So jetzt hat es mich nach dem Büroangriff ach daheim getroffen. ImBüro hat die EDV Abteilung geholfen, Privat brauch ich eure.
Grüße und herzlichen Dank

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013 (ATTENTION: ====> FRST version is 103 days old and could be outdated)
Ran by SYSTEM on MININT-GOIMVDU on 07-03-2014 21:40:41
Running from F:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7940128 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-07-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SBRegRebootCleaner] - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [200560 2011-12-19] (GFI Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.EXE [825864 2009-08-16] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [540056 2012-08-08] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-29] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation)
HKU\Bertrand\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\Bertrand\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Bertrand\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll [ ] ()
Startup: C:\Users\Bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zjeqodjw0.lnk
ShortcutTarget: zjeqodjw0.lnk -> C:\PROGRA~3\0wjdoqejz.cpp ()

==================== Services (Whitelisted) =================

S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-09-20] (Lavasoft Limited)
S3 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
S2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
S2 dlea_device; C:\Windows\system32\dleacoms.exe [1054888 2009-07-01] ( )
S2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\zjeqodjw0.zvv [332540 2014-03-07] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
S1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2012-11-02] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-03] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-03] (Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-10-18] (Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab)
S1 SBRE; C:\Windows\SysWow64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
S3 StarOpen; No ImagePath
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2012-11-02] (Kaspersky Lab)
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-07 21:38 - 2014-03-07 21:38 - 00000000 ____D C:\FRST
2014-03-07 10:31 - 2014-03-07 10:33 - 95027928 ____T C:\ProgramData\zjeqodjw0.fee
2014-03-07 10:31 - 2014-03-07 10:31 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\zjeqodjw0.zvv
2014-03-07 10:31 - 2014-03-07 10:31 - 00144896 _____ C:\ProgramData\0wjdoqejz.cpp
2014-03-06 07:23 - 2014-03-06 07:23 - 00000016 _____ C:\Users\Bertrand\Desktop\Go.txt
2014-02-16 06:22 - 2014-02-16 06:22 - 00015820 _____ C:\Users\Bertrand\AppData\Local\recently-used.xbel
2014-02-16 03:02 - 2014-02-16 03:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-03-07 21:38 - 2014-03-07 21:38 - 00000000 ____D C:\FRST
2014-03-07 12:34 - 2009-07-13 20:45 - 00015568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 12:34 - 2009-07-13 20:45 - 00015568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 12:29 - 2012-12-29 07:03 - 00031839 _____ C:\Windows\setupact.log
2014-03-07 12:29 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-03-07 11:56 - 2012-10-06 07:41 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2014-03-07 11:04 - 2009-08-30 12:04 - 01729113 _____ C:\Windows\WindowsUpdate.log
2014-03-07 10:35 - 2012-10-27 02:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-07 10:33 - 2014-03-07 10:31 - 95027928 ____T C:\ProgramData\zjeqodjw0.fee
2014-03-07 10:31 - 2014-03-07 10:31 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\zjeqodjw0.zvv
2014-03-07 10:31 - 2014-03-07 10:31 - 00144896 _____ C:\ProgramData\0wjdoqejz.cpp
2014-03-07 08:21 - 2009-10-26 11:18 - 00000000 ____D C:\Musik
2014-03-07 03:20 - 2010-02-04 11:51 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E766B5F1-2D27-48A8-B21C-5E7BC66F64F4}
2014-03-06 07:23 - 2014-03-06 07:23 - 00000016 _____ C:\Users\Bertrand\Desktop\Go.txt
2014-02-16 06:22 - 2014-02-16 06:22 - 00015820 _____ C:\Users\Bertrand\AppData\Local\recently-used.xbel
2014-02-16 06:22 - 2012-07-26 09:49 - 00000000 ____D C:\Users\Bertrand\.gimp-2.8
2014-02-16 03:31 - 2014-02-16 03:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2014-02-15 06:07 - 2009-11-01 04:13 - 00000000 ____D C:\Bild
2014-02-15 05:59 - 2013-08-01 05:04 - 00037888 ___SH C:\Users\Bertrand\Documents\Thumbs.db

Some content of TEMP:
====================
C:\Users\Bertrand\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Bertrand\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Bertrand\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Bertrand\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Bertrand\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

8
Restore point made on: 2013-08-24 01:53:41
Restore point made on: 2013-08-31 05:22:17
Restore point made on: 2013-09-09 10:12:49
Restore point made on: 2013-09-12 09:58:09
Restore point made on: 2013-09-29 03:39:16
Restore point made on: 2013-10-17 21:20:57
Restore point made on: 2013-11-02 09:58:18
Restore point made on: 2013-11-17 05:57:02

==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 1978.91 MB
Available physical RAM: 1431.99 MB
Total Pagefile: 1978.91 MB
Available Pagefile: 1425.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:220.79 GB) (Free:67.37 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:3.69 GB) NTFS
Drive f: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 3DE589B9)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 123 MB) (Disk ID: 0041BBB2)
Partition 1: (Active) - (Size=123 MB) - (Type=0E)


LastRegBack: 2013-10-29 12:19

==================== End Of Log ============================
         

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Ich bedanke mich für deine Geduld

Hallo, bertiroth und


Schritt 1

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

S2 Winmgmt; C:\ProgramData\zjeqodjw0.zvv [332540 2014-03-07] (Microsoft Corporation)
Startup: C:\Users\Bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zjeqodjw0.lnk
ShortcutTarget: zjeqodjw0.lnk -> C:\PROGRA~3\0wjdoqejz.cpp ()
2014-03-07 10:31 - 2014-03-07 10:33 - 95027928 ____T C:\ProgramData\zjeqodjw0.fee
2014-03-07 10:31 - 2014-03-07 10:31 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\zjeqodjw0.zvv
2014-03-07 10:31 - 2014-03-07 10:31 - 00144896 _____ C:\ProgramData\0wjdoqejz.cpp
         

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

• Starte deinen Rechner erneut in die Reparaturoptionen
• Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Starte nach diesem Fix bitte deinen Rechner im normalen Modus neu. Wenn er wieder funktioniert, mache bitte mit Schritt 2 weiter.
Schritt 2

Verschiebe FRST vom USB-Stick auf den Desktop.

• Starte dann FRST.
• Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
• Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
• Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Hallo,
benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist