Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   ebenfalls: schwarzer Desktop, keine Dateien, Delayed Write Failed, Critical Error (https://www.trojaner-board.de/104908-ebenfalls-schwarzer-desktop-keine-dateien-delayed-write-failed-critical-error.html)

rocky13 07.11.2011 23:21
ebenfalls: schwarzer Desktop, keine Dateien, Delayed Write Failed, Critical Error
 
Hi!

Da jede Logfile individuell ist hier meine (über OTL):

OTL logfile created on: 07.11.2011 22:51:07 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 48,64% Memory free
3,50 Gb Paging File | 2,41 Gb Available in Paging File | 68,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 183,15 Gb Free Space | 78,68% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111107.003\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111107.003\NAVENG.SYS (Symantec Corporation)
DRV - (SysPlant) -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\Windows\System32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (Teefer3) -- C:\Windows\System32\drivers\Teefer3.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys ()
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (WpsHelper) -- C:\Windows\System32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 0E B4 59 4F 27 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.06.21 17:56:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.19 10:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.16 01:35:23 | 000,000,000 | ---D | M]

[2011.06.10 10:20:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.06.29 22:41:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.24 18:43:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.26 13:59:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.19 10:45:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.19 10:45:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.19 10:45:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.19 10:45:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.19 10:45:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.19 10:45:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.19 10:45:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Epson Stylus SX510W(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON SX510W Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Windows\System32\schtasks.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63257864-2AB1-49A0-8B7D-C24AA77C2701}: DhcpNameServer = 131.246.9.116 131.246.1.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF836780-8ABD-4B25-A3FB-915EA8E63D89}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ed9878ba-e5e9-11e0-8fe7-7af1a1f7899a}\Shell - "" = AutoRun
O33 - MountPoints2\{ed9878ba-e5e9-11e0-8fe7-7af1a1f7899a}\Shell\AutoRun\command - "" = F:\setup.exe -q
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.11.07 21:13:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\7-Zip
[2011.11.07 21:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.11.07 21:02:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.11.06 03:18:44 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.11.06 03:18:04 | 000,353,280 | -H-- | C] (Recover Inc) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.10.31 10:14:58 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.10.31 10:14:58 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.10.12 08:41:58 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.10.12 08:41:58 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.10.12 08:41:37 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.10.12 08:40:56 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.10.12 08:40:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.12 08:40:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.12 08:40:55 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.10.12 08:40:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

========== Files - Modified Within 30 Days ==========

[2011.11.07 22:49:41 | 000,005,060 | ---- | M] () -- C:\Users\***\Desktop\GMER.exe
[2011.11.07 22:29:21 | 000,019,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.07 22:29:21 | 000,019,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.07 22:20:12 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2011.11.07 21:35:04 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.11.07 21:28:08 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.11.07 21:15:59 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\z02fypj9.exe
[2011.11.07 21:02:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.11.07 20:58:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.07 20:58:30 | 1407,848,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.07 10:28:26 | 000,154,799 | ---- | M] () -- C:\Users\***\Desktop\4b.jpg
[2011.11.07 10:27:51 | 001,658,939 | ---- | M] () -- C:\Users\***\Desktop\Foto0250.jpg
[2011.11.07 10:27:34 | 001,632,317 | ---- | M] () -- C:\Users\***\Desktop\Foto0249.jpg
[2011.11.07 10:27:17 | 001,730,853 | ---- | M] () -- C:\Users\***\Desktop\Foto0248.jpg
[2011.11.07 10:17:19 | 001,773,400 | ---- | M] () -- C:\Users\***\Desktop\Foto0004.jpg
[2011.11.07 10:16:52 | 001,993,697 | ---- | M] () -- C:\Users\***\Desktop\Foto0003.jpg
[2011.11.07 10:16:31 | 001,897,596 | ---- | M] () -- C:\Users\***\Desktop\Foto0002.jpg
[2011.11.07 09:52:32 | 000,001,021 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
[2011.11.07 09:52:32 | 000,001,001 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.11.06 03:18:46 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.11.06 03:18:46 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.11.06 03:18:44 | 000,000,657 | -H-- | M] () -- C:\Users\***\Desktop\System Restore.lnk
[2011.11.06 03:18:29 | 000,000,336 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.11.06 03:18:04 | 000,353,280 | -H-- | M] (Recover Inc) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.11.03 13:35:26 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.03 13:35:26 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.03 13:35:26 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.03 13:35:26 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.15 17:58:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.10.15 01:51:38 | 000,294,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011.11.07 22:49:41 | 000,005,060 | ---- | C] () -- C:\Users\***\Desktop\GMER.exe
[2011.11.07 21:35:04 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.11.07 21:28:07 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011.11.07 21:15:53 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\z02fypj9.exe
[2011.11.07 10:28:25 | 000,154,799 | ---- | C] () -- C:\Users\***\Desktop\4b.jpg
[2011.11.07 10:27:50 | 001,658,939 | ---- | C] () -- C:\Users\***\Desktop\Foto0250.jpg
[2011.11.07 10:27:33 | 001,632,317 | ---- | C] () -- C:\Users\***\Desktop\Foto0249.jpg
[2011.11.07 10:27:15 | 001,730,853 | ---- | C] () -- C:\Users\***\Desktop\Foto0248.jpg
[2011.11.07 10:17:18 | 001,773,400 | ---- | C] () -- C:\Users\***\Desktop\Foto0004.jpg
[2011.11.07 10:16:50 | 001,993,697 | ---- | C] () -- C:\Users\***\Desktop\Foto0003.jpg
[2011.11.07 10:16:29 | 001,897,596 | ---- | C] () -- C:\Users\***\Desktop\Foto0002.jpg
[2011.11.06 03:18:46 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.11.06 03:18:46 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.11.06 03:18:44 | 000,000,657 | -H-- | C] () -- C:\Users\***\Desktop\System Restore.lnk
[2011.11.06 03:18:29 | 000,000,336 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.13 16:16:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2011.09.13 16:05:14 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.06.23 17:31:56 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.23 17:30:07 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.21 21:13:24 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.06.21 21:13:24 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.06.21 21:13:24 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.06.21 21:13:24 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.06.21 21:13:24 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.06.21 21:13:24 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.06.21 21:13:24 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.06.21 21:13:24 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.06.21 21:13:23 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.06.21 21:13:23 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.06.21 21:13:23 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.06.21 21:13:23 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.06.21 21:13:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.06.21 21:13:23 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.06.21 21:13:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.06.21 21:13:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.06.21 21:13:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.06.21 21:13:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.06.21 21:13:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.06.12 02:16:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.08 16:44:32 | 000,287,352 | -H-- | C] () -- C:\Windows\System32\drivers\srtsp.sys
[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,294,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.18 18:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.03.04 09:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll

< End of report >


und Extras:

OTL Extras logfile created on: 07.11.2011 22:51:07 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 48,64% Memory free
3,50 Gb Paging File | 2,41 Gb Available in Paging File | 68,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 183,15 Gb Free Space | 78,68% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E2E4797-502A-4FFD-81EC-F9BA8BF0C581}" = Symantec Endpoint Protection
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DivX Setup.divx.com" = DivX-Setup
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX510W_TX550W Benutzerhandbuch" = Epson Stylus SX510W_TX550W Handbuch
"EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"OpenVPN" = OpenVPN 2.1.1-gui-1.0.3
"Simfy" = simfy
"VLC media player" = VLC media player 1.1.10
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05.11.2011 22:14:02 | Computer Name = ***-PC | Source = Symantec AntiVirus | ID = 16711725
Description = Symantec Manipulationsschutz-Warnung Ziel: C:\Program Files\Symantec\Symantec
Endpoint Protection\SymCorpUI.exe Ereignisinfo: Beenden Vorgang Ausgeführte Aktion:
Protokolliert Ausführender-Prozess: C:\ProgramData\yHafnqNqpiqS.exe (PID 5312) Uhrzeit:
Sonntag, 6. November 2011 03:14:02

Error - 05.11.2011 22:14:02 | Computer Name = ***-PC | Source = Symantec AntiVirus | ID = 16711725
Description = Symantec Manipulationsschutz-Warnung Ziel: C:\Program Files\Symantec\Symantec
Endpoint Protection\SavUI.exe Ereignisinfo: Beenden Vorgang Ausgeführte Aktion:
Protokolliert Ausführender-Prozess: C:\ProgramData\yHafnqNqpiqS.exe (PID 5312) Uhrzeit:
Sonntag, 6. November 2011 03:14:02

Error - 05.11.2011 22:14:06 | Computer Name = ***-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Sicherheitsrisiko gefunden!Trojan.Spyeye!conf in Datei: C:\Recycle.Bin\471CC19CBC70A4F
von: Auto-Protect-Scan. Aktion: Bereinigt durch Löschen. Beschreibung der Aktion:
Die Datei wurde erfolgreich gelöscht.

Error - 05.11.2011 22:14:57 | Computer Name = ***-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Sicherheitsrisiko gefunden!Trojan.Spyeye!conf in Datei: C:\Recycle.Bin\471CC19CBC70A4F
von: Auto-Protect-Scan. Aktion: Bereinigt durch Löschen. Beschreibung der Aktion:
Die Datei wurde erfolgreich gelöscht.

Error - 05.11.2011 22:22:39 | Computer Name = ***-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Sicherheitsrisiko gefunden!UltraDefraggerFraud in Datei: c:\programdata\yhafnqnqpiqs.exe
von: Manuelle-Scan. Aktion: Prozess oder Dienst muss angehalten werden. Beschreibung
der Aktion:

Error - 05.11.2011 22:23:58 | Computer Name = ***-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Sicherheitsrisiko gefunden!UltraDefraggerFraud in Datei: c:\programdata\yhafnqnqpiqs.exe
von: Manuelle-Scan. Aktion: Isolieren erfolgreich. Beschreibung der Aktion: Die
Datei wurde erfolgreich isoliert.

Error - 05.11.2011 22:27:54 | Computer Name = ***-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Sicherheitsrisiko gefunden!Tracking Cookies in Datei: Cookie:***@adfarm1.adition.com/
von: Manuelle-Scan. Aktion: Isolieren fehlgeschlagen : Nichts unternehmen fehlgeschlagen.
Beschreibung der Aktion: Die Datei wurde erfolgreich gelöscht.

Error - 05.11.2011 22:27:54 | Computer Name = ***-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Sicherheitsrisiko gefunden!UltraDefraggerFraud in Datei: c:\programdata\yhafnqnqpiqs.exe
von: Manuelle-Scan. Aktion: Prozess oder Dienst muss angehalten werden. Beschreibung
der Aktion:

Error - 06.11.2011 03:03:49 | Computer Name = ***-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Sicherheitsrisiko gefunden!UltraDefraggerFraud in Datei: c:\programdata\yhafnqnqpiqs.exe
von: Manuelle-Scan. Aktion: Isolieren fehlgeschlagen : Nichts unternehmen fehlgeschlagen.
Beschreibung der Aktion: Die Datei wurde erfolgreich gelöscht.

Error - 07.11.2011 04:08:20 | Computer Name = ***-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Sicherheitsrisiko gefunden!Trojan.FakeAV!gen76 in Datei: c:\programdata\yhafnqnqpiqs.exe
von: Manuelle-Scan. Aktion: Bereinigt durch Löschen. Beschreibung der Aktion:
Die Datei wurde erfolgreich gelöscht.

[ System Events ]
Error - 06.11.2011 12:36:40 | Computer Name = ***-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 06.11.2011 12:36:40 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 06.11.2011 12:36:56 | Computer Name = ***-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 06.11.2011 18:56:24 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 07.11.2011 03:58:30 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 07.11.2011 04:00:03 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 07.11.2011 04:37:24 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 07.11.2011 15:58:41 | Computer Name = ***-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 07.11.2011 15:58:41 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 07.11.2011 15:58:57 | Computer Name = ***-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126


< End of report >

falls benötigt könnte ich auch das gmer file mitschicken.

Danke schonmal im voraus.

rocky13 07.11.2011 23:24
kurze Frage noch vorweg:

Brauche ich die windows 7 cd?

wenn ja, dann werde ich erst am donnerstag zugriff auf sie haben.

markusg 08.11.2011 12:37
hi, kann ich dir noch nicht sagen.
1. unhide laden
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar
2.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

rocky13 09.11.2011 11:18
muss ich meinen logfile in das geöffnete fenster von unhide kopieren?
wenn ja , die komplette file? extras ebenfalls?

kann ich combofix beriets jetzt installieren oder warte ich bis die versteckten dateien wieder , durch unhide sichtbar geworden sind?

markusg 09.11.2011 13:28
ne,
unhide einfach doppelklicken, abwarten bis fertig, dann sollte schon einiges wieder sichtbar sein.
dann combofix ausführen, log posten.

rocky13 09.11.2011 14:47
nach unhide doppelklick ist wieder alles erschienen.

combofix log-file:


Combofix Logfile:
Code:
ComboFix 11-11-08.02 - *** 09.11.2011  14:25:20.1.1 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.1790.1333 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\6DSS92c31Apgjk.exe
C:\Recycle.Bin
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\$NtUninstallKB33599$\3212218892
c:\windows\$NtUninstallKB33599$\570204867\Desktop.ini
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
c:\windows\$NtUninstallKB33599$ . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-10-09 bis 2011-11-09  ))))))))))))))))))))))))))))))
.
.
2011-11-09 13:32 . 2011-11-09 13:35        --------        d-----w-        c:\users\***\AppData\Local\temp
2011-11-09 13:32 . 2011-11-09 13:32        --------        d-----w-        c:\users\Surfer\AppData\Local\temp
2011-11-09 13:32 . 2011-11-09 13:32        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-11-09 13:28 . 2011-11-09 13:28        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A4E8610-C976-42AB-B81E-EAAAA356CE6C}\offreg.dll
2011-11-09 13:21 . 2009-07-13 23:11        80896        ----a-w-        c:\windows\system32\drivers\i8042prt.sys
2011-11-09 10:09 . 2011-10-18 01:28        6668624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A4E8610-C976-42AB-B81E-EAAAA356CE6C}\mpengine.dll
2011-10-31 21:25 . 2011-10-31 21:49        --------        d-----w-        c:\users\Surfer\AppData\Roaming\vlc
2011-10-31 09:16 . 2011-10-31 09:16        --------        d-----w-        c:\users\Surfer\AppData\Local\Diagnostics
2011-10-31 09:14 . 2011-02-19 06:30        805376        ----a-w-        c:\windows\system32\FntCache.dll
2011-10-31 09:14 . 2011-02-19 06:30        1076736        ----a-w-        c:\windows\system32\DWrite.dll
2011-10-31 09:14 . 2011-02-19 06:30        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-10-25 21:23 . 2011-08-13 04:18        6144        ----a-w-        c:\program files\Internet Explorer\iecompat.dll
2011-10-15 00:56 . 2011-10-15 00:56        --------        d-----w-        c:\users\Surfer\AppData\Local\Adobe
2011-10-15 00:32 . 2011-10-15 00:32        --------        d-----w-        c:\users\Surfer\AppData\Local\Symantec
2011-10-12 07:42 . 2011-08-27 04:26        233472        ----a-w-        c:\windows\system32\oleacc.dll
2011-10-12 07:42 . 2011-08-27 04:26        571904        ----a-w-        c:\windows\system32\oleaut32.dll
2011-10-12 07:41 . 2011-08-17 04:24        465408        ----a-w-        c:\windows\system32\psisdecd.dll
2011-10-12 07:41 . 2011-08-17 04:19        75776        ----a-w-        c:\windows\system32\psisrndr.ax
2011-10-12 07:41 . 2011-09-06 02:28        2334720        ----a-w-        c:\windows\system32\win32k.sys
2011-10-12 07:40 . 2011-08-20 04:31        981504        ----a-w-        c:\windows\system32\wininet.dll
2011-10-12 07:40 . 2011-08-20 04:26        860672        ----a-w-        c:\program files\Internet Explorer\iedvtool.dll
2011-10-12 07:40 . 2011-08-20 04:26        163328        ----a-w-        c:\program files\Internet Explorer\ieproxy.dll
2011-10-12 07:40 . 2011-10-01 02:42        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 16:58 . 2011-06-12 01:33        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-23 13:50 . 2011-09-23 13:50        126584        ----a-w-        c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-19 09:45 . 2011-06-10 09:19        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-30 115624]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-9-23 576000]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenVPN GUI.lnk - c:\windows\System32\schtasks.exe [2011-6-23 179712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\DRIVERS\Teefer3.sys [2011-04-08 43936]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-09-15 105592]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-10-16 274984]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-08 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4mvs2cq2.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-Symantec Antvirus
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2244)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\sppsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\taskhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-09  14:39:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-09 13:39
.
Vor Suchlauf: 7 Verzeichnis(se), 194.672.930.816 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 194.995.265.536 Bytes frei
.
- - End Of File - - 92599A9A1C2642ED4614881169CC361A
--- --- ---

markusg 09.11.2011 15:31
start programme zubehör editor, kopiere rein:

Killall::
Rootkit::
c:\windows\$NtUninstallKB33599$


datei speichern unter, ort, dort wo sich combofix.exe befindet, dateityp alle dateien.
name:
cfscript.txt
schalte jetzt alle programme aus die du so zu laufen hast.
alles was im systray neben der uhr aktiev ist, über rechtsklick, beenden bzw deaktivieren.
ziehe cfscript auf combofix, programm startet log posten.

rocky13 09.11.2011 16:19
neues logfile:

Combofix Logfile:
Code:
ComboFix 11-11-08.02 - marius 09.11.2011  16:06:11.2.1 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.1790.1153 [GMT 1:00]
ausgeführt von:: c:\users\marius\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\marius\Desktop\cfscript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-10-09 bis 2011-11-09  ))))))))))))))))))))))))))))))
.
.
2011-11-09 15:10 . 2011-11-09 15:10        --------        d-----w-        c:\users\Surfer\AppData\Local\temp
2011-11-09 15:10 . 2011-11-09 15:10        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-11-09 13:32 . 2011-11-09 15:12        --------        d-----w-        c:\users\marius\AppData\Local\temp
2011-11-09 13:28 . 2011-11-09 13:37        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A4E8610-C976-42AB-B81E-EAAAA356CE6C}\offreg.dll
2011-11-09 13:21 . 2009-07-13 23:11        80896        ----a-w-        c:\windows\system32\drivers\i8042prt.sys
2011-11-09 10:09 . 2011-10-18 01:28        6668624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A4E8610-C976-42AB-B81E-EAAAA356CE6C}\mpengine.dll
2011-10-31 21:25 . 2011-10-31 21:49        --------        d-----w-        c:\users\Surfer\AppData\Roaming\vlc
2011-10-31 09:16 . 2011-10-31 09:16        --------        d-----w-        c:\users\Surfer\AppData\Local\Diagnostics
2011-10-31 09:14 . 2011-02-19 06:30        805376        ----a-w-        c:\windows\system32\FntCache.dll
2011-10-31 09:14 . 2011-02-19 06:30        1076736        ----a-w-        c:\windows\system32\DWrite.dll
2011-10-31 09:14 . 2011-02-19 06:30        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-10-25 21:23 . 2011-08-13 04:18        6144        ----a-w-        c:\program files\Internet Explorer\iecompat.dll
2011-10-15 00:56 . 2011-10-15 00:56        --------        d-----w-        c:\users\Surfer\AppData\Local\Adobe
2011-10-15 00:32 . 2011-10-15 00:32        --------        d-----w-        c:\users\Surfer\AppData\Local\Symantec
2011-10-12 07:42 . 2011-08-27 04:26        233472        ----a-w-        c:\windows\system32\oleacc.dll
2011-10-12 07:42 . 2011-08-27 04:26        571904        ----a-w-        c:\windows\system32\oleaut32.dll
2011-10-12 07:41 . 2011-08-17 04:24        465408        ----a-w-        c:\windows\system32\psisdecd.dll
2011-10-12 07:41 . 2011-08-17 04:19        75776        ----a-w-        c:\windows\system32\psisrndr.ax
2011-10-12 07:41 . 2011-09-06 02:28        2334720        ----a-w-        c:\windows\system32\win32k.sys
2011-10-12 07:40 . 2011-08-20 04:31        981504        ----a-w-        c:\windows\system32\wininet.dll
2011-10-12 07:40 . 2011-08-20 04:26        860672        ----a-w-        c:\program files\Internet Explorer\iedvtool.dll
2011-10-12 07:40 . 2011-08-20 04:26        163328        ----a-w-        c:\program files\Internet Explorer\ieproxy.dll
2011-10-12 07:40 . 2011-10-01 02:42        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 16:58 . 2011-06-12 01:33        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-23 13:50 . 2011-09-23 13:50        126584        ----a-w-        c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-19 09:45 . 2011-06-10 09:19        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\marius\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\marius\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\marius\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-30 115624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\DRIVERS\Teefer3.sys [2011-04-08 43936]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-09-15 105592]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-10-16 274984]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-08 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\marius\AppData\Roaming\Mozilla\Firefox\Profiles\4mvs2cq2.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(300)
c:\users\marius\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\sppsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\taskhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-09  16:16:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-09 15:16
ComboFix2.txt  2011-11-09 13:39
.
Vor Suchlauf: 7 Verzeichnis(se), 195.043.467.264 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 194.851.049.472 Bytes frei
.
- - End Of File - - 4DDC20BA0CA1AF4A84D89B345D113157
--- --- ---

markusg 09.11.2011 17:08
öffne mal computer c: qoobox.
rechtsklick quarantain, mit winrar oder zip oder anderem packer ein archiv erstellen und dann nach anleitung hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html

rocky13 11.11.2011 02:10
hab den upload channel benutzt.

siehst du was? Falls nicht kann ich mir nicht erklären dass mir nach dem upload ein erfolgreiches Hochladen bestätigt wird.

habs schon gestern versucht; ascheinend zeigt es nichts an.

als link habe ich dieses thema benutzt: hxxp://www.trojaner-board.de/104908-ebenfalls-schwarzer-desktop-keine-dateien-delayed-write-failed-critical-error.html

markusg 11.11.2011 12:20
ist angekommen.
nutzt du das system für onlinebanking einkäufe oder sonstiges wichtiges, wie berulfiches zb?

rocky13 13.11.2011 12:39
nein, nichts dergleichen!

wie soll ich fortfahren?


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131