![]() |
Windows 7 64Bit Sperrbildschirm / FRST txt anbei Hallo, meine "Hochschwangere" Schwester hat mir ziemlich verzweifelt Ihr "altes" Notebook gebracht, weil dort die einzige Lagerstätte von Bilder Ihres Erstgeborenen sind. Die Maschine ist immer in einem ziemliche chaotischen Zustand. Jetzt hat Sie sich aber einen Sperrbildschirm eingefangen, mit dem ich so einfach nicht fertig werde. Wenn mit jemand helfen könnte, wäre ich sehr dankbar, da meine Schwester zur Zeit eher...Hormonell gesteuert ist, und mein Schwager der Situation äusserst hilflos ausgeliefert ist. Danke für Eure/Deine Hilfe! Gruss P.S. leider habe ich ausser FRST nix mehr aus dem System rausbekommen: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Bekki (administrator) on PC-K on 31-03-2014 19:42:37 Running from E:\ Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Safe Mode (minimal) The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\cmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2011-12-23] (Synaptics Incorporated) HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.) HKLM\...\Run: [atchk] - C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-11-30] (Intel Corporation) HKLM\...\Run: [nwiz] - nwiz.exe /install HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16336488 2009-09-05] (NVIDIA Corporation) HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~3\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe [202296 2012-04-10] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.) Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify Web Helper] - C:\Users\Bekki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1103768 2013-03-13] (Spotify Ltd) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify] - C:\Users\Bekki\AppData\Roaming\Spotify\Spotify.exe [4489112 2013-03-13] (Spotify Ltd) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\MountPoints2: {2cf15101-7349-11e1-9941-001e37821500} - E:\LaunchU3.exe -a HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Winlogon: [Shell] explorer.exe,C:\Users\Bekki\AppData\Roaming\skype.dat [124416 2011-11-17] () <==== ATTENTION Lsa: [Notification Packages] scecli ACGina ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x72BDB9C8EFCACC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) SearchScopes: HKCU - {D6025D83-5701-4B05-BF7D-408943F40585} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=B29F9ABE-C3FC-457A-9E61-BECCC20AD501&apn_sauid=3A84F2E8-FDB2-4C12-87BA-07E0F51C7F58 BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: HKLM {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll No File CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.486_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO) CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.486_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (VLC Web Plugin) - C:\Users\Bekki\Desktop\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-10-08] CHR Extension: (Virtuelle Tastatur) - C:\Users\Bekki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-10-08] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\urladvisor.crx [2012-04-10] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\virtkbd.crx [2012-04-10] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ChromeExt\ab.crx [2012-04-10] ==================== Services (Whitelisted) ================= S2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation) S2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-11-30] (Intel Corporation) S2 AVP; C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe [202296 2012-04-10] (Kaspersky Lab ZAO) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-03-15] (Lenovo.) S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) S2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [114688 2009-11-30] (Intel Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21416 2012-11-23] () S2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1458176 2009-11-30] (Intel Corporation) ==================== Drivers (Whitelisted) ==================== R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO) S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [615728 2012-05-23] (Kaspersky Lab) S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-31 19:41 - 2014-03-31 19:42 - 00000000 ____D () C:\FRST ==================== One Month Modified Files and Folders ======= 2014-03-31 20:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-03-31 19:42 - 2014-03-31 19:41 - 00000000 ____D () C:\FRST 2014-03-31 19:38 - 2013-05-16 09:09 - 00000004 _____ () C:\Users\Bekki\AppData\Roaming\skype.ini 2014-03-31 19:38 - 2012-11-30 19:58 - 00000336 _____ () C:\Windows\Tasks\spmonitor.job 2014-03-31 19:38 - 2012-11-30 12:37 - 00000258 _____ () C:\Windows\Tasks\SpeedUpMyPC.job 2014-03-31 19:38 - 2012-05-23 17:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-31 19:38 - 2012-01-04 22:38 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-31 19:37 - 2012-05-24 14:41 - 00007982 _____ () C:\Windows\setupact.log 2014-03-31 19:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-31 19:32 - 2009-07-14 12:57 - 00654150 _____ () C:\Windows\system32\perfh007.dat 2014-03-31 19:32 - 2009-07-14 12:57 - 00130022 _____ () C:\Windows\system32\perfc007.dat 2014-03-31 19:32 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-31 19:20 - 2012-01-04 23:17 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job 2014-03-31 19:18 - 2012-01-04 23:18 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2014-03-31 19:17 - 2009-07-14 06:45 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-31 19:17 - 2009-07-14 06:45 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-31 19:16 - 2012-12-12 19:52 - 00000000 ____D () C:\Users\Bekki\AppData\Roaming\Spotify 2014-03-31 19:15 - 2012-01-04 22:38 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-31 19:13 - 2012-01-04 10:38 - 01260346 _____ () C:\Windows\WindowsUpdate.log 2014-03-31 19:10 - 2012-01-04 10:54 - 00000000 ____D () C:\Users\Bekki Files to move or delete: ==================== C:\Users\Bekki\AppData\Roaming\skype.dat C:\Users\Bekki\AppData\Roaming\skype.ini Some content of TEMP: ==================== C:\Users\Bekki\AppData\Local\Temp\ApnStub.exe C:\Users\Bekki\AppData\Local\Temp\install_reader10_de_gtbp_chra_aih.exe C:\Users\Bekki\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-05-04 11:37 ==================== End Of Log ============================ |
Hallo JBL, :hallo: mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise: ![]()
![]()
Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code: HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Winlogon: [Shell] explorer.exe,C:\Users\Bekki\AppData\Roaming\skype.dat [124416 2011-11-17] () <==== ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Startet der Rechner nach diesem Fix wieder ganz normal? Poste folgende Logfiles in deiner nächsten Antwort:
|
Hallo Jonas, dnake für deine Hilfe. Log anbei: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Bekki at 2014-03-31 20:36:12 Run:1 Running from E:\ Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Winlogon: [Shell] explorer.exe,C:\Users\Bekki\AppData\Roaming\skype.dat [124416 2011-11-17] () <==== ATTENTION C:\Users\Bekki\AppData\Roaming\skype.dat C:\Users\Bekki\AppData\Roaming\skype.ini ***************** HKU\S-1-5-21-3002080910-3552495419-504091609-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\Users\Bekki\AppData\Roaming\skype.dat => Moved successfully. C:\Users\Bekki\AppData\Roaming\skype.ini => Moved successfully. ==== End of Fixlog ==== |
Startet der Rechner wieder im Normalen Modus? ;) |
Ja! und wieder 20 000 Programme im autostart..... :kloppen: |
Alles klar, dann mache bitte folgendes: Schritt 1 Starte noch einmal FRST.
Poste folgende Logfiles in deiner nächsten Antwort:
|
FRST Logfile: [CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Bekki (administrator) on PC-K on 31-03-2014 20:55:05 Running from E:\ Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\system32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe (Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe (Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Spotify Ltd) C:\Users\Bekki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Spotify Ltd) C:\Users\Bekki\AppData\Roaming\Spotify\spotify.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2011-12-23] (Synaptics Incorporated) HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.) HKLM\...\Run: [atchk] - C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-11-30] (Intel Corporation) HKLM\...\Run: [nwiz] - nwiz.exe /install HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16336488 2009-09-05] (NVIDIA Corporation) HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~3\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe [202296 2012-04-10] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.) Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify Web Helper] - C:\Users\Bekki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1103768 2013-03-13] (Spotify Ltd) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Run: [Spotify] - C:\Users\Bekki\AppData\Roaming\Spotify\Spotify.exe [4489112 2013-03-13] (Spotify Ltd) HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\MountPoints2: {2cf15101-7349-11e1-9941-001e37821500} - E:\LaunchU3.exe -a HKU\S-1-5-21-3002080910-3552495419-504091609-1001\...\Winlogon: [Shell] explorer.exe,C:\Users\Bekki\AppData\Roaming\skype.dat <==== ATTENTION Lsa: [Notification Packages] scecli ACGina ==================== Internet (Whitelisted) ==================== FRST Additions Logfile: Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 --- --- --- |
Das FRST Logfile ist nicht vollständig, bitte nochmal vollständig in CODE-Tags posten :). |
FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 |
Schritt 1 Bitte deinstalliere folgende Programme:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Softwareund wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8). Schritt 2 Downloade Dir bitte ![]()
Schritt 3 ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
Poste folgende Logfiles in deiner nächsten Antwort:
|
Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion ermöglichen. |
Fehlende Rückmeldung Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. Falls du weitermachen willst, schicke mir bitte eine private Nachricht. Jeder andere bitte folgendes lesen: http://www.trojaner-board.de/69886-a...-beachten.html und einen eigenen Thread erstellen. |
Alle Zeitangaben in WEZ +1. Es ist jetzt 18:25 Uhr. |
Copyright ©2000-2025, Trojaner-Board