Dateien auf Wechselmedium nicht mehr zugaenglich
Guten Abend,
folgendes Problem: Dateien auf der externen Festplatte sind nicht mehr zugaenglich, sie werden nur noch als Verknuepfungen angezeigt.
System: Windows XP SP 3.
Hier sind die logfiles aus dem FRST Scan:
FRST: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014
Ran by Administrator (administrator) on WS-ARGENTINIEN on 05-12-2014 11:12:31
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Moon Secure Antivirus\msavcore.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\erl5.6.5\erts-5.6.5\bin\erlsrv.exe
() C:\Program Files\erl5.6.5\erts-5.6.5\bin\erl.exe
() C:\PROGRA~1\ERL56~1.5\ERTS-5~1.5\bin\epmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\Program Files\Moon Secure Antivirus\moontray.exe
() C:\Program Files\SPECS\SpecsLab2\bin\ObjectServer.exe
(Dropbox, Inc.) C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-04-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Moon Secure Antivirus] => C:\Program Files\Moon Secure Antivirus\moontray.exe [1702912 2008-05-17] ()
HKLM\...\Run: [Moon Secure AntivirusFrontEnd GUI] => [X]
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Taskman] C:\RECYCLER\S-1-5-21-3749813262-7100663311-865965684-1299\wmiprvse.exe [109568 2013-05-13] () <=== ATTENTION
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {1f0381fc-da1e-11e0-8a58-002354bd70b9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {57750f25-6eac-11db-a8a4-806d6172696f} - F:\Programs\nu2menu\nu2menu.exe
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {64bc8c15-a995-11e1-8a94-002354bd70b9} - L:\ReCYClER\\explorer.exe
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {67b0537f-030a-11dc-9bd3-806d6172696f} - F:\Programs\nu2menu\nu2menu.exe
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {6cc1db6a-1cc2-11df-8a00-002354bd70b9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {6cc1db7e-1cc2-11df-8a00-002354bd70b9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {6cc1db82-1cc2-11df-8a00-002354bd70b9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {8767185a-ecfb-11df-8a1b-002354bd70b9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {97bd3a2c-3026-11e2-8abc-002354bd70b9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {c666859c-d3d4-11e0-8a54-002354bd70b9} - K:\CD_Run.bat
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\MountPoints2: {f2c577da-74c4-11df-8a0f-002354bd70b9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1177238915-813497703-725345543-500\...\Winlogon: [Shell] C:\RECYCLER\S-1-5-21-3749813262-7100663311-865965684-1299\wmiprvse.exe [109568 2013-05-13] () <==== ATTENTION
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ObjectServer.lnk
ShortcutTarget: ObjectServer.lnk -> C:\Program Files\SPECS\SpecsLab2\bin\ObjectServer.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1177238915-813497703-725345543-500] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1177238915-813497703-725345543-500] => proxy.uba.ar:8080
HKU\S-1-5-21-1177238915-813497703-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.specs.de/
HKU\S-1-5-21-1177238915-813497703-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1177238915-813497703-725345543-500 -> DefaultScope {CE83FA02-48CC-4FCB-8343-7D75EA66A547} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1177238915-813497703-725345543-500 -> {CE83FA02-48CC-4FCB-8343-7D75EA66A547} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131358343797
Tcpip\Parameters: [DhcpNameServer] 157.92.34.69 157.92.32.4 157.92.4.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uz3ex1dy.default
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uz3ex1dy.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-04-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-06-28]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-16]
FF Extension: DOM Inspector - C:\PROGRA~1\PORTAB~1\FIREFO~1\APP\FIREFOX\extensions\inspector@mozilla.org [2009-06-30]
FF StartMenuInternet: FIREFOX.EXE - C:\PROGRA~1\PORTAB~1\FIREFO~1\APP\FIREFOX\FIREFOX.EXE
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
Locked "loasqe" service was unlocked successfully. <===== ATTENTION
S2 loasqe; C:\WINDOWS\system32\njxpbn.dll [1072800 2009-03-21] () [File not signed]
R2 msav; C:\Program Files\Moon Secure Antivirus\msavcore.exe [1074688 2008-05-17] () [File not signed]
R2 specsdevs01ca0bb2818f3210; C:\Program Files\erl5.6.5\erts-5.6.5\bin\erlsrv.exe [167936 2008-11-05] () [File not signed]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AtcL001; C:\WINDOWS\System32\DRIVERS\l151x86.sys [37376 2008-02-24] (Atheros Communications, Inc.)
R2 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2006-06-14] (ASUSTeK Computer Inc.) [File not signed]
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows (R) Server 2003 DDK provider)
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [208384 2007-10-16] (VIA Technologies, Inc.)
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SenFiltService; system32\drivers\Senfilt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: loasqe -> C:\WINDOWS\system32\njxpbn.dll ()
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-05 11:12 - 2014-12-05 11:12 - 00011283 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-12-05 11:12 - 2014-12-05 11:12 - 00000000 ____D () C:\FRST
2014-12-05 11:11 - 2014-12-05 11:11 - 01110016 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-11-27 15:58 - 2014-12-04 11:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\exported data Matthias
2014-11-20 16:29 - 2014-11-20 16:29 - 00049652 _____ () C:\Documents and Settings\Administrator\Desktop\20141120_survey.TXT
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-05 11:12 - 2005-11-07 08:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-12-05 11:04 - 2013-10-01 16:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Dropbox
2014-12-05 11:04 - 2006-11-07 20:11 - 00194389 _____ () C:\WINDOWS\system32\nvapps.xml
2014-12-05 11:03 - 2009-07-01 21:12 - 00000000 ____D () C:\Program Files\Moon Secure Antivirus
2014-12-05 11:03 - 2005-11-07 17:06 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-05 11:03 - 2002-08-29 10:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-04 18:11 - 2005-11-07 17:09 - 00032598 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-04 18:11 - 2005-11-07 08:12 - 01983908 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-27 16:13 - 2008-02-05 10:52 - 01417312 _____ () C:\WINDOWS\setupapi.log
2014-11-14 16:35 - 2005-11-07 08:58 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2014-11-14 16:35 - 2005-11-07 08:58 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-14 13:32 - 2005-11-07 08:56 - 00182758 _____ () C:\WINDOWS\setupact.log
2014-11-14 12:53 - 2013-10-01 16:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox
2014-11-07 15:03 - 2005-11-07 08:57 - 00521942 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkcs4la.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FP_PL_PFS_INSTALLER.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\swt-win32-3346.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_is1.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_is2.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_is3.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_is4.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_is5.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_is5D.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_is6.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2014
Ran by Administrator at 2014-12-05 11:12:58
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.42 (HKLM\...\7-Zip) (Version: - )
Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version: 1.0.11.1 - Atheros Communications Inc.)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Dassault Systemes Fonts (HKLM\...\{4519F894-278A-414D-9CA0-E216D01D94C2}) (Version: 0.9.0 - Dassault Systemes)
Dassault Systemes Software Prerequisites x86 (HKLM\...\{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}) (Version: 8.1.3 - Dassault Systemes)
Dropbox (HKU\S-1-5-21-1177238915-813497703-725345543-500\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Erlang OTP R12B (5.6.5) (HKLM\...\Erlang OTP R12B (5.6.5)) (Version: - )
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Hotfix (KB928366) (HKLM\...\M928366) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Moon Secure Antivirus (HKLM\...\Moon Secure Antivirus_is1) (Version: - Trieu Tran Duc)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Origin8 (Version: 8.00.000 - OriginLab) Hidden
OriginPro 8 (HKLM\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.00.000 - OriginLab Corporation)
REALTEK GbE & FE Ethernet PCI NIC Driver (HKLM\...\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5404 - Realtek Semiconductor Corp.)
SpecsControl (HKLM\...\SpecsControl) (Version: 2.7-r16197 - SPECS GmbH)
SpecsLab2 (HKLM\...\SpecsLab2) (Version: 2.45-r16156 - SPECS GmbH)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows PowerShell(TM) 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
XPSPEAK 4.1 (HKLM\...\ST6UNST #1) (Version: - )
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-813497703-725345543-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
13-11-2014 18:04:41 System Checkpoint
18-11-2014 15:27:47 System Checkpoint
20-11-2014 12:51:56 System Checkpoint
25-11-2014 17:07:54 System Checkpoint
27-11-2014 14:11:36 System Checkpoint
28-11-2014 16:11:54 System Checkpoint
01-12-2014 14:20:54 System Checkpoint
03-12-2014 13:28:56 System Checkpoint
04-12-2014 13:36:09 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2002-08-29 10:00 - 2002-08-29 10:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) =============
2007-01-25 00:49 - 2008-04-28 13:47 - 00122368 _____ () C:\Program Files\Moon Secure Antivirus\MoonSysH.dll
2008-01-07 21:55 - 2008-05-17 20:25 - 01074688 _____ () C:\Program Files\Moon Secure Antivirus\msavcore.exe
2009-07-01 21:48 - 2008-04-19 15:53 - 00786432 _____ () C:\Program Files\Moon Secure Antivirus\libclamav9.dml.dll
2008-04-18 18:58 - 2008-04-18 18:58 - 00022016 _____ () C:\Program Files\Moon Secure Antivirus\libclamunrar_iface.dll
2008-04-18 18:58 - 2008-04-18 18:58 - 00050176 _____ () C:\Program Files\Moon Secure Antivirus\libclamunrar.dll
2009-07-01 21:12 - 2006-03-28 01:39 - 00366592 _____ () C:\Program Files\Moon Secure Antivirus\w32clamav.dml.dll
2008-11-05 10:38 - 2008-11-05 10:38 - 00167936 _____ () C:\Program Files\erl5.6.5\erts-5.6.5\bin\erlsrv.exe
2008-11-05 10:38 - 2008-11-05 10:38 - 00013312 _____ () C:\Program Files\erl5.6.5\erts-5.6.5\bin\erl.exe
2008-11-05 10:38 - 2008-11-05 10:38 - 00040960 _____ () C:\Program Files\erl5.6.5\erts-5.6.5\bin\erlexec.dll
2008-11-05 10:38 - 2008-11-05 10:38 - 01572864 _____ () C:\Program Files\erl5.6.5\erts-5.6.5\bin\beam.smp.dll
2008-11-05 10:38 - 2008-11-05 10:38 - 00021504 _____ () C:\Program Files\erl5.6.5\erts-5.6.5\bin\epmd.exe
2007-01-25 00:49 - 2007-12-26 16:25 - 00324608 _____ () C:\Program Files\Moon Secure Antivirus\moonavshell.dll
2006-05-14 02:23 - 2006-05-14 02:23 - 00138752 _____ () C:\Program Files\7-Zip\7-zip.dll
2005-05-25 12:02 - 2008-09-18 05:55 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2008-01-09 15:13 - 2008-05-17 20:39 - 01702912 _____ () C:\Program Files\Moon Secure Antivirus\moontray.exe
2009-07-22 10:12 - 2009-07-22 10:12 - 00114688 _____ () C:\Program Files\SPECS\SpecsLab2\bin\ObjectServer.exe
2009-07-22 09:42 - 2009-07-22 09:42 - 00512000 _____ () C:\Program Files\SPECS\SpecsLab2\bin\omniORB303_rt.dll
2009-07-22 09:42 - 2009-07-22 09:42 - 00028672 _____ () C:\Program Files\SPECS\SpecsLab2\bin\omnithread2_rt.dll
2014-12-05 11:04 - 2014-12-05 11:04 - 00043008 _____ () c:\Documents and Settings\Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkcs4la.dll
2013-08-23 17:01 - 2013-08-23 17:01 - 25100288 _____ () C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: AlcWzrd => ALCWZRD.EXE
MSCONFIG\startupreg: High Definition Audio Property Page Shortcut => HDAShCut.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SkyTel => SkyTel.EXE
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
========================= Accounts: ==========================
Administrator (S-1-5-21-1177238915-813497703-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1177238915-813497703-725345543-1004 - Limited - Enabled)
Guest (S-1-5-21-1177238915-813497703-725345543-501 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/14/2014 00:40:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application regedit.exe, version 5.1.2600.5512, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000381cd.
Processing media-specific event for [regedit.exe!ws!]
Error: (06/18/2014 03:22:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (06/03/2014 03:58:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x001f1148.
Processing media-specific event for [iexplore.exe!ws!]
Error: (06/03/2014 03:57:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x001f1148.
Processing media-specific event for [iexplore.exe!ws!]
Error: (06/03/2014 03:57:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x001f1148.
Processing media-specific event for [iexplore.exe!ws!]
Error: (11/04/2013 01:41:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x001f1148.
Processing media-specific event for [iexplore.exe!ws!]
Error: (11/04/2013 01:40:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x001f1148.
Processing media-specific event for [iexplore.exe!ws!]
Error: (11/04/2013 00:55:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application origin8.exe, version 8.725.0.725, faulting module ok80.dll, version 8.724.0.724, fault address 0x002748dd.
Processing media-specific event for [origin8.exe!ws!]
Error: (10/01/2013 04:43:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000381cd.
Processing media-specific event for [explorer.exe!ws!]
Error: (02/26/2013 04:54:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (12/05/2014 11:04:27 AM) (Source: DCOM) (EventID: 10005) (User: WS-ARGENTINIEN)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
Error: (12/05/2014 11:03:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Monitor service terminated with the following error:
%%1114
Error: (12/04/2014 10:40:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Monitor service terminated with the following error:
%%1114
Error: (12/03/2014 11:05:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Monitor service terminated with the following error:
%%1114
Error: (12/02/2014 10:51:20 AM) (Source: DCOM) (EventID: 10005) (User: WS-ARGENTINIEN)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
Error: (12/02/2014 10:50:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Monitor service terminated with the following error:
%%1114
Error: (12/01/2014 10:27:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Monitor service terminated with the following error:
%%1114
Error: (11/28/2014 01:11:09 PM) (Source: DCOM) (EventID: 10005) (User: WS-ARGENTINIEN)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
Error: (11/28/2014 01:10:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Monitor service terminated with the following error:
%%1114
Error: (11/27/2014 05:54:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Monitor service terminated with the following error:
%%1114
Microsoft Office Sessions:
=========================
Error: (11/14/2014 00:40:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: regedit.exe5.1.2600.5512msvcrt.dll7.0.2600.5512000381cd
Error: (06/18/2014 03:22:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
Error: (06/03/2014 03:58:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18783001f1148
Error: (06/03/2014 03:57:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18783001f1148
Error: (06/03/2014 03:57:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18783001f1148
Error: (11/04/2013 01:41:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18783001f1148
Error: (11/04/2013 01:40:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.18783001f1148
Error: (11/04/2013 00:55:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: origin8.exe8.725.0.725ok80.dll8.724.0.724002748dd
Error: (10/01/2013 04:43:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512msvcrt.dll7.0.2600.5512000381cd
Error: (02/26/2013 04:54:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz
Percentage of memory in use: 29%
Total physical RAM: 2047.11 MB
Available physical RAM: 1449.55 MB
Total Pagefile: 3430.07 MB
Available Pagefile: 2979.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.95 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:19.53 GB) (Free:9.94 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DATA1) (Fixed) (Total:27.42 GB) (Free:21.88 GB) NTFS
Drive e: (DATA2) (Fixed) (Total:27.57 GB) (Free:22.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D87ED87E)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=27.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=27.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Vielen Dank im Voraus fuer die Hilfe!
VG |
WARNUNG an die MITLESER: