetEnvironmentVariableW, SetCurrentDirectoryA, ExitProcess, SetCurrentDirectoryW, GetCurrentDirectoryW, GetEnvironmentStrings

[[ 12 export(s) ]]
RTPBatSvr, RTPRegSvr, RTPRenSvr, RTPatchOEMApply32@12, RTPatchOEMApply32NoCall, RTPatchOEMSetAttribGet@8, RTPatchOEMSetAttribSet@8, RTPatchOEMSetCreate@8, RTPatchOEMSetDelete@8, RTPatchOEMSetDirWalk@8, RTPatchOEMSetOpen@8, RTPatchOEMSetRename@8
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 168960
CompanyName: Pocket Soft, Inc.
EntryPoint: 0x221cc
FileDescription: RTPatch Executable
FileFlagsMask: 0x0000
FileOS: Win32
FileSize: 210 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 10.5
FileVersionNumber: 10.50.0.0
ImageVersion: 0.0
InitializedDataSize: 39424
InternalName:
LanguageCode: English (U.S.)
LegalCopyright: (C) Copyright Pocket Soft, Inc., 2007. All Rights Reserved.
LinkerVersion: 2.55
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 1.0
ObjectFileType: Dynamic link library
PEType: PE32
ProductName: RTPatch
ProductVersion: 10.5
ProductVersionNumber: 10.50.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2007:01:11 20:53:21+01:00
UninitializedDataSize: 18944








 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
patchw32.dll
Submission date:
2010-10-12 21:43:34 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 42 (0.0%)
	
VT Community

not reviewed
 Safety score: - 
Compact
Print results
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2010.10.13.00	2010.10.12	-
AntiVir	7.10.12.193	2010.10.12	-
Antiy-AVL	2.0.3.7	2010.10.12	-
Authentium	5.2.0.5	2010.10.12	-
Avast	4.8.1351.0	2010.10.12	-
Avast5	5.0.594.0	2010.10.12	-
AVG	9.0.0.851	2010.10.12	-
BitDefender	7.2	2010.10.12	-
CAT-QuickHeal	11.00	2010.10.12	-
ClamAV	0.96.2.0-git	2010.10.12	-
Comodo	6368	2010.10.12	-
DrWeb	5.0.2.03300	2010.10.12	-
eSafe	7.0.17.0	2010.10.12	-
eTrust-Vet	36.1.7907	2010.10.12	-
F-Prot	4.6.2.117	2010.10.12	-
F-Secure	9.0.15370.0	2010.10.12	-
Fortinet	4.2.249.0	2010.10.12	-
GData	21	2010.10.12	-
Ikarus	T3.1.1.90.0	2010.10.12	-
Jiangmin	13.0.900	2010.10.12	-
K7AntiVirus	9.65.2733	2010.10.12	-
Kaspersky	7.0.0.125	2010.10.12	-
McAfee	5.400.0.1158	2010.10.12	-
McAfee-GW-Edition	2010.1C	2010.10.12	-
Microsoft	1.6201	2010.10.12	-
NOD32	5525	2010.10.12	-
Norman	6.06.07	2010.10.12	-
nProtect	2010-10-12.01	2010.10.12	-
Panda	10.0.2.7	2010.10.12	-
PCTools	7.0.3.5	2010.10.12	-
Prevx	3.0	2010.10.12	-
Rising	22.69.01.04	2010.10.12	-
Sophos	4.58.0	2010.10.12	-
Sunbelt	7046	2010.10.12	-
SUPERAntiSpyware	4.40.0.1006	2010.10.12	-
Symantec	20101.2.0.161	2010.10.12	-
TheHacker	6.7.0.1.055	2010.10.12	-
TrendMicro	9.120.0.1004	2010.10.12	-
TrendMicro-HouseCall	9.120.0.1004	2010.10.12	-
VBA32	3.12.14.1	2010.10.12	-
ViRobot	2010.9.25.4060	2010.10.12	-
VirusBuster	12.67.14.0	2010.10.12	-
Additional information
Show all
MD5   : 41ec2f399c8f8ec7502d063b4a0f6555
SHA1  : baafe8f11186ee25a1411611716b0008364886d4
SHA256: fe61e74aee977247f56ddba1580389583c0eeb869f47b1ec174d7899baaec46e
ssdeep: 6144:1NUnGpRo+R1xy0igTsmG2XFNtm8uP+YFpM5ZWOs7aB88C7RC:1NFo+Vy0tJG2VNtmTpM5g
ugRC
File size : 215144 bytes
First seen: 2009-03-10 12:47:33
Last seen : 2010-10-12 21:43:34
TrID:
Win32 Executable MS Visual C++ (generic) (65.1%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Pocket Soft, Inc.
copyright....: (C) Copyright Pocket Soft, Inc., 2007. All Rights Reserved.
product......: RTPatch
description..: RTPatch Executable
original name: n/a
internal name:
file version.: 10.50
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x221CC
timedatestamp....: 0x45A695B1 (Thu Jan 11 19:53:21 2007)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x29212, 0x29400, 6.43, 6a963777c1de6565aa604d6df4524e56
.bss, 0x2B000, 0x4904, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rdata, 0x30000, 0xF9, 0x200, 3.12, d2bc4ed2fced1e5671422089cf4e4b86
.data, 0x31000, 0x3234, 0x3400, 4.31, aee6bc3a3ccd710a27812c6baec57ee2
.idata, 0x35000, 0x12DE, 0x1400, 5.28, 921b51d757fe9a9bcfbe59162129da5b
.edata, 0x37000, 0x194, 0x200, 4.38, 714a597b16d46512e1ddfbb99b1e4b76
.rsrc, 0x38000, 0x1B90, 0x1C00, 5.50, 2329c08734c413aeb6e5ee8b6cf9157c
.reloc, 0x3A000, 0x3150, 0x3200, 6.65, 8501cb880183dd912cff25e6c0b50fe3

[[ 5 import(s) ]]
USER32.dll: wsprintfA, LoadStringA, OemToCharA, TranslateMessage, PeekMessageA, DispatchMessageA, DdeDisconnect, CharToOemA, DdeUninitialize, DdeFreeStringHandle, DdeClientTransaction, DdeCreateDataHandle, DdeInitializeA, DdeConnect, DdeCreateStringHandleA, wvsprintfA
ADVAPI32.dll: RegCloseKey, RegQueryInfoKeyA, RegEnumValueA, RegEnumKeyA, RegEnumValueW, RegSetValueExW, RegEnumKeyW, RegDeleteValueA, RegDeleteValueW, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegDeleteKeyA, RegDeleteKeyW, RegEnumKeyExA, SetFileSecurityW, GetFileSecurityW, RegOpenKeyExA, RegSetValueExA, RegCreateKeyExA, RegQueryValueExA, FreeSid, RevertToSelf, AccessCheck, IsValidSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, AddAccessAllowedAce, InitializeAcl, GetLengthSid, InitializeSecurityDescriptor, AllocateAndInitializeSid, OpenProcessToken, OpenThreadToken, ImpersonateSelf
ole32.dll: CoUninitialize, CoInitialize
VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoA, GetFileVersionInfoW, GetFileVersionInfoSizeA, VerQueryValueA
KERNEL32.dll: CreateMutexA, DeleteFileA, GetProfileSectionA, VirtualAlloc, GetPrivateProfileSectionA, ReadFile, WriteFile, VirtualFree, CreateDirectoryA, GetLogicalDrives, FlushFileBuffers, DeleteFileW, GetFileType, MoveFileW, GetDriveTypeW, GetCommandLineA, GetCurrentProcessId, GetCPInfo, GetOEMCP, GetACP, GetTimeZoneInformation, GetStartupInfoA, GlobalFree, GlobalAlloc, MulDiv, GetVersion, FreeLibrary, GetDriveTypeA, GetProcAddress, LoadLibraryA, SetEndOfFile, SetFilePointer, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetFileSize, CreateFileA, GetWindowsDirectoryA, GetShortPathNameA, GetFullPathNameA, MoveFileExW, MoveFileExA, CopyFileA, GetFileAttributesA, GetModuleFileNameA, MoveFileA, SetEnvironmentVariableA, GetTempPathA, SetErrorMode, LockResource, SetFileApisToANSI, ReleaseMutex, AreFileApisANSI, WaitForSingleObject, LocalFree, GetLastError, LocalAlloc, GetCurrentProcess, GetCurrentThread, GetLocalTime, GetDiskFreeSpaceA, GetSystemDirectoryA, WideCharToMultiByte, FindNextFileW, SetStdHandle, GetProfileStringA, GetPrivateProfileStringA, GetSystemTime, FindNextFileA, SetFileAttributesA, WriteProfileStringA, WriteProfileSectionA, WritePrivateProfileStringA, WritePrivateProfileSectionA, WriteProfileStringW, WritePrivateProfileStringW, CopyFileW, GetExitCodeProcess, CreateProcessA, lstrcmpiA, CreateFileW, GetSystemInfo, GetFileAttributesW, LoadResource, FindResourceA, SetFileApisToOEM, MultiByteToWideChar, GetVolumeInformationA, FindClose, GetStdHandle, FindFirstFileW, FindFirstFileA, GetModuleHandleA, FileTimeToSystemTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileAttributesW, SetFileTime, GetCurrentDirectoryA, GetShortPathNameW, GetFullPathNameW, CreateDirectoryW, RaiseException, RtlUnwind, RemoveDirectoryW, RemoveDirectoryA, SetEnvironmentVariableW, SetCurrentDirectoryA, ExitProcess, SetCurrentDirectoryW, GetCurrentDirectoryW, GetEnvironmentStrings

[[ 12 export(s) ]]
RTPBatSvr, RTPRegSvr, RTPRenSvr, RTPatchOEMApply32@12, RTPatchOEMApply32NoCall, RTPatchOEMSetAttribGet@8, RTPatchOEMSetAttribSet@8, RTPatchOEMSetCreate@8, RTPatchOEMSetDelete@8, RTPatchOEMSetDirWalk@8, RTPatchOEMSetOpen@8, RTPatchOEMSetRename@8
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 168960
CompanyName: Pocket Soft, Inc.
EntryPoint: 0x221cc
FileDescription: RTPatch Executable
FileFlagsMask: 0x0000
FileOS: Win32
FileSize: 210 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 10.5
FileVersionNumber: 10.50.0.0
ImageVersion: 0.0
InitializedDataSize: 39424
InternalName:
LanguageCode: English (U.S.)
LegalCopyright: (C) Copyright Pocket Soft, Inc., 2007. All Rights Reserved.
LinkerVersion: 2.55
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 1.0
ObjectFileType: Dynamic link library
PEType: PE32
ProductName: RTPatch
ProductVersion: 10.5
ProductVersionNumber: 10.50.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2007:01:11 20:53:21+01:00
UninitializedDataSize: 18944

OTL LOG nach fix copy

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c58951f2-3932-11dc-8ac3-000fb572e563}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c58951f2-3932-11dc-8ac3-000fb572e563}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c58951f2-3932-11dc-8ac3-000fb572e563}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c58951f2-3932-11dc-8ac3-000fb572e563}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c58951f2-3932-11dc-8ac3-000fb572e563}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c58951f2-3932-11dc-8ac3-000fb572e563}\ not found.
File F:\OnSpcLCK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5c8bc4c-377d-11dd-b545-0018f304ef7b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5c8bc4c-377d-11dd-b545-0018f304ef7b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5c8bc4c-377d-11dd-b545-0018f304ef7b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5c8bc4c-377d-11dd-b545-0018f304ef7b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5c8bc4c-377d-11dd-b545-0018f304ef7b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5c8bc4c-377d-11dd-b545-0018f304ef7b}\ not found.
File H:\LaunchU3.exe not found.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 1262855469 bytes
->Temporary Internet Files folder emptied: 8480518 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29960553 bytes
->Flash cache emptied: 2564 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Gernot.TECHNIK
->Temp folder emptied: 143871658 bytes
->Temporary Internet Files folder emptied: 99015007 bytes
->Java cache emptied: 98571587 bytes
->FireFox cache emptied: 137662680 bytes
->Flash cache emptied: 124365 bytes
 
User: Gernot.TECHNIK1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: GERNOT~2~TEC
 
User: Ingrid
->Temp folder emptied: 150373351 bytes
->Temporary Internet Files folder emptied: 10072904 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87671818 bytes
->Flash cache emptied: 1958560 bytes
 
User: install
->Temp folder emptied: 2633655 bytes
->Temporary Internet Files folder emptied: 2834021 bytes
->FireFox cache emptied: 4711280 bytes
->Flash cache emptied: 348 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 48761 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 615558 bytes
 
User: Sabrina
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4156931 bytes
RecycleBin emptied: 42482490 bytes
 
Total Files Cleaned = 1.994,00 mb
 
 
OTL by OldTimer - Version 3.2.15.1 log created on 10122010_235032

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR08.062\Ingrid\Anwendungsdaten\Mozilla\Firefox\Profiles\37e89ex7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\toolbar.google.com_CTK0Y7F4MTG6NKYH03WT.xml not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR08.062\Ingrid\Anwendungsdaten\Mozilla\Firefox\Profiles\37e89ex7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\toolbar.google.com_J66T77NJDBMW4FEUU7FA.xml not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR08.062\Ingrid\Anwendungsdaten\Mozilla\Firefox\Profiles\37e89ex7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.xml not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3VXD04S\&owner=uim&specialtype=&adsize=&params[1].styles=&tile=630995558028112216388256128347&transactionID=630995558028112216388256128347 not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Lokale Einstellungen\Temporary Internet Files\Content.IE5\S1SV0ONR\&owner=&specialtype=&adsize=&params[1].styles=&tile=101440210562604187759279551470&transactionID=101440210562604187759279551470 not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Lokale Einstellungen\Temporary Internet Files\Content.IE5\S1SV0ONR\&owner=&specialtype=&adsize=&params[1].styles=&tile=630995558028112216388256128347&transactionID=630995558028112216388256128347 not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Lokale Einstellungen\Temporary Internet Files\Content.IE5\S1SV0ONR\&specialtype=&adsize=300x250&adsize=300x120&tile=437256807532373929488031235447&transactionID=437256807532373929488031235447[1] not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QO8IX35B\&owner=&specialtype=&adsize=&params[1].styles=&tile=437256807532373929488031235447&transactionID=437256807532373929488031235447 not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QO8IX35B\&owner=uim&specialtype=&adsize=&params[1].styles=&tile=437256807532373929488031235447&transactionID=437256807532373929488031235447 not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QO8IX35B\&specialtype=&adsize=300x250&adsize=300x120&tile=630995558028112216388256128347&transactionID=630995558028112216388256128347[1] not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6FW3BQ9K\&owner=&specialtype=&adsize=&params[1].styles=&tile=565238171175770341990714992663&transactionID=565238171175770341990714992663 not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6FW3BQ9K\&specialtype=&adsize=300x120&adsize=300x50&tile=101440210562604187759279551470&transactionID=101440210562604187759279551470[1] not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0SMZEX0C\&owner=uim&specialtype=&adsize=&params[1].styles=&tile=272111895242507950804815954540&transactionID=272111895242507950804815954540 not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0SMZEX0C\&specialtype=&adsize=300x120&adsize=300x50&tile=435631282090397664063575542683&transactionID=435631282090397664063575542683[1] not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0SMZEX0C\&specialtype=&adsize=300x250&adsize=300x120&tile=926401374092574551930424998235&transactionID=926401374092574551930424998235[1] not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Anwendungsdaten\Mozilla\Firefox\Profiles\37e89ex7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\toolbar.google.com_CTK0Y7F4MTG6NKYH03WT.xml not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Anwendungsdaten\Mozilla\Firefox\Profiles\37e89ex7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\toolbar.google.com_J66T77NJDBMW4FEUU7FA.xml not found!
File\Folder C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Rar$DR01.922\Ingrid\Anwendungsdaten\Mozilla\Firefox\Profiles\37e89ex7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.xml not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CA09CZYGCAS0A2GDCAVJL9H6CAJJ6M64CAEF1BJCCA5T7CS1CAVXC2ESCAUGDZI2CAWCRIAPCAC3X2INCAI51P0NCAM90XW7CA5DHYV7CAQU9DPGCAJNHAPJCAU3ZTKDCA7EZ7Q4CAMDA9U1.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CA3GPLPHCARC74DCCAU7QZRACAAWTAY6CAUJ519QCA4LVC76CA1WB0HHCA6TBGKECA29EA5ICAOBO5BMCAXMVTAUCA5G3U81CA5JGXXCCAKALTN2CA56LTSHCA11CG2YCA58305VCAQD6991.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CA4QGG32CA2IRL9FCAVJJ5XECAG1S8ADCAAVD312CA372YSGCAXH1LH8CAHFKZ7RCAP96ZYGCAK8NFU4CAFFWZ33CAJ2WQ1SCA1MDAYQCA1ZXL9CCAIJKCR6CA70OK89CASEL7ABCA6KOLMD.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CA6EAAOUCA0UTNXHCA8II2VTCA1PVT3YCAJ2KVY0CA731251CAZVRZELCAXRR6U1CAH5DL28CAO2I1FOCA54383MCA7S341OCAEU0LK6CAYXNC7TCA1FGSMDCARP071GCAMR1MTCCANBC53G.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CA79JYTDCAHIHUZSCAFHDGPVCA868EOPCAHZGJ4ECADHCTPFCABKFVM6CAFTF7QSCA2OTWWUCA5BM9R5CAHJ4QV7CAQIE8W6CATC71UHCAVZPZV9CAFPKGF8CAECUG8JCAAR69TBCA3ZBEOS.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CA810IYICAQW9Q7ZCAKRA0TWCA639ZFGCAG6RP58CA00PB59CAB0V2OICAL5ZMH4CAKK2WJZCAV1S7WGCA3QL9FWCAHP3GFECADNKMS5CA6HFKSQCAJ34US4CAF5SUY6CA3QX6Z4CA6RLD9B.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CA8K8D09CATKML18CA2ZSY8BCAOJSSN0CAKDX1PBCAP2BPPACAGGQ964CA0LAD5BCAZDURW9CA2BGRICCAJ8FUZTCA62AHK5CAWFMKXXCA5UGJ4VCAIFHKM6CA53XSJRCAS76P3RCA1EFSUH.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CA93ZHA1CAKSESV6CAQKKSIYCAZWZOO5CAZ974IWCABE2F6HCAQD10BBCAKWQCXZCAW6LEVUCAQ8Q8UICAEDM3TLCAKMJCT0CAZJRK0RCA5NBM1FCASAS9GACA4HZ0IPCAUBOR2TCAN47P4J.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CA97F31LCAXUBDVDCAWKJ6AECAE1BA7QCAY4UEKKCA9JLB12CA0ELUJFCAMLMPW0CASH7U3WCAFB5WV1CASW17Z4CAR71HEBCAJH3BNPCAMIPJ5LCA82IA5RCA449YIYCAVR6TRDCA0QIV9U.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CA9B6YCJCALROTCTCA7VNAZICADQ0W4XCAVLL706CAKM1XFJCAVU5RDECABJBM7ACA6LZ46PCAHS55SLCAQV6KDSCAJ0RQNSCABYNX9DCAVURGPQCAP0CA1PCA0C6TIKCAKW0410CATN7WW6.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAA4WONTCA5I96Z7CARSFVNCCAM32F8FCAQS7G98CA016X6SCA6W0XKICAURW3BCCAMYD9ILCAMDTGR4CAKZBY6OCAB2GDYECA0WV9NKCAM4XZRVCAME6O6UCA2W305ZCAU37GPMCABODMSM.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAB19LFTCAXDD3P8CA79IKH9CA3JYP3MCA4MBWVBCAEG4KHQCAM7CRGWCARTYN5GCAMAE13LCAV30YJ1CA7RE78NCAWUKM7ECA3OV55FCA41CKN0CA3EECO6CA0NYVFRCAQWBFJ9CA8EP9CI.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CABH2DJMCA439P9WCAPRE1O8CA46GVRBCAIIW4IPCAECD25LCA6VYFILCAUUY0ISCAX3Q8E8CA57QR8HCAT4ICS0CA3JJ929CANJAO8SCAYSKYE7CAT2J7D4CAF53IW3CABNLDJLCAAICCQ6.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAE26GDBCAXCCZEXCAM0NNB6CA3JM1JGCA0AMPETCAZDYCRTCAPAYPHSCAMS4W4QCA5P57OACAO0CQADCAVVRPKWCA9EYKOMCAIL8DW8CAXOI6UJCA1CFB4VCAJNC5KTCAB8N30UCA1YMWHW.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAEE8W9JCAX5MNLVCAN3J7UQCA69NWZJCA486WY7CA1V8EF5CAI8Y11LCAI9QFSRCAKC6SFLCAYOP2H6CA8UW2G0CAYAEH0MCASLQVFDCAVIB31ACA7DLJ78CAOTBZPKCADKV9Z4CA6AJ8LC.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAGMYJ99CAU5ABUECAFA5ZEPCAF1WDAECA4PH9NWCALP2T6HCA1GQ5SGCAIYBRHCCAL1W0SMCA2H8W20CAJNLPFBCAETGGZ5CARQXI80CAFVDQFGCAMKWCHKCAOGU1XFCAKAGMTYCAL1TVG5.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAH1YMQ5CAVYOB3PCAU0O3XWCAOTHHTFCAXAE8ANCARAHIRECA2Y3T8MCAP7W8U0CAK2IYRRCAKW02ISCAGHK0AOCAFTK0QNCAW31567CA7QU6YYCAUB2K5HCADUFKYTCASUB69ACA7OFNF5.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CALLW5BOCA3416XTCAI00ZR3CA2QJXV3CAJTL9INCAB9LM9SCAR9W1N0CAU98C9ICAGYRU50CAKCBHA8CALHVI8VCAKQJRLDCAGWSVGXCAYG0P8FCAP7ESYMCAZZZH4DCA8MRZCYCATLD5IK.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CALS7VI9CAC0VNIACAHH8WGXCAADFJ0WCAWKH70HCAKK5B4NCAQ0RJIFCAL0IX3PCAO6A18HCAAGCGUUCAAEQOKXCAR8U7LLCAMQC1A2CA0VAAE8CAFG16ZCCAU84WIFCAMWEPHKCAXU21BS.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAMBZKWBCAUX28G2CAITRQ02CAZ2KHGCCAA3MI5BCAFARD6SCA8S03Z1CAPX5H5ACADRNZ6JCAR9XAEGCAOIIOA9CAIHA07DCAB5WGICCAGAFC3BCAS9N20NCAKJNLHRCACEG6EQCAZRGQMA.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAMKBUKYCA0Y2JBWCAK1QP4GCAJDV0CJCAFSCMM4CAC7JUITCAGVC2IHCAD7QJ72CADAQL3ZCAJDXIZJCASRELIACACOVBOMCAMKJ6ORCAXTHSL6CAC2VX2SCAP77C59CAARRDRLCAWW9BUE.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAOO0L0DCAX6GOU6CADNFAM6CAD23UWOCA5OUNZGCA72YZT7CAQ1OBP8CAH00PSNCAQZO36UCAMZJ2I0CANX1BJKCAEBXDV5CAWHTLWFCANYLF46CAH6HMWTCAHE155QCAR8VXD4CATSCFYH.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAOTKC1NCAL2HI91CA4UZAYHCAF9B6P5CASMCRCLCACGGSJOCAKU4N07CACR5EC1CAIYD6K3CACCMFUSCAYV0FRDCAS4R1U6CALFEQF8CAIJZD1SCA4BZ8XUCAQM4LCFCAXUPBOTCAO44OQW.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAPL3PENCAL11ENXCAC412Q3CARDVQUSCA4U7JLHCA5O4D0KCAF90TVOCAY2ZH9NCABZTVUGCAOSRR35CA90KZVOCA0AS90UCA6VEPFLCAH3LU7KCAFBXO12CA4USMYCCAIJKD8OCABKYS6X.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAQA7AVOCA1F4SB3CA5AL35PCA29LHLDCATDL3PACA66Z0UNCA8M1892CA3Y1U4DCAZL6RPVCA8Y1162CAE9Q5DACATV2W5HCAW4T8L8CAY4LPDBCA77WW0KCAJMJWEPCAHXEJIECAN9B4UU.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAQGBNVYCABOC0RDCA5277LOCA2WCSDOCAITGNTVCAXNG1LACANH71ZACA697ZDZCAN2QRVPCALTOOZUCAD2ZPFTCALS3EP0CAYBK80ECANG7UPJCAX931D2CARZBCGICATAH1PCCAXGO19W.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAR95Z5LCAJ2REHNCANHGWBACAQ4IDZ5CARAZLTMCAADQMZPCAR2CBSXCA61LUZ9CATAB1ILCACH4FPBCAA73KO8CANG5YF0CARC66ZKCAHXKBPLCAWUYEC2CA2LO7Y4CAQPKRUYCALOAHC9.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAS6J4XKCAECE2LSCACONX0DCAL4UPAPCAH8SUTBCAYOWJ2UCAXOWTDHCAJW9SMACALU0C9KCAF07YYGCA1EA4J4CAF2KG1JCA163J3FCAMUCLM4CACHRIL8CA3QL354CAVH23OFCAT74HIY.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CASH22SDCA6611VKCAJC804HCAP3Z42KCAZK4RF8CA8SQSI4CA7L2WF4CAGRJDKCCATK07I8CA82MR8NCAHY1TLXCARW5J9QCA7ODFBECA0WMRE4CA2E0PW8CARJ9SAXCADJ25GUCA1FVHM2.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CASL8BK0CAVHWZ1ECA5KELBMCA8425SVCATF3C2ACAC9DZ6WCAR32M7VCAZ54PCICA6D4UOOCAC2RCCLCAO3BL8WCAQGDBRCCAVAYXWSCA9VD9N0CANX65RUCAIHAGHICAUUTN0OCAEWRKA6.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAT1C64MCAJAUA43CAMT9M6GCAQFG59PCAII2QWECAG5XTQPCA6Z06VBCAJPLLR5CAI7ED73CAC0PTBNCAGQGSM0CATNH1HICA8X1HV4CAOZ8WI4CAW3FAQTCAXLCH4MCAVO0LJSCAJLBUQB.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAT27GXECAQA3ENBCA7HNU53CAPMK0NCCA4AZ2HPCAFU4O3CCAQ9FK8PCA79UZ5ICAB0OVM5CAQWOM3OCAOMBW1ICA6TKN3QCAHH70EVCAE2Y3ADCA39NFTKCAX41HF8CAG3OH65CAU2QURW.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CATE5FCXCAV5V5LOCALVQEBLCAXGPFNVCA9L7UX4CAX7DNULCAA197JBCANLPQ3FCAIKJGPZCA8TB7GNCAY5P42KCAHPG94KCAETC34JCAMRGOACCADKIRFPCAJ34RUBCAPUR7KUCAWQ462P.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAU9XEPJCA0B1MOOCAW88XV1CA7ZICNECAKJE7DHCAJV73IYCAMTDJ6WCA5D08MZCAB1ZZIPCA5D92NJCAASCY8RCAR9H4W6CAWRY1CACAD0QWE4CAGE0ZTPCARZSW62CA30YVD3CA3RYATS.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAV84B59CAT16AGJCAV54NY4CA3GV8Y0CAGUMTURCA6CUCXGCAOJX1ZVCA7RMY2XCAFHEQ91CALAA57MCAQFUV2HCA1CZFI1CA5SR1KECA35J4NKCAIUJCUUCA2T756GCA8ZLYBACAW68R2F.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAY8CBNTCA7QUWNTCAED8SOLCA89VOD2CAX1064HCABFXBUNCA5QLZNFCA676ZG5CAJS9A11CAZJNO9YCAZXI8JVCAL44C8PCA6M1X3YCALVV8JDCASKICYYCA7VY2F4CADX2QOLCA6KO533.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAYEXLUXCADME4AYCAMEFCG1CAHJFY6PCAP5EFRUCA7QJPK3CA6AE2A4CA3PGBBPCAB1AJNPCAGLXCJ8CA51PRIOCAP57QMZCAAFDLA5CAQENWESCAE9NIWMCA2G2G30CA2SEZR3CA66XC2K.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAYX37PYCATHD79ACAB717O4CAC1YHMXCARM2WPJCA8T5T7UCATGYQSJCARR42O3CA6IGEEYCAX7V9EKCAFGPG81CAK1DNK8CA7ONUBECAPUI4ZACA9AJKCWCAFXQR9YCA2M097SCA8IMG5B.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STEV4TI3\CAZRRSMHCALWZVLOCAL4J8BPCAJ64JXXCAZ0WCR7CAQ8KWNQCAGMGZNPCA7BOQQECA1PXNPZCABWU1GNCABRX2QGCAQ6709CCAJA7WB3CAF790M7CAWHQIV3CAFC7TR5CAAPF5IJCADFCYR0.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CA09VJ44CAR3T7I5CAGN0N3VCAP8F4R6CAUIWWIFCAXA0QI4CA0NGWVXCAK1MUQJCAK1SHA7CAL2818LCAQ7DEKVCABQB27GCA8W94T0CA00HPL1CAVWMY6TCAZ56CNFCAXB1TRJCAPU4QDE.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CA1P9WR9CA6YAG2UCARBR70SCA4DNAMQCA9MEZZMCA2ZJN8PCA1DHWY0CASIRFX2CAPYYPNZCAQJWJF6CAUBPVFICAT05L4FCAQC51WLCAJBAR3HCAAM009QCA4VGJHYCASWJ3B7CAEE36M1.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CA327TNKCAGF6314CA53KQ92CA0OZRFVCAIIJ282CAP1NN1BCAU7T7SWCAQY1V07CAVA0E3OCABFQ1MECAZB97EVCA60AWKLCARI5RTFCA27PWE6CAWUEM6CCAN3ALZQCA10R4A3CAX07TP4.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CA69QV74CADKW1HUCAF2G4Y4CAC22ZTWCAOMAXF8CA1NT3UTCALGJOXDCAN5ML8QCAA9J6LWCA0FKFDUCAFK9BYPCANUHFGYCA85PNNJCA5NX87XCAVMGLGHCAY2AP2GCA824KSRCACBZQUI.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CA93WDC2CAIHVYP2CA2E6KJ7CA9NAF4ICAKM414JCA2JSBC7CARZF4H2CAZLPSR4CAZ65769CADLHHRACARH3SV1CAO4F3EUCALCJ9DACARFS284CALSK44WCADU6J72CA613VMQCALGAZ16.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CA9A9CK4CAJ5D5T2CAVWOQCLCAZS8IXQCAJ90288CAE582X2CA9E6IGUCA1RWP2RCAEUDPFKCAIJLC6DCAP0U6GLCANM0NSUCAR0ZS3TCAVEYCSUCACCSSO1CA2Z51J3CA320NO5CAP23VMC.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAB2KMV2CA44NN31CAC64714CAMS463JCAD7GI88CANQN5E9CAB1KA5HCA6S1F49CAYO6YIJCAECYXSNCAXPT3F8CA1JKZ98CAKTPV8NCA930N3ICALG6JRRCAAQOTYICAKPQW9QCASU6E6V.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAD37H6ECAWVJL1TCAIELXNBCAR20GSUCAY9Z4W5CAH4PUFYCA0IZK72CAHIO2UVCA637HBQCAWH5ZYYCABU97SCCA556GKGCA30N3WBCAZW2A7ICA5BG8XZCAKFFWCPCA73HVAVCAE4W9X2.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CADQEGYVCAGCQTMOCAVDTWVPCAO1POUUCAFG5LMOCAYKPBTQCAFM78TACA0HMIMLCA152DYMCACYETXJCAILOLEVCAFACOY7CARE92QFCAAIR63VCA26AG6CCANYOGHKCAHOTYZJCAOCMWW3.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CADT81N9CA7T6301CAIJ7KZACAN1XLKQCAA3S012CAQ19WCSCA74DRD7CAGS0XU2CAUMB0ZOCANBQF7ZCAXCIM6DCA2OWH0QCAT5ZQOFCAN5YOY9CAWE9DUVCAFPQK1KCAT3N8WTCAPMBY37.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CADUGDP8CAI21Q25CA1P2RPUCAIIUYHLCAV01WU0CAO8822XCARSQFJRCAV291HYCAIAG7Z3CA942DVMCAJL3CE9CACF1NC1CAPJWNIRCA6NFUBXCAZT063FCA194D9WCAVHMMX8CAEPJF1G.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CADW3VPACA24B2T2CAEXHGOKCA0PT0POCAYTP41FCANG9XB0CA49AQWQCA5DLM2XCAK70I36CA5EGRISCA6SZ1EZCAC3334ZCAS8LIR7CAU0KX83CAWCKUC4CA14QJ99CA04MQ4HCA5Q5G0X.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAFLO8R3CAYOIZDHCAYROS5QCASHJCXWCAW9NGK0CAWAE70VCAL8EAKGCA3ZN53OCA8TG77NCAV0A0OLCA2KY04UCAVICJFSCA6FZEOBCAK1ZAYVCAA4Q9ZGCAOVPP16CAU4FZY7CAQY9MYZ.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAHY1637CA9MIOJLCATTOCQECAAXUIM8CAJN06L0CAQ1YP58CAE02OGHCA5VA62XCAKJRX5LCAUFDIEYCANFRQ9JCA39SIVJCA3T8ASMCA4C41Y9CA0V2VXBCA4Z13WSCA3DPICBCAKGU250.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAHYFE0QCASWJC9ACA8RRYY9CABFV1BECA2Z4CF7CAF6H2VDCA2Z1RE7CAGROVIJCALFVGH7CAAUPK11CAG20QXICAQYU96KCA2TFHGICAAAO17XCAOMNTV4CAIPHQU8CAAC5MHJCARDGSYM.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAI33NC5CAKSGOCGCA9MKV6YCASSN25FCA6LYPXFCA9XQ7YFCAFHFB6WCALGY4VXCA62UNY3CA4R6DMQCAL9B9UECAJSOXEICAA1RD04CA6XQ894CA1OXEF4CAF5YRI3CAGUXVP3CAE07WAW.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAILO3OVCAWFYXOSCAL2I7YZCAB6D2G6CA303Y04CAHN6NV0CAPNKRTKCAZPOZ2NCAWOT270CANQC1GCCAAREIH6CAMUW6H1CAPUQE4ECA9YF5XLCAIBHNTHCAWGVDV8CAJ3UUCWCA2MFNAY.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAIMRGYXCAMRRFQHCA3Y4QV3CAE8Y0PQCA9ZVDFCCA04P39SCAWTQYYCCAAH7A7DCA3Z50FECAWLM8DNCA2BMDBYCAEL2448CABCSW8ICAA58UNDCAZR1VBPCAY8L65PCA9A83QFCA086I6C.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAIVEK12CAYENU51CA6HI8IKCA6CTGI5CAXZLW7ECA63RCKVCAG8E0TDCA7FOL8SCAU95IXNCAVFQPQ0CAV4RMA1CAW8ZUL2CAW1TX0HCAKZZM7PCAFYVW8CCA3F0FT5CAU2J9J3CA0SPQ1J.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAJ28141CA7L1ZQCCAX6MHENCAWA6E0BCAA4SBHTCA24TRBMCAL0ITCFCAN3GN0YCAS8EPYLCA212ELZCA9FA8J1CA4GXCZUCA2J10GUCA0AV27WCAZ0ESNXCAA4YZTWCABZMLQ9CA6RJH01.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAKQUKFFCAMBY6O1CAIUK14OCAJZN41RCARGCHXVCA63VNY2CAGPLLA8CA6JR1XYCAOLG8CICAX1QCYVCA2KWVKUCAID48B4CAWYHQR1CA2LDNSJCA5ILE01CA6HK0MRCAC0FFAGCASTXFW5.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CALCJPKDCAJOK46RCAFQBRK1CAT2UI6YCAUWDJE0CA8SVDMWCAJTLO9VCAKU8DHACAI24D1KCANLRIQGCAPWFEF4CAQNLR5CCA674U7ZCAHXUCW1CAD5ZLRTCA3BHF9TCAZEMUV8CAOA03X2.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CALOCFRUCAW7TD53CA29VXAKCALWI2LJCAPVJ2XQCAS2WEVJCA7E0GMPCACB6MFKCABOP1XBCAXH25MVCAIKRGENCAZW874NCA8D589SCA850H2ZCA2N0EF8CAT2SH37CAMYNWBMCAZHSLA5.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAMNSPEYCAZ65D98CAUQS6VVCAJEZ2YRCAQI71ORCAHRLZRXCAZOGOGGCA827DZ1CAV1U3UJCAEFE089CANTK4N2CAALWXQ8CA21RLVZCAD8T94QCAQYNH2ACA7YPSJBCASNOI56CAKI3HCN.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CASZGZMPCAJLVO73CAW9C9NHCAWHQ5LKCAMHADG5CAKZTLGWCA9L3YYMCAWY64ZPCA73P84WCA4CAZ73CA4KAOHSCAA5ADJGCAIQ0GVJCAL7PDLLCAX0EROTCASDOSJUCAUCJX2LCAN5EDSS.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAV06PXVCAZW0PLBCA14XK1ECA51F79ECAI2AUIOCANC7TJKCAIU7FDNCASSQ842CA6SXX1ACA4DSJASCAB6Z3VPCA3EX2RICATV20D6CA1VFQ0KCAMUNJ8UCAUNU2S9CAC2UQTXCAYQN044.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAVK3Y7ECARPD9YXCAPAVB3HCA2UIWDYCAFT4TU7CAJVP2BVCA63930DCAOWBC69CAJJE6DTCAC73VDOCAC1R53JCAYDALCRCA3GU1B9CAK3KVDDCAX8KVS4CAGQOYLYCA8B5ZBACAOAT71R.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAXMJLGZCAFIHVY6CA7FQCL9CABYKNB4CALY2R6HCA4X36XECARBOUUZCA0OPHCKCA5V42L8CA65NNGMCA8FF3EOCALJUXZYCAIX7WJACAFWDX8TCAIFSZ27CA8O8KYZCAQAG60ICA1G012B.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLUJ8TAZ\CAZP4Z92CAM5I5WECA6G3GMJCAZDNT8KCA5ATVFTCAU8Z88ACAFO9OWYCA9Z59WXCA9RZ5DMCAM6LPD0CALPILVECAH2HS4VCAEI1O1OCABLPV8BCAL0H5N4CACZY6CJCAUMP8MACAX8XP7C.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CA1248TPCAAO8N17CA7GPIFMCA5NEU5GCAPJS1L1CA3W03G6CA0RFWR4CA5KEKD8CAAKRKJGCABMFXWUCAGI8C62CA76ZCP1CAS2UGSKCAX4SCN1CAG767VTCAE2KGKCCAXAS50GCAY01ZQ0.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CA23HJWWCAF5NK7OCA9WS55ACAV47TLSCA2WUPS8CANJO30PCAJB40RDCA3QI0E0CADTOXSZCA9CBK4RCAVC73A9CAVFL4NZCADVOAK0CA1O8QYKCA78EYGVCAR2CEERCAPW6A60CA8LYEUS.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CA24YIDSCAZIYAGOCAAIIA40CAN39QBBCAUN9GUCCASXTBKACAO04B19CAD5Y3CACAH53HVECAKTLJPXCAJ096BFCA81DJO7CA1EL5GZCABCSR5BCADH43DICA1RYT16CACTY1E6CANR32R8.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CA2RWAMNCA1TH2NGCA7LG6GTCADNPYX4CA8RV5FRCATZQVWXCAV8D0KXCAO2LL1YCAD5CWNTCA269CB5CAUR8L9ACA3Q9YAYCAG4NZ6RCA56H2OCCANOFL93CAOCLAW9CA1O3CA0CAW99OOK.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CA65CRS8CAZKOB0PCAZJ110DCA87D17VCAW2IQOZCAXCGU9ICASF45B1CATRF71QCAFJJXVBCATSFLTOCAPED81FCA3VKXJ4CA5OO6V4CAO5Y2YJCALVKWTFCAXXZ4DDCA9GDEUVCANVY9RK.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CA6HBVE3CA2JJBTPCAXTTJ7QCA0FJ4MFCAA0U99RCAA9VDHFCADCMGF0CAG7R7NKCA0ASKO1CANM2I1QCA3ELR3OCARL3GMFCAYP3O5CCAM52OHACAELZNYNCAJOX1ALCAVUEW2FCA61UOMF.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CA86VWAWCA4VD2QICAN1KHKTCAGWDV2ACAN62S2FCAJ794O7CA5749BICAMXGWBPCAR5FI5DCAW0PJGXCAQU5DRFCAK0MTKQCA807JNNCAVQVSKWCA4936SXCA88CBQ7CAV7L2N8CA1AQKST.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAAZRKJ6CAT8ID0HCAHX9DEXCA153LKUCAR9HY0JCAYYITDHCAQISGP6CAW2VGGMCAUGUXMLCA3JU6ZGCA6HERIQCA5F0XI7CAVTH9HDCATQ2FMVCA6R8KQ8CAODF0JFCAIKGY1WCAN030EY.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAC563K5CALMWS1HCAJDNIVHCAEKKMX5CA82D8GACATSH5T1CAJ0L7S7CANQPFCDCAHJUU41CAQXGXLBCAPV9OZGCAIO54HFCAZS1Y2BCA5BMCS4CAMZH2VQCAV63QDPCAB49MF3CACSGM1L.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CACW09A6CAC08T53CA2MFTVSCA328R9FCAW7D8RECA0QYHAUCAYZHES9CA0F92S0CA0CQG9NCAW7V5O2CA96TU6FCAKCK4ITCA2PPQ7SCAFZUG66CA8ZIUODCAH2HU2KCA3MBTJSCA9YHC54.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAEYTUERCAUF0JJICAT74TAHCAESPI8NCA2AGYT3CAX6BGGNCAPHM3WUCAZL2RMNCAP0PEWICAHTOJ8ZCAPPR2PCCA88L8QBCAHZM3Q9CAZ9CCNCCAGL10NTCAT0231ACAPUPI69CAJH056A.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAHFPRQECA3JB3MSCA68KGR4CANYWMN7CADLIU5ZCAAUWEJACAX4CKQ8CAM391ZSCA5HA5ZBCA03QFC9CA68ALHKCASTJ6KQCAZV0LNGCASVYA24CAE4QMASCAI42ACHCAA6XAT5CAKIDZB7.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAHXZA4GCAIA1CBECAN9O28FCAXHMAAPCAG5CCNCCAU13WWRCAAT5X4UCABTTY21CAV80S7HCAARHRN0CAGK2KR4CAWHOL2YCAF1LS5FCA3RR2K4CAYOK49QCA13UBZUCA1JF3H6CAVPOQQH.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAIVU7GJCAODZRA4CAXS3624CA6QKND1CAZP0RDXCAGNV4XACA811XJ4CATFGD5XCANI813ECA7XV1BNCAB8NQ1VCA168A1MCAHPWIC7CAU9AM7UCADIJNPZCA2QALCPCA9TLQ0HCAG10QRK.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAJWYMJHCA4VQ2JZCAFIL5QBCA03KWXDCAGSQGWRCAME0I6JCACX7MJACAEJ1ZNKCAPKXWVQCAPBIGG9CAVKB2P2CAON6NWGCA5VLRF6CA7HBKSICA9TFVCJCAVKOPYSCA4M9FBPCAKPXB0Z.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAL5G2DSCAJEXS21CAI0SWPACA7AEOVTCAIL9PT6CA3JXWSICAL2RWCBCASY7ALKCAKYB7OTCAKA3MIICAL1TOS0CAUMD036CAEXVNS4CALPD1U5CAFZRZZDCAUC276NCAOR15QMCA1GWQJK.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAM1527NCA4ELDKXCAW22VKMCAJXX7XWCA7QU46CCAAEK9I0CAR50HGPCALV3TM9CAAYB2A9CAPEF7PJCA2T3R9SCAWT5FL6CAC0K8VLCAS9AW6OCAW3B01KCAZMVOJECAHI46XECAN8T1TM.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAN42VAICA8LPXFXCABRE42DCAMB5SH8CAGG6O81CA9BM6GACAXFEWCXCA24VXJLCA6NCECGCA6R8GJOCAW1BMTDCAKC65Y4CA2RRGMDCAW52F3XCAS5WV3KCAU00GHSCAVIHOV1CA2I2MVD.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CANIZZ4BCA1HZBKCCA7I1SQDCAQBVVEQCA4EDSIOCA71Y85OCA7589S0CAHXHDXICARF7BLVCAIE311BCAGXKKB6CA5PJ5FICAZ5XXI2CAZ0NKSYCAS5PLM7CABYBR9OCAEGGCGFCA6IXT48.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CANRWFWGCAESCXGDCAS18RZKCA4764RTCAU2WNEJCAKGIM32CATSQCYHCAGL1MHJCAX2VNNWCA4LJRXXCASHTC85CAO5EAHLCAGK2RM3CAGLO9OUCAH5ZJ4UCAC5N9MWCA3HYIRVCA8TVQVX.htm not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAOIS0INCA8QXZO3CATXFUM0CA7AZVLBCASHM2IFCASE3J91CA9EOQAECAW6I1V1CAYS680UCATO9GYICAUUNWWBCABHR1FTCAX1R3KKCAGVRELTCA782OHXCABBLIJ3CATLE715CA1CBKCB.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAQ0IGZFCAER4QOOCA2EOSFSCAB52RT4CA1XK5M5CA0VJA5ZCAC5PSS0CA6Q2AVWCACYY5WFCAMZSR7YCAKEXOUBCA46QKEWCAPPPD7GCAZQH3TUCAP1HLJGCA61PWM9CAM0OWYACA2MLQFO.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAQ94C25CAL3POD4CA8MO2UECAOOTIJRCAZ5MBI6CA3OHTS4CAD2IQFVCALBXNE4CAPCXMUOCARPV5JLCAUTEP7PCAMGF6TSCAON2L04CAN8VBSYCAKGSSJ4CAO947GOCA6AR4Y4CARI8WOG.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAQC717ICAL88DXXCAJU2AM8CAJR6UAJCAVFZRUZCA001OU3CAUXTLMMCADNOWU1CAK9BNYCCAXNSL35CAHY3OFRCA3SIDGWCA0HM6S1CAX19LQRCAMXAMOFCAS2X9XLCAOGU5BRCABZ2ITR.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAS2WM70CA8FIKFRCATIYS0ACAD49708CA94MFFCCAUU33RUCAXBZ7SQCAD0RUBTCAZXMV0KCANCHOS0CAR21V84CAIRQXIYCAG5QNVKCA3E932BCAZA71PGCAU2S2R5CAIXTZMKCAXP31AM.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAT6UH71CAP57RZGCAUJU394CAXWPXW1CA8GMVF5CAW2ZVVGCAX4CC28CAEJND32CA1XDU9VCAX0HNDVCAT7N2X6CAMXMT7JCA7XMGD6CAM9CYT9CAXIFEECCA1Z8C2XCAD62F4XCA88F8MR.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAWKUKIXCAZM2YEOCAH04WC1CANSWMF9CAA3H58RCA3XWQUHCA5L8OB2CA13E7XICAXJQIIPCA5EEH8LCA616PVECALT93RFCAE583KFCASIHP1VCA0PABJUCAGULMSOCAIZBRSNCAFIANP8.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAX6QD6GCACBT40RCAWOO8OTCAVY9BD8CA2JDDU3CAF771TLCAHATLF4CAYOBWOFCALFIGQKCA9U6ASLCASLXZNYCARD1L6CCADWPIWOCA8LXINTCA6DLU7WCAS1RYGLCA1WQQ5ECAAFIQEP.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1YVKXQZ\CAXL1V7CCAJ27OMACAFAQCM3CA1TRPKFCALK5TGVCA1N5HL0CA4T7VNDCAZEZJH7CAE4XR8LCAVI1VOPCAJN5UJJCAXVF9SLCATD5H80CA12T0B0CAITBX66CA26KVCACAISWLZSCA4FBCI6.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CA14J939CAAQ589JCA2WU2Y1CAHYK9T6CAJ2RBTMCA7R64TJCAA6GWMUCA942LR0CAWBW9CYCA1JHPHPCA52J4Y0CA9SG6LECAW31ALVCA24BAO2CAXLCMINCAVRBZ2UCASU1NY9CAM2IRS2.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CA1IYZWBCA2CH5BNCA0AULAHCABBXH24CARKP7NTCA2GR1X0CAZ6GDMGCAQQ78YYCAX0CTK7CA3N1E0LCAZYD2FXCADMJB3LCAXJ5783CA1T80XOCAT4L7ZXCA16RGFLCAWR1UEGCAM80QAI.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CA39YXJ5CAF5YNIQCAKDKJYQCA60I491CALTGPSVCA340KP7CAHLI8ELCA0MV87FCAIKIOJNCAHCABD0CA03C4YLCA97VLCCCAQWZH9FCAG6JN2BCANR7YTKCAJA0X11CAQQL5DWCAR3NXYO.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CA4C8SOXCAQNG9M4CAQOY70WCA8M0FPBCAW35AM9CA7E71TACAMGU3BGCA356OVOCAGSWKMMCAVUVR5DCAZDEFPECAW2SEGJCALOIPQ9CA3UTCC1CAXDYLB7CAFIC99TCAZA5OP9CAFYTSFC.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CA4RGJDCCATPUX43CA974155CAQ0MXVCCA85NNLJCAS3KV40CA0AGXDICAMSAC1GCASKG66RCAB7F95TCALTFBIUCA57A083CACWVLSKCAMHF024CA5J7WVVCA7VSC5TCASSFPMQCA37D10L.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CA517PZACAYDKWBZCACRV9VHCACIA7NVCAUPEIP7CAJTQ12OCA8RS2O1CAXQD1CYCA18ALNKCA50HR7QCA8Z80JGCAETDIBVCAGMQZXBCA01KJYWCA73YDQRCA36YM8YCALC7QSFCAWUNPO7.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CA54A5NXCAMRV30WCAGB4K92CAOW9G3YCA3AVPH2CA7Z55HVCA0UJZ2ICA5JFM8ZCAPU8ZMUCA3D8L3HCAC9Z5CUCAV1B22WCA4KPGVLCA5APF45CACX0KYXCAWWYIL7CA1Q0PYACA4018MC.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CA7TZ3OSCAZ30YXHCAH7A5SUCAOYQ554CAKG4JGQCAXHSR2UCA8QWG63CAVTXDHKCAR6LFN9CAA0UTXYCA1487MVCA82V6T5CABEG9QDCAXAQ48BCAYWW9VFCA1KSTHUCA3LYIDACAVEIWKQ.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CA7Z66OUCAI1LG6ZCAY89UUWCAV02N6GCAOVUG5JCAKHDWW8CA1K4WKGCAHU9D8PCA6HCILCCAZFMSYBCA6B9IPICAQX8RI0CAV6FNN2CACUJZMJCAS72WY5CAD7KKDGCAU6TW8GCAQAXEO0.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CA8H4JWUCAW1TYTXCADJC16NCATPD179CAQO3OC8CABTJ9PRCA6VTQ0DCAJNNZ2JCARMJUFNCA28K03UCAY2V81KCACK7ZFUCASLX7KTCAU02K9GCAMRG2UDCAJY0DLLCA2CGZJUCAFXFJA0.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CA8OGUNWCAC25OI2CAIZLVCACA4WENYHCANLXNGCCA4SM23TCAG3TCV1CAA6CRWDCA5P9V10CAR1JCH9CAUCECJOCACBIN7KCATRNQX3CA6LZSGVCAJRTXDLCA61UJFVCAG052BBCAJ2PDZP.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CA9NMK31CA2VJ0N6CAW3XGN8CAUC0BWHCAO9M5OFCA631T8JCA09T8THCA1MQFZLCAYAC9T4CAJ3IXE3CABWIG9FCABEZANJCA39VB5ACANR91WFCA0J8NUTCA7M68MOCA2FQ8IRCAE83KY7.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CACMAHMXCALXTHXECAAHB20PCAXPSPQBCAT0UVHZCAT9GTS1CAAL91O0CAAMWUYRCA2BX2YMCAQZXHWDCALNCT43CAF2SY73CAYO86LACA1QBWQVCACMJPCOCAU9Z235CA8T4BTQCAR9FC9D.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAK9O8QVCAU9W22CCARPZULICAVUXZ6GCAOC5HRICA7ZN0D4CAPCCJT7CAYB3OYQCA46QLQWCAH4SRR2CAVNK72XCA8WRXEUCAT41UMPCATQX8M2CAPI0RJZCAALV6LLCAOTPSNZCAS4GT5W.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAM5MC3WCA4X8MDECANXKHNECA95JBPWCAE4MA9YCAVLP4EMCAAUM648CAQ8QBACCAUC7RVMCALXH75HCA0FF638CAFI541ICATT3J23CA2V1NA3CAKQ859GCAOBMYWGCA2JUJM1CAI96D6K.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAMOQL7JCAVBFSDXCAJDZIGWCA2QX2YNCAVGQC5QCAFW3OX5CAJ76CO9CAYYHRHLCAB93AZRCA991A48CA76VX6NCAUCMM4BCA9VEUQ3CA0R95DVCADA1PUKCAOPKJ6QCA9C8BQUCAAASEGI.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAMVUF4ECA28BPF6CAN85MR3CAXJH6OUCAMDRYN6CASEN4WVCAVT3136CA382SUPCAC6M3XOCABYRM8GCAV2KYA3CA0PFKCJCA852G43CAYEIPN0CAXXY24XCAPRDI1WCAXIU8BFCA20ERJW.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAN2IRO0CA5WUKXECAA3NU9JCA35N8PECA04QH6TCADR1JEWCAUHU3PRCAEKTFNZCA1PV4LBCA5CEY7ZCAV6OBSMCAZUKD10CAJ79LAKCARL0JC2CAJTXIXHCATHTU97CAK2Y35QCAGDUWZB.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAPMBQWQCA1DOFWOCA7S9UR5CABBQWLLCAVG7UIUCASDVJOXCAP4BHNRCAGHZ9J4CA8EUJJICATOAWLICAY91R3CCA695NHZCAHIY852CAD8RD6ACAQ1Z49HCAFAZ3O9CAL2R18UCAXT42BB.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAPR6K6PCAI7AIE2CAVEWJUBCAG0ZFSICALDMM1CCAGS9INCCAA5EL9NCAJKA4KOCA7DCSQ7CAWLWYD0CAC3J5G5CAYF5EJUCA7ZBHOMCAY81Q92CADF69R0CAPQ1DSXCAL2NH8KCAIHMB53.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAPR842ICALNV9D6CA6221J1CAOGT4KQCA5AOXH6CA9TQKJ9CA409VPFCAUZ3N30CAFYHU1SCATG9L61CAISC3B3CAN7PH5BCAN1C911CA11FPT1CATZSUPWCA08M17WCA3MOG5ECA7SN1SD.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAR3QCTMCAGYY0KJCAXA6X9LCALYPE36CAFBE2VBCALU7KMGCA1942B0CAMKKJBYCAKSZY83CAMCCPRXCA2TZFL9CA1NQSH2CAAC42ZBCAB7I5TOCAGBV0RCCANFVJP8CA2S4ASXCASKSKIM.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CATI4MC4CANI6N2YCAGG4YBVCAN0JJC3CAFDHICFCASEBZ91CA2ZU9ADCA2EN94RCA2SF29KCABYDJNHCAIDPL49CAFWK92NCATKP3S6CA2KKKOYCAN4J2PJCACUUSDKCAIU4ISMCA2WHHDT.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CATQQBKICA5ZONZGCA5NVAWXCAPEIP49CA3YAD9RCA5H821PCAEEC20QCAAUI194CAVXDOEBCARCN72CCAA9KOGGCAKJIKLGCATCK89XCAVDKB19CA1ZQGQFCARZRUL3CA0YYUU0CA2TEYL7.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAULD89KCAHA6AV1CAEPGW34CAGTM7XBCA6BP1RGCALSBHT3CAYK3QBRCAQJGWGPCAL7TAP6CA9A9T4XCASRAWJBCAWTXXYBCAZCTHT4CADQCHBMCA4RSL8SCAV89Q0LCA1KV1ZHCAKVHEJQ.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAVXEJSWCA8DKFGYCAU66PKSCAF78BDUCAZ20W7QCAF3ARRACALM5W2NCAV489ZRCA11CS5BCARYTFIDCAQ0JV4ECAZH2Q45CACHZ6AKCAYU9EV0CA6I786HCANNDITGCATU8JDQCAGO367S.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAW1JSVKCAIN6IPYCAGJYAVZCASMZLAWCAO3QMIOCAHZJAPOCACZSIAHCA6RWDP5CA1W68ICCA0ZN02ECA9GY297CAN0PSC8CAT53WZ0CASMVRZ6CA16GPTJCAAC2S40CAY4C5AUCACRKBH9.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAXHNHS5CA922OB5CADRCP33CA9K722YCACMPO48CAMNK0OJCA33V53SCAUG2PWUCA4PWU47CABK2K72CA31GU20CA8MQA95CAG5BW98CA9OC7R7CATKZ50SCA1NNC0UCAFAZ8XFCAA1ND7L.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAY8SEP9CA853HJKCAAR20BBCAN9PCITCA18AACDCA70OLWECAO49O7XCADZ2FRFCA6K55WJCAIB6CFECALOWAWRCAJ5VE5NCAF6940KCAJJ50BQCA9YG70JCADOP03TCAJ2264ACAVPDG5A.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAYINUNBCAXA5C7KCAN1G5YVCAH3GYH7CA38NHWPCA32DR5KCAWYMQ6MCAHTVY1ICADRQQ81CABS1QTUCAI0O6WJCAO3FI1OCAGI8N3VCAFY1Q69CAODOF3VCAYCZZ86CAO8B4JZCAGZ7CTD.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAZIK9RICAFZTJ7KCA16K956CA9S02GRCAXWA8MTCACDXA9LCAPK6J0BCAXOZSL6CAVK631UCAEYEW5ZCA2W6ZF2CABIQP01CAJKONIJCA26T1TGCAZOO40NCA8800JYCA48MP4LCAEIQTOK.gif not found!
File\Folder C:\Dokumente und Einstellungen\Gernot.TECHNIK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5MV0XQV\CAZNU1J3CADHX5Q9CASLLFE8CAWJIPF0CAR2EMZBCAYNNU2VCACUSSPFCAGCXO93CAE9ALIQCA9C9SHVCAMBUEVRCA5KQH8HCAS3ISTECAWU9LMDCAGDASP4CA1DLE51CA4D3Z2SCA4VVKVN.gif not found!
C:\Dokumente und Einstellungen\Ingrid\Lokale Einstellungen\Temporary Internet Files\DNCCHQXU\M0RA7TD5\Offline\0x00000001_R moved successfully.
C:\Dokumente und Einstellungen\Ingrid\Lokale Einstellungen\Temporary Internet Files\DNCCHQXU\M0RA7TD5\Offline\0x00000003_R moved successfully.
C:\Dokumente und Einstellungen\Ingrid\Lokale Einstellungen\Temporary Internet Files\DNCCHQXU\M0RA7TD5\Offline\HashFile.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_f0.dat not found!

Registry entries deleted on Reboot...

Chris4You · 13.10.2010, 06:53

Hi,

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.
Falls GMER abstürzt, im abgesicherten Modus (F8 beim Booten) probieren!

chris

Office läst sich nicht starten auch nicht nach neuinstallation Malware?

Log-Analyse und Auswertung: Office läst sich nicht starten auch nicht nach neuinstallation Malware?