Dateien auf Wechselmedium nicht mehr zugaenglich

Bernd12 · 05.12.2014, 14:18

Guten Abend,

folgendes Problem: Dateien auf der externen Festplatte sind nicht mehr zugaenglich, sie werden nur noch als Verknuepfungen angezeigt.
System: Windows XP SP 3.

Hier sind die logfiles aus dem FRST Scan:

FRST:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014
Ran by Administrator (administrator) on WS-ARGENTINIEN on 05-12-2014 11:12:31
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Moon Secure Antivirus\msavcore.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\erl5.6.5\erts-5.6.5\bin\erlsrv.exe
() C:\Program Files\erl5.6.5\erts-5.6.5\bin\erl.exe
() C:\PROGRA~1\ERL56~1.5\ERTS-5~1.5\bin\epmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\Program Files\Moon Secure Antivirus\moontray.exe
() C:\Program Files\SPECS\SpecsLab2\bin\ObjectServer.exe
(Dropbox, Inc.) C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-04-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Moon Secure Antivirus] => C:\Program Files\Moon Secure Antivirus\moontray.exe [1702912 2008-05-17] ()
HKLM\...\Run: [Moon Secure AntivirusFrontEnd GUI] => [X]
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Taskman] C:\RECYCLER\S-1-5-21-3749813262-7100663311-865965684-1299\wmiprvse.exe [109568 2013-05-13] () <=== ATTENTION
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {1f0381fc-da1e-11e0-8a58-002354bd70b9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {57750f25-6eac-11db-a8a4-806d6172696f} - F:\Programs\nu2menu\nu2menu.exe
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {64bc8c15-a995-11e1-8a94-002354bd70b9} - L:\ReCYClER\\explorer.exe
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {67b0537f-030a-11dc-9bd3-806d6172696f} - F:\Programs\nu2menu\nu2menu.exe
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {6cc1db6a-1cc2-11df-8a00-002354bd70b9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {6cc1db7e-1cc2-11df-8a00-002354bd70b9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {6cc1db82-1cc2-11df-8a00-002354bd70b9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {8767185a-ecfb-11df-8a1b-002354bd70b9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {97bd3a2c-3026-11e2-8abc-002354bd70b9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {c666859c-d3d4-11e0-8a54-002354bd70b9} - K:\CD_Run.bat
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {f2c577da-74c4-11df-8a0f-002354bd70b9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\Winlogon: [Shell] C:\RECYCLER\S-1-5-21-3749813262-7100663311-865965684-1299\wmiprvse.exe [109568 2013-05-13] () <==== ATTENTION 
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ObjectServer.lnk
ShortcutTarget: ObjectServer.lnk -> C:\Program Files\SPECS\SpecsLab2\bin\ObjectServer.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1177238915-813497703-725345543-500] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1177238915-813497703-725345543-500] => proxy.uba.ar:8080
HKU\S-1-5-21-1177238915-813497703-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.specs.de/
HKU\S-1-5-21-1177238915-813497703-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1177238915-813497703-725345543-500 -> DefaultScope {CE83FA02-48CC-4FCB-8343-7D75EA66A547} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1177238915-813497703-725345543-500 -> {CE83FA02-48CC-4FCB-8343-7D75EA66A547} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131358343797
Tcpip\Parameters: [DhcpNameServer] 157.92.34.69 157.92.32.4 157.92.4.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uz3ex1dy.default
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uz3ex1dy.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-04-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-06-28]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-16]
FF Extension: DOM Inspector - C:\PROGRA~1\PORTAB~1\FIREFO~1\APP\FIREFOX\extensions\inspector@mozilla.org [2009-06-30]
FF StartMenuInternet: FIREFOX.EXE - C:\PROGRA~1\PORTAB~1\FIREFO~1\APP\FIREFOX\FIREFOX.EXE

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "loasqe" service was unlocked successfully. <===== ATTENTION

S2 loasqe; C:\WINDOWS\system32\njxpbn.dll [1072800 2009-03-21] () [File not signed]
R2 msav; C:\Program Files\Moon Secure Antivirus\msavcore.exe [1074688 2008-05-17] () [File not signed]
R2 specsdevs01ca0bb2818f3210; C:\Program Files\erl5.6.5\erts-5.6.5\bin\erlsrv.exe [167936 2008-11-05] () [File not signed]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtcL001; C:\WINDOWS\System32\DRIVERS\l151x86.sys [37376 2008-02-24] (Atheros Communications, Inc.)
R2 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2006-06-14] (ASUSTeK Computer Inc.) [File not signed]
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows (R) Server 2003 DDK provider)
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [208384 2007-10-16] (VIA Technologies, Inc.)
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SenFiltService; system32\drivers\Senfilt.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: loasqe -> C:\WINDOWS\system32\njxpbn.dll ()

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-05 11:12 - 2014-12-05 11:12 - 00011283 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-12-05 11:12 - 2014-12-05 11:12 - 00000000 ____D () C:\FRST
2014-12-05 11:11 - 2014-12-05 11:11 - 01110016 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-11-27 15:58 - 2014-12-04 11:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\exported data Matthias
2014-11-20 16:29 - 2014-11-20 16:29 - 00049652 _____ () C:\Documents and Settings\Administrator\Desktop\20141120_survey.TXT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-05 11:12 - 2005-11-07 08:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-12-05 11:04 - 2013-10-01 16:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Dropbox
2014-12-05 11:04 - 2006-11-07 20:11 - 00194389 _____ () C:\WINDOWS\system32\nvapps.xml
2014-12-05 11:03 - 2009-07-01 21:12 - 00000000 ____D () C:\Program Files\Moon Secure Antivirus
2014-12-05 11:03 - 2005-11-07 17:06 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-05 11:03 - 2002-08-29 10:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-04 18:11 - 2005-11-07 17:09 - 00032598 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-04 18:11 - 2005-11-07 08:12 - 01983908 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-27 16:13 - 2008-02-05 10:52 - 01417312 _____ () C:\WINDOWS\setupapi.log
2014-11-14 16:35 - 2005-11-07 08:58 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2014-11-14 16:35 - 2005-11-07 08:58 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-14 13:32 - 2005-11-07 08:56 - 00182758 _____ () C:\WINDOWS\setupact.log
2014-11-14 12:53 - 2013-10-01 16:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox
2014-11-07 15:03 - 2005-11-07 08:57 - 00521942 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkcs4la.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FP_PL_PFS_INSTALLER.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\swt-win32-3346.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_is1.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_is2.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_is3.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_is4.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_is5.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_is5D.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_is6.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2014
Ran by Administrator at 2014-12-05 11:12:58
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.42 (HKLM\...\7-Zip) (Version:  - )
Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version: 1.0.11.1 - Atheros Communications Inc.)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dassault Systemes Fonts (HKLM\...\{4519F894-278A-414D-9CA0-E216D01D94C2}) (Version: 0.9.0 - Dassault Systemes)
Dassault Systemes Software Prerequisites x86 (HKLM\...\{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}) (Version: 8.1.3 - Dassault Systemes)
Dropbox (HKU\S-1-5-21-1177238915-813497703-725345543-500\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Erlang OTP R12B (5.6.5) (HKLM\...\Erlang OTP R12B (5.6.5)) (Version:  - )
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Hotfix (KB928366) (HKLM\...\M928366) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Moon Secure Antivirus (HKLM\...\Moon Secure Antivirus_is1) (Version:  - Trieu Tran Duc)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Origin8 (Version: 8.00.000 - OriginLab) Hidden
OriginPro 8 (HKLM\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.00.000 - OriginLab Corporation)
REALTEK GbE & FE Ethernet PCI NIC Driver (HKLM\...\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5404 - Realtek Semiconductor Corp.)
SpecsControl (HKLM\...\SpecsControl) (Version: 2.7-r16197 - SPECS GmbH)
SpecsLab2 (HKLM\...\SpecsLab2) (Version: 2.45-r16156 - SPECS GmbH)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows PowerShell(TM) 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
XPSPEAK 4.1 (HKLM\...\ST6UNST #1) (Version:  - )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

13-11-2014 18:04:41 System Checkpoint
18-11-2014 15:27:47 System Checkpoint
20-11-2014 12:51:56 System Checkpoint
25-11-2014 17:07:54 System Checkpoint
27-11-2014 14:11:36 System Checkpoint
28-11-2014 16:11:54 System Checkpoint
01-12-2014 14:20:54 System Checkpoint
03-12-2014 13:28:56 System Checkpoint
04-12-2014 13:36:09 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2002-08-29 10:00 - 2002-08-29 10:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2007-01-25 00:49 - 2008-04-28 13:47 - 00122368 _____ () C:\Program Files\Moon Secure Antivirus\MoonSysH.dll
2008-01-07 21:55 - 2008-05-17 20:25 - 01074688 _____ () C:\Program Files\Moon Secure Antivirus\msavcore.exe
2009-07-01 21:48 - 2008-04-19 15:53 - 00786432 _____ () C:\Program Files\Moon Secure Antivirus\libclamav9.dml.dll
2008-04-18 18:58 - 2008-04-18 18:58 - 00022016 _____ () C:\Program Files\Moon Secure Antivirus\libclamunrar_iface.dll
2008-04-18 18:58 - 2008-04-18 18:58 - 00050176 _____ () C:\Program Files\Moon Secure Antivirus\libclamunrar.dll
2009-07-01 21:12 - 2006-03-28 01:39 - 00366592 _____ () C:\Program Files\Moon Secure Antivirus\w32clamav.dml.dll
2008-11-05 10:38 - 2008-11-05 10:38 - 00167936 _____ () C:\Program Files\erl5.6.5\erts-5.6.5\bin\erlsrv.exe
2008-11-05 10:38 - 2008-11-05 10:38 - 00013312 _____ () C:\Program Files\erl5.6.5\erts-5.6.5\bin\erl.exe
2008-11-05 10:38 - 2008-11-05 10:38 - 00040960 _____ () C:\Program Files\erl5.6.5\erts-5.6.5\bin\erlexec.dll
2008-11-05 10:38 - 2008-11-05 10:38 - 01572864 _____ () C:\Program Files\erl5.6.5\erts-5.6.5\bin\beam.smp.dll
2008-11-05 10:38 - 2008-11-05 10:38 - 00021504 _____ () C:\Program Files\erl5.6.5\erts-5.6.5\bin\epmd.exe
2007-01-25 00:49 - 2007-12-26 16:25 - 00324608 _____ () C:\Program Files\Moon Secure Antivirus\moonavshell.dll
2006-05-14 02:23 - 2006-05-14 02:23 - 00138752 _____ () C:\Program Files\7-Zip\7-zip.dll
2005-05-25 12:02 - 2008-09-18 05:55 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2008-01-09 15:13 - 2008-05-17 20:39 - 01702912 _____ () C:\Program Files\Moon Secure Antivirus\moontray.exe
2009-07-22 10:12 - 2009-07-22 10:12 - 00114688 _____ () C:\Program Files\SPECS\SpecsLab2\bin\ObjectServer.exe
2009-07-22 09:42 - 2009-07-22 09:42 - 00512000 _____ () C:\Program Files\SPECS\SpecsLab2\bin\omniORB303_rt.dll
2009-07-22 09:42 - 2009-07-22 09:42 - 00028672 _____ () C:\Program Files\SPECS\SpecsLab2\bin\omnithread2_rt.dll
2014-12-05 11:04 - 2014-12-05 11:04 - 00043008 _____ () c:\Documents and Settings\Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkcs4la.dll
2013-08-23 17:01 - 2013-08-23 17:01 - 25100288 _____ () C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: AlcWzrd => ALCWZRD.EXE
MSCONFIG\startupreg: High Definition Audio Property Page Shortcut => HDAShCut.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SkyTel => SkyTel.EXE
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE

========================= Accounts: ==========================

Administrator (S-1-5-21-1177238915-813497703-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1177238915-813497703-725345543-1004 - Limited - Enabled)
Guest (S-1-5-21-1177238915-813497703-725345543-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2014 00:40:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application regedit.exe, version 5.1.2600.5512, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000381cd.
Processing media-specific event for [regedit.exe!ws!]

Error: (06/18/2014 03:22:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/03/2014 03:58:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x001f1148.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/03/2014 03:57:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x001f1148.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/03/2014 03:57:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x001f1148.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/04/2013 01:41:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x001f1148.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/04/2013 01:40:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x001f1148.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/04/2013 00:55:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application origin8.exe, version 8.725.0.725, faulting module ok80.dll, version 8.724.0.724, fault address 0x002748dd.
Processing media-specific event for [origin8.exe!ws!]

Error: (10/01/2013 04:43:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000381cd.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/26/2013 04:54:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (12/05/2014 11:04:27 AM) (Source: DCOM) (EventID: 10005) (User: WS-ARGENTINIEN)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (12/05/2014 11:03:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Monitor service terminated with the following error: 
%%1114

Error: (12/04/2014 10:40:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Monitor service terminated with the following error: 
%%1114

Error: (12/03/2014 11:05:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Monitor service terminated with the following error: 
%%1114

Error: (12/02/2014 10:51:20 AM) (Source: DCOM) (EventID: 10005) (User: WS-ARGENTINIEN)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (12/02/2014 10:50:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Monitor service terminated with the following error: 
%%1114

Error: (12/01/2014 10:27:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Monitor service terminated with the following error: 
%%1114

Error: (11/28/2014 01:11:09 PM) (Source: DCOM) (EventID: 10005) (User: WS-ARGENTINIEN)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (11/28/2014 01:10:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Monitor service terminated with the following error: 
%%1114

Error: (11/27/2014 05:54:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Monitor service terminated with the following error: 
%%1114


Microsoft Office Sessions:
=========================
Error: (11/14/2014 00:40:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: regedit.exe5.1.2600.5512msvcrt.dll7.0.2600.5512000381cd

Error: (06/18/2014 03:22:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/03/2014 03:58:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18783001f1148

Error: (06/03/2014 03:57:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18783001f1148

Error: (06/03/2014 03:57:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18783001f1148

Error: (11/04/2013 01:41:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18783001f1148

Error: (11/04/2013 01:40:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18783001f1148

Error: (11/04/2013 00:55:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: origin8.exe8.725.0.725ok80.dll8.724.0.724002748dd

Error: (10/01/2013 04:43:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512msvcrt.dll7.0.2600.5512000381cd

Error: (02/26/2013 04:54:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz
Percentage of memory in use: 29%
Total physical RAM: 2047.11 MB
Available physical RAM: 1449.55 MB
Total Pagefile: 3430.07 MB
Available Pagefile: 2979.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.95 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:19.53 GB) (Free:9.94 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DATA1) (Fixed) (Total:27.42 GB) (Free:21.88 GB) NTFS
Drive e: (DATA2) (Fixed) (Total:27.57 GB) (Free:22.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D87ED87E)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=27.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=27.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Vielen Dank im Voraus fuer die Hilfe!

VG

schrauber · 05.12.2014, 15:13

hi,

Panda USB Vaccine

Bitte lade Dir von hier Panda USB Vaccine herunter.

Starte und installiere es.
Impfe Deinen PC

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die Endbenutzer-Lizenz.
Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls etwas schief geht.
Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es eine Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bernd12 · 05.12.2014, 21:12

Danke fuer die rasche Antwort!
Leider stehe ich hier schon vor dem ersten Problem:
Ich finde nach dem Scan mit Combofix keine Combofix.txt datei unter C:\.
Im Laufe des Scans hat sich der Computer neu gestartet und unter C:\ befindet sich nun ein weiter "Arbeitsplatz" mit dem Namen Combofix. Und darin ein weiterer, usw.
Aber nicht die besagte Logdatei!
Ich hoffe, ich habe mich einfach nur bloed angestellt.
Danke im Voraus fuer die Antwort.

schrauber · 06.12.2014, 20:39

Combofix vom Desktop löschen und neu laden, nochmal laufen lassen. Sicherstellen dass das AV Programm aus ist.

06.12.2014, 20:39	#4
schrauber /// the machine /// TB-Ausbilder	Dateien auf Wechselmedium nicht mehr zugaenglich Combofix vom Desktop löschen und neu laden, nochmal laufen lassen. Sicherstellen dass das AV Programm aus ist. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Dateien auf Wechselmedium nicht mehr zugaenglich

Plagegeister aller Art und deren Bekämpfung: Dateien auf Wechselmedium nicht mehr zugaenglich