Sperrbildschirm Interpol

Andi_Abseits · 30.09.2013, 17:26

Hallo,
ich habe gemäß anderen Anleitungen und Problemstellungen hier alles wie beschrieben durchgeführt und wollte an dieser Stelle meine FRST.txt posten zur Auswertung.
Es handelt sich um diesen Interpol-Bundespolizei-Sperrbildschirm und ich verwende Windows 7.

Deswegen habe ich mich an Threads orientiert, die auch diese Trojaner-Beschreibung hatten und bin analog vorgegangen. Hier der Inhalt der Datei:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by SYSTEM on MININT-0FNAOJT on 30-09-2013 18:10:24
Running from G:\
Microsoft Windows XP (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [77824 2005-05-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ccApp] - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [51048 2008-10-17] (Symantec Corporation)
HKLM\...\Run: [osCheck] - C:\Programme\Norton Internet Security\osCheck.exe [714608 2007-08-24] (Symantec Corporation)
HKLM\...\Run: [CONNECTScheduler] - C:\Programme\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe [69632 2010-11-07] (Sony Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\qttask.exe [417792 2010-08-07] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [RegistryMonitor1] - C:\WINDOWS\system32\qtplugin.exe
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,,c:\programme\microsoft\desktoplayer.exe,c:\programme\quicktime\qttasksrv.exe
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
IMEO\chrome.exe: [Debugger] C:\Programme\Internet Explorer\iexplore.exe
IMEO\navigator.exe: [Debugger] C:\Programme\Internet Explorer\iexplore.exe
IMEO\opera.exe: [Debugger] C:\Programme\Internet Explorer\iexplore.exe
IMEO\safari.exe: [Debugger] C:\Programme\Internet Explorer\iexplore.exe

========================== Services (Whitelisted) =================

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-06-07] ()
S2 Automatic LiveUpdate Scheduler; C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [243064 2007-08-31] (Symantec Corporation)
S2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [238888 2008-12-12] (Apple Inc.)
S2 ccEvtMgr; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
S2 ccSetMgr; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
S2 CLTNetCnService; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
S3 comHost; C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe [55640 2007-08-22] (Symantec Corporation)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-02-03] (Google Inc.)
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [182768 2009-12-30] (Google)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2010-08-07] (Macrovision Corporation)
S3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [545576 2010-02-15] (Apple Inc.)
S3 LiveUpdate; C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE [3192184 2007-08-23] (Symantec Corporation)
S2 LiveUpdate Notice; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
S2 MDM; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [322120 2006-06-01] (Microsoft Corporation)
S3 MSCSPTISRV; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2006-06-01] (Microsoft Corporation)
S3 PACSPTISVR; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
S3 Sony SCSI Helper Service; C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-08-07] (Sony Corporation)
S3 SPTISRV; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe [69632 2010-08-07] (Sony Corporation)
S3 Symantec Core LC; C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe [1251720 2008-03-26] ()
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2010-08-07] (Microsoft Corporation)
S2 RasAutoWMPNetworkSvc; C:\WINDOWS\system32\2052r.exe srv [x]

==================== Drivers (Whitelisted) ====================

S3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [710144 2005-05-03] (Philips Semiconductors GmbH)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [48128 2004-08-03] (Microsoft Corporation)
S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2319680 2005-05-18] (Realtek Semiconductor Corp.)
S1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices)
S1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2003-03-06] ()
S3 COH_Mon; C:\WINDOWS\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
S2 CO_Mon; C:\WINDOWS\system32\drivers\CO_Mon.sys [36056 2007-08-08] (Symantec Corporation)
S1 eeCtrl; C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys [371248 2008-09-03] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [99376 2008-12-17] (Symantec Corporation)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-01-25] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-01-25] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-01-25] (HP)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15360 2004-08-03] (Microsoft Corporation)
S3 NAVENG; C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20090122.020\NAVENG.SYS [89104 2008-12-17] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20090122.020\NAVEX15.SYS [876112 2008-12-17] (Symantec Corporation)
S3 NCHSSVAD; C:\Windows\System32\drivers\nchssvad.sys [27136 2009-01-28] (NCH Swift Sound)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
S1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [77184 2004-03-09] (Protection Technology)
S0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology)
S0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)
S3 RT73; C:\Windows\System32\DRIVERS\rt73.sys [245248 2005-11-24] (Ralink Technology, Corp.)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
S1 SPBBCDrv; C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys [447024 2008-09-05] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2007-11-30] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2007-11-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2007-11-30] (Symantec Corporation)
S3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [13616 2009-02-19] (Symantec Corporation)
S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [124464 2009-01-17] (Symantec Corporation)
S3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [96560 2009-02-19] (Symantec Corporation)
S3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [38576 2009-02-19] (Symantec Corporation)
S3 SYMIDSCO; C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\ipsdefs\20090113.002\SymIDSCo.sys [250224 2008-09-12] (Symantec Corporation)
S3 SymIM; C:\Windows\System32\DRIVERS\SymIM.sys [31280 2009-02-19] (Symantec Corporation)
S3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [31280 2009-02-19] (Symantec Corporation)
S3 SYMNDIS; C:\Windows\System32\Drivers\SYMNDIS.SYS [37424 2009-02-19] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [22320 2009-02-19] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [184496 2009-02-19] (Symantec Corporation)
S3 SynasUSB; C:\Windows\System32\drivers\SynasUSB.sys [18432 2006-11-23] (SIA Syncrosoft)
S3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [360448 2007-12-18] (TASCAM)
S3 TASCAM_US144_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [18944 2007-12-18] (TASCAM)
S3 TASCAM_US144_WDM; C:\Windows\System32\drivers\tscusb2a.sys [33792 2007-12-18] (TASCAM)
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [x]
S4 IntelIde; No ImagePath
S1 WS2IFSL; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-30 18:10 - 2013-09-30 18:10 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2013-09-30 18:10 - 2013-09-30 18:10 - 00000000 ____D C:\FRST

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-02-28 13:00] - [2007-06-13 14:10] - 1036288 ____A (Microsoft Corporation) 331ed93570baf3cfe30340298762cd56 

C:\Windows\System32\winlogon.exe
[2006-02-28 13:00] - [2006-02-28 13:00] - 0507392 ____A (Microsoft Corporation) 2b6a0baf33a9918f09442d873848ff72 

C:\Windows\System32\svchost.exe
[2006-02-28 13:00] - [2006-02-28 13:00] - 0014336 ____A (Microsoft Corporation) 65a819b121eb6fdab4400ea42bdffe64 

C:\Windows\System32\services.exe
[2006-02-28 13:00] - [2009-02-09 10:48] - 0111104 ____A (Microsoft Corporation) a07ca23ea361a01e627d911cf139b950 

C:\Windows\System32\User32.dll
[2006-02-28 13:00] - [2007-03-08 16:36] - 0579072 ____A (Microsoft Corporation) 492e166cfd26a50fb9160db536ff7d2b 

C:\Windows\System32\userinit.exe
[2006-02-28 13:00] - [2006-02-28 13:00] - 0025088 ____A (Microsoft Corporation) d1e53dc57143f2584b1dd53b036c0633 

C:\Windows\System32\Drivers\volsnap.sys
[2006-02-28 13:00] - [2006-02-28 13:00] - 0053760 ____A (Microsoft Corporation) d6888520ff56d72a50437e371ca25fc9 


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2010-11-07 16:23 - 028672 _restore{BF827828-817F-4B5F-AD5D-C364FC11CBB3}\RP479 

RP: -> 2010-11-05 09:14 - 028672 _restore{BF827828-817F-4B5F-AD5D-C364FC11CBB3}\RP478 

RP: -> 2010-11-03 08:43 - 028672 _restore{BF827828-817F-4B5F-AD5D-C364FC11CBB3}\RP477 

RP: -> 2010-11-01 12:51 - 028672 _restore{BF827828-817F-4B5F-AD5D-C364FC11CBB3}\RP476 

RP: -> 2010-10-24 15:05 - 028672 _restore{BF827828-817F-4B5F-AD5D-C364FC11CBB3}\RP475 

RP: -> 2010-10-22 17:12 - 028672 _restore{BF827828-817F-4B5F-AD5D-C364FC11CBB3}\RP474 

RP: -> 2010-10-15 21:40 - 028672 _restore{BF827828-817F-4B5F-AD5D-C364FC11CBB3}\RP473 

RP: -> 2010-10-14 17:27 - 028672 _restore{BF827828-817F-4B5F-AD5D-C364FC11CBB3}\RP472 

RP: -> 2010-10-13 16:36 - 028672 _restore{BF827828-817F-4B5F-AD5D-C364FC11CBB3}\RP471 

RP: -> 2010-10-03 17:01 - 028672 _restore{BF827828-817F-4B5F-AD5D-C364FC11CBB3}\RP470 

RP: -> 2010-09-26 12:12 - 028672 _restore{BF827828-817F-4B5F-AD5D-C364FC11CBB3}\RP469 

RP: -> 2010-09-16 16:58 - 028672 _restore{BF827828-817F-4B5F-AD5D-C364FC11CBB3}\RP468 


==================== Memory info =========================== 

Percentage of memory in use: 10%
Total physical RAM: 4095.3 MB
Available physical RAM: 3660.78 MB
Total Pagefile: 4093.58 MB
Available Pagefile: 3651.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.45 GB) (Free:138.48 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (System-reserviert) (Fixed) (Total:0.15 GB) (Free:0.13 GB) NTFS
Drive e: () (Fixed) (Total:465.61 GB) (Free:345.49 GB) NTFS
Drive g: (INTENSO) (Removable) (Total:7.26 GB) (Free:0.01 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 279 GB) (Disk ID: ACE22E9E)
Partition 1: (Active) - (Size=279 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DA449325)
Partition 1: (Active) - (Size=157 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 03E8323A)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

Vielen Dank im Voraus und viele Grüße
Andi

cosinus · 30.09.2013, 18:28

Hallo und

Code:

ATTFilter

Microsoft Windows XP (X86) OS Language: German Standard
Internet Explorer Version 7

Wie bitte hast du das Log erstellt? Wenn du Windows 7 hast kann da nicht Windows XP auftauchen!

Andi_Abseits · 30.09.2013, 19:18

Ja, ich lese es auch in der Log-Datei und bin genauso verwundert.

Das is wohl eindeutig... Ich hab Windows 7...
Vielleicht irgendeine veraltete Restpartition, die sich da eingemischt hat?
Oder irgendwelche fehlerhaften Einträge im Bootmgr oder in der MBR?

Ich weiss es einfach nicht.
Fakt ist, dass ich alle akribisch nach Anleitung gemacht habe und bei sowas eigentlich gar nicht sooo auf den Kopf gefallen bin...

cosinus · 30.09.2013, 19:33

Du hast das Log so erstellt?

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Andi_Abseits · 30.09.2013, 19:36

Exakt!
Booten, F8, Computer reparieren, ab in die EIngabeaufforderung, aufn USB-Stick, Tool
gestartet, Disclaimer auf Yes, Scan, Datei wurde erstellt, Datei hier gepostet.
Genau wie beschrieben.

cosinus · 30.09.2013, 19:42

Mach das Log bitte neu

Andi_Abseits · 30.09.2013, 20:22

ja gut. Ich glaube zwar nicht, dass es sich wie von zauberhand was anderes ergeben wird, aber gerne

Ich denke einfach, dass auf einer alten Platte reste einer Win XP part übrig waren und er da was durcheinander kriegt.

Meinst du, dass folgendes vorab helfen könnte?

"Führen Sie jetzt nacheinander folgende Befehle aus: bootrec /fixmbr, bootrec /fixboot und bootrec /rebuildbcd. Danach starten Sie diskpart. Mit list disk sehen Sie die vorhandenen Lauwerke Ihres Systems. Wählen Sie mit select disk [Nummer] die primäre Festplatte, auf der auch Windows installiert ist. Mit list partition und anschließend select partition [Nummer] wird die Partition selektiert, auf der Windows liegt. Abschließend tippen Sie active zum aktivieren der Boot-Partition. Mit exit wird DISKPART verlassen, ein weiteres exit beendet die Kommandozeile. "

Also wie erwartet sah es bei wiederholtem Vorgang genauso aus...
hab jetzt durch den kram meines letzten threads und ein paar weiteren fixes xp-reste entfernen können und ein neues FRST.txt file erstellen können.
Das sieht besser aus:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by SYSTEM on MININT-1UEBQTE on 30-09-2013 21:08:52
Running from G:\
Windows 7 Professional (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATICustomerCare] - C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSSE] - c:\Program Files\Microsoft Security Essentials\msseces.exe [1094224 2010-09-15] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2404376 2013-09-29] ()
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [LogitechCommunicationsManager] - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [497200 2006-06-26] (Logitech Inc.)
HKLM\...\Run: [LVCOMSX] - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [243248 2006-06-26] (Logitech Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [614960 2006-06-26] ()
HKLM\...\Run: [DATAMNGR] - C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE [1684096 2012-11-27] (iMesh, Inc)
HKLM\...\Run: [SearchProtectAll] - C:\Program Files\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
HKU\Gast\...\Run: [SearchProtect] - C:\Users\Gast\AppData\Roaming\SearchProtect\bin\cltmng.exe [ 2013-05-08] (Conduit)
HKU\j.carstensen\...\Run: [SearchProtect] - C:\Users\j.carstensen\AppData\Roaming\SearchProtect\bin\cltmng.exe [ 2013-05-08] (Conduit)
HKU\j.carstensen\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-04-19] (Skype Technologies S.A.)
HKU\j.carstensen\...\Winlogon: [Shell] explorer.exe,C:\Users\j.carstensen\AppData\Roaming\data.dat [ 2011-11-17] () <==== ATTENTION 
AppInit_DLLs: c:\progra~2\bitguard\261673~1.238\{c16c1~1\bitguard.dll  [ 2013-09-19] ()

========================== Services (Whitelisted) =================

S2 BitGuard; C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3099616 2013-09-19] ()
S2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [93984 2013-02-20] (Conduit)
S2 LVPrcSrv; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [99888 2006-06-26] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [91696 2006-06-26] (Logitech Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [17904 2010-03-25] (Microsoft Corporation)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-08-26] ()
S2 vToolbarUpdater17.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [1734680 2013-09-29] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-09-29] (AVG Technologies)
S1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2009-06-10] (BIOSTAR Group)
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [1587632 2006-06-26] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1952816 2006-06-26] (Logitech Inc.)
S3 LVPr2Mon; C:\Windows\System32\drivers\LVPr2Mon.sys [23472 2006-06-26] ()
S3 mfwamidi; C:\Windows\System32\drivers\mfwamidi.sys [26736 2010-09-20] (Mark of the Unicorn)
S3 mfwawave; C:\Windows\System32\drivers\mfwawave.sys [70256 2010-09-20] (Mark of the Unicorn)
S3 motubus; C:\Windows\System32\drivers\MotuBus.sys [23664 2010-09-20] (Mark of the Unicorn)
S3 MotuFWA; C:\Windows\System32\drivers\motufwa.sys [472688 2010-09-20] (Mark of the Unicorn)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [151216 2010-03-25] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [42368 2010-03-25] (Microsoft Corporation)
S1 ckignqbb; \??\C:\Windows\system32\drivers\ckignqbb.sys [x]
S1 msporqsb; \??\C:\Windows\system32\drivers\msporqsb.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-30 21:08 - 2013-09-30 21:08 - 00000000 ____D C:\FRST
2013-09-27 18:42 - 2013-09-27 18:42 - 00000000 ____D C:\Users\Gast\AppData\Local\AVG Secure Search
2013-09-27 18:40 - 2013-09-27 18:40 - 00000000 ____D C:\Users\Gast\AppData\Roaming\SearchProtect
2013-09-25 10:06 - 2013-09-27 18:56 - 00000004 _____ C:\Users\j.carstensen\AppData\Roaming\settings.ini
2013-09-25 09:51 - 2013-09-25 09:51 - 00000000 ____D C:\Users\j.carstensen\AppData\Local\{B97B8545-16E9-4444-B99B-C62D25BB1D47}
2013-09-25 09:48 - 2013-09-25 09:48 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-19 16:45 - 2013-09-19 16:45 - 00000000 ____D C:\Users\j.carstensen\AppData\Local\{9AED06FB-C805-4957-A9F0-56E37D81C1E5}
2013-09-16 17:49 - 2013-09-16 17:49 - 00000000 ____D C:\Users\j.carstensen\AppData\Local\{F669B073-2F98-40AE-BCCD-5E2F4E4B9595}
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 ____D C:\Users\j.carstensen\AppData\Local\{4CEEE4A1-06F2-4607-A3BE-5996F02E8413}
2013-09-01 15:50 - 2013-09-01 15:50 - 00000000 ____D C:\Users\j.carstensen\AppData\Local\{1C79E17F-5D6F-4B50-A2A8-A16289D97F3F}

==================== One Month Modified Files and Folders =======

2013-09-30 21:08 - 2013-09-30 21:08 - 00000000 ____D C:\FRST
2013-09-30 19:08 - 2009-07-14 05:39 - 00102214 _____ C:\Windows\setupact.log
2013-09-30 17:22 - 2010-11-23 15:23 - 01164930 _____ C:\Windows\WindowsUpdate.log
2013-09-30 17:20 - 2009-07-14 05:34 - 00014624 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-30 17:20 - 2009-07-14 05:34 - 00014624 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-30 17:15 - 2010-08-26 16:05 - 01480602 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-29 17:55 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-29 17:38 - 2013-01-27 16:31 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-29 17:19 - 2012-11-08 17:53 - 00037664 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-09-29 17:19 - 2012-07-13 14:43 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-09-27 18:56 - 2013-09-25 10:06 - 00000004 _____ C:\Users\j.carstensen\AppData\Roaming\settings.ini
2013-09-27 18:56 - 2012-10-14 17:16 - 00000000 ____D C:\Users\j.carstensen\AppData\Roaming\Skype
2013-09-27 18:42 - 2013-09-27 18:42 - 00000000 ____D C:\Users\Gast\AppData\Local\AVG Secure Search
2013-09-27 18:40 - 2013-09-27 18:40 - 00000000 ____D C:\Users\Gast\AppData\Roaming\SearchProtect
2013-09-27 18:40 - 2012-02-04 10:43 - 00122944 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-25 10:10 - 2012-12-11 20:15 - 00000000 ____D C:\ProgramData\Browser Manager
2013-09-25 10:10 - 2010-11-26 13:43 - 00050516 _____ C:\Windows\PFRO.log
2013-09-25 09:51 - 2013-09-25 09:51 - 00000000 ____D C:\Users\j.carstensen\AppData\Local\{B97B8545-16E9-4444-B99B-C62D25BB1D47}
2013-09-25 09:48 - 2013-09-25 09:48 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-19 16:45 - 2013-09-19 16:45 - 00000000 ____D C:\Users\j.carstensen\AppData\Local\{9AED06FB-C805-4957-A9F0-56E37D81C1E5}
2013-09-16 18:03 - 2011-11-18 14:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-16 17:58 - 2013-08-16 15:17 - 00000000 ____D C:\Windows\System32\MRT
2013-09-16 17:56 - 2010-11-24 08:18 - 76725432 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-16 17:49 - 2013-09-16 17:49 - 00000000 ____D C:\Users\j.carstensen\AppData\Local\{F669B073-2F98-40AE-BCCD-5E2F4E4B9595}
2013-09-03 16:41 - 2013-09-03 16:41 - 00000000 ____D C:\Users\j.carstensen\AppData\Local\{4CEEE4A1-06F2-4607-A3BE-5996F02E8413}
2013-09-01 15:50 - 2013-09-01 15:50 - 00000000 ____D C:\Users\j.carstensen\AppData\Local\{1C79E17F-5D6F-4B50-A2A8-A16289D97F3F}

Files to move or delete:
====================
C:\Users\j.carstensen\AppData\Roaming\data.dat
C:\Users\j.carstensen\AppData\Roaming\settings.ini
C:\Users\j.carstensen\AppData\Roaming\i.ini


Some content of TEMP:
====================
C:\Users\j.carstensen\AppData\Local\Temp\aacdec.exe
C:\Users\j.carstensen\AppData\Local\Temp\APNStub.exe
C:\Users\j.carstensen\AppData\Local\Temp\avguidx.dll
C:\Users\j.carstensen\AppData\Local\Temp\CommonInstaller.exe
C:\Users\j.carstensen\AppData\Local\Temp\doxillionsetup.exe
C:\Users\j.carstensen\AppData\Local\Temp\fbjsjhdhekyywgodsnbundfpehwnb.exe
C:\Users\j.carstensen\AppData\Local\Temp\ffmpeg15.exe
C:\Users\j.carstensen\AppData\Local\Temp\ffunzip.exe
C:\Users\j.carstensen\AppData\Local\Temp\GLF22F6.tmp.ConduitEngineSetup.exe
C:\Users\j.carstensen\AppData\Local\Temp\iGearedHelper.dll
C:\Users\j.carstensen\AppData\Local\Temp\iMesh_setup.exe
C:\Users\j.carstensen\AppData\Local\Temp\Installhelper.dll
C:\Users\j.carstensen\AppData\Local\Temp\laxiiaarkkpypnpqikg.bfg
C:\Users\j.carstensen\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\j.carstensen\AppData\Local\Temp\mp3el.exe
C:\Users\j.carstensen\AppData\Local\Temp\MSN39A.exe
C:\Users\j.carstensen\AppData\Local\Temp\nsj6DF4.exe
C:\Users\j.carstensen\AppData\Local\Temp\nsv2A0E.tmp.ConduitEngineEmbbed.exe
C:\Users\j.carstensen\AppData\Local\Temp\nsy93D1.exe
C:\Users\j.carstensen\AppData\Local\Temp\oi_{5ACDA8FF-6585-4CF8-A623-6CBDF9566B7C}.exe
C:\Users\j.carstensen\AppData\Local\Temp\ose00000.exe
C:\Users\j.carstensen\AppData\Local\Temp\prismsetup.exe
C:\Users\j.carstensen\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\j.carstensen\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\j.carstensen\AppData\Local\Temp\SkypeSetup.exe
C:\Users\j.carstensen\AppData\Local\Temp\softonic-de3.exe
C:\Users\j.carstensen\AppData\Local\Temp\Softonicde3.exe
C:\Users\j.carstensen\AppData\Local\Temp\SPStub.exe
C:\Users\j.carstensen\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\j.carstensen\AppData\Local\Temp\tbFre2.dll
C:\Users\j.carstensen\AppData\Local\Temp\tbsof0.dll
C:\Users\j.carstensen\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\j.carstensen\AppData\Local\Temp\TorchSetupFull.exe
C:\Users\j.carstensen\AppData\Local\Temp\wpsetup.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

26
Restore point made on: 2013-08-04 20:51:41
Restore point made on: 2013-08-07 16:34:44
Restore point made on: 2013-08-08 21:18:47
Restore point made on: 2013-08-11 18:35:16
Restore point made on: 2013-08-15 19:54:13
Restore point made on: 2013-08-16 15:17:25
Restore point made on: 2013-08-18 19:16:16
Restore point made on: 2013-08-23 14:27:05
Restore point made on: 2013-08-23 14:32:54
Restore point made on: 2013-08-26 18:16:54
Restore point made on: 2013-08-27 14:10:25
Restore point made on: 2013-09-01 15:54:28
Restore point made on: 2013-09-01 20:00:07
Restore point made on: 2013-09-03 16:41:54
Restore point made on: 2013-09-16 17:52:24
Restore point made on: 2013-09-16 17:56:28
Restore point made on: 2013-09-19 16:47:24
Restore point made on: 2013-09-19 16:59:50
Restore point made on: 2013-09-19 17:48:11
Restore point made on: 2013-09-19 21:35:55
Restore point made on: 2013-09-25 09:56:07
Restore point made on: 2013-09-25 10:08:39
Restore point made on: 2013-09-25 10:20:25
Restore point made on: 2013-09-29 17:29:18
Restore point made on: 2013-09-29 18:03:17
Restore point made on: 2013-09-30 17:22:24

==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 4095.3 MB
Available physical RAM: 3568.51 MB
Total Pagefile: 4093.58 MB
Available Pagefile: 3570.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.61 GB) (Free:346.9 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.15 GB) (Free:0.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (INTENSO) (Removable) (Total:7.26 GB) (Free:0.01 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:279.45 GB) (Free:138.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 279 GB) (Disk ID: ACE22E9E)
Partition 1: (Active) - (Size=279 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DA449325)
Partition 1: (Active) - (Size=157 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 03E8323A)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-09-17 09:33

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus · 01.10.2013, 11:24

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\j.carstensen\...\Winlogon: [Shell] explorer.exe,C:\Users\j.carstensen\AppData\Roaming\data.dat [ 2011-11-17] () <==== ATTENTION
S1 ckignqbb; \??\C:\Windows\system32\drivers\ckignqbb.sys [x]
S1 msporqsb; \??\C:\Windows\system32\drivers\msporqsb.sys [x]
C:\Users\j.carstensen\AppData\Roaming\settings.ini
C:\Users\j.carstensen\AppData\Roaming\i.ini
C:\Users\j.carstensen\AppData\Roaming\data.dat
C:\Windows\system32\drivers\ckignqbb.sys
C:\Windows\system32\drivers\msporqsb.sys
C:\Users\j.carstensen\AppData\Local\Temp\aacdec.exe
C:\Users\j.carstensen\AppData\Local\Temp\APNStub.exe
C:\Users\j.carstensen\AppData\Local\Temp\avguidx.dll
C:\Users\j.carstensen\AppData\Local\Temp\CommonInstaller.exe
C:\Users\j.carstensen\AppData\Local\Temp\doxillionsetup.exe
C:\Users\j.carstensen\AppData\Local\Temp\fbjsjhdhekyywgodsnbundfpehwnb.exe
C:\Users\j.carstensen\AppData\Local\Temp\ffmpeg15.exe
C:\Users\j.carstensen\AppData\Local\Temp\ffunzip.exe
C:\Users\j.carstensen\AppData\Local\Temp\GLF22F6.tmp.ConduitEngineSetup.exe
C:\Users\j.carstensen\AppData\Local\Temp\iGearedHelper.dll
C:\Users\j.carstensen\AppData\Local\Temp\iMesh_setup.exe
C:\Users\j.carstensen\AppData\Local\Temp\Installhelper.dll
C:\Users\j.carstensen\AppData\Local\Temp\laxiiaarkkpypnpqikg.bfg
C:\Users\j.carstensen\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\j.carstensen\AppData\Local\Temp\mp3el.exe
C:\Users\j.carstensen\AppData\Local\Temp\MSN39A.exe
C:\Users\j.carstensen\AppData\Local\Temp\nsj6DF4.exe
C:\Users\j.carstensen\AppData\Local\Temp\nsv2A0E.tmp.ConduitEngineEmbbed.exe
C:\Users\j.carstensen\AppData\Local\Temp\nsy93D1.exe
C:\Users\j.carstensen\AppData\Local\Temp\oi_{5ACDA8FF-6585-4CF8-A623-6CBDF9566B7C}.exe
C:\Users\j.carstensen\AppData\Local\Temp\ose00000.exe
C:\Users\j.carstensen\AppData\Local\Temp\prismsetup.exe
C:\Users\j.carstensen\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\j.carstensen\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\j.carstensen\AppData\Local\Temp\SkypeSetup.exe
C:\Users\j.carstensen\AppData\Local\Temp\softonic-de3.exe
C:\Users\j.carstensen\AppData\Local\Temp\Softonicde3.exe
C:\Users\j.carstensen\AppData\Local\Temp\SPStub.exe
C:\Users\j.carstensen\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\j.carstensen\AppData\Local\Temp\tbFre2.dll
C:\Users\j.carstensen\AppData\Local\Temp\tbsof0.dll
C:\Users\j.carstensen\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\j.carstensen\AppData\Local\Temp\TorchSetupFull.exe
C:\Users\j.carstensen\AppData\Local\Temp\wpsetup.exe

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Andi_Abseits · 01.10.2013, 19:54

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2013 01
Ran by SYSTEM at 2013-10-01 20:49:11 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\j.carstensen\...\Winlogon: [Shell] explorer.exe,C:\Users\j.carstensen\AppData\Roaming\data.dat [ 2011-11-17] () <==== ATTENTION
S1 ckignqbb; \??\C:\Windows\system32\drivers\ckignqbb.sys [x]
S1 msporqsb; \??\C:\Windows\system32\drivers\msporqsb.sys [x]
C:\Users\j.carstensen\AppData\Roaming\settings.ini
C:\Users\j.carstensen\AppData\Roaming\i.ini
C:\Users\j.carstensen\AppData\Roaming\data.dat
C:\Windows\system32\drivers\ckignqbb.sys
C:\Windows\system32\drivers\msporqsb.sys
C:\Users\j.carstensen\AppData\Local\Temp\aacdec.exe
C:\Users\j.carstensen\AppData\Local\Temp\APNStub.exe
C:\Users\j.carstensen\AppData\Local\Temp\avguidx.dll
C:\Users\j.carstensen\AppData\Local\Temp\CommonInstaller.exe
C:\Users\j.carstensen\AppData\Local\Temp\doxillionsetup.exe
C:\Users\j.carstensen\AppData\Local\Temp\fbjsjhdhekyywgodsnbundfpehwnb.exe
C:\Users\j.carstensen\AppData\Local\Temp\ffmpeg15.exe
C:\Users\j.carstensen\AppData\Local\Temp\ffunzip.exe
C:\Users\j.carstensen\AppData\Local\Temp\GLF22F6.tmp.ConduitEngineSetup.exe
C:\Users\j.carstensen\AppData\Local\Temp\iGearedHelper.dll
C:\Users\j.carstensen\AppData\Local\Temp\iMesh_setup.exe
C:\Users\j.carstensen\AppData\Local\Temp\Installhelper.dll
C:\Users\j.carstensen\AppData\Local\Temp\laxiiaarkkpypnpqikg.bfg
C:\Users\j.carstensen\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\j.carstensen\AppData\Local\Temp\mp3el.exe
C:\Users\j.carstensen\AppData\Local\Temp\MSN39A.exe
C:\Users\j.carstensen\AppData\Local\Temp\nsj6DF4.exe
C:\Users\j.carstensen\AppData\Local\Temp\nsv2A0E.tmp.ConduitEngineEmbbed.exe
C:\Users\j.carstensen\AppData\Local\Temp\nsy93D1.exe
C:\Users\j.carstensen\AppData\Local\Temp\oi_{5ACDA8FF-6585-4CF8-A623-6CBDF9566B7C}.exe
C:\Users\j.carstensen\AppData\Local\Temp\ose00000.exe
C:\Users\j.carstensen\AppData\Local\Temp\prismsetup.exe
C:\Users\j.carstensen\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\j.carstensen\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\j.carstensen\AppData\Local\Temp\SkypeSetup.exe
C:\Users\j.carstensen\AppData\Local\Temp\softonic-de3.exe
C:\Users\j.carstensen\AppData\Local\Temp\Softonicde3.exe
C:\Users\j.carstensen\AppData\Local\Temp\SPStub.exe
C:\Users\j.carstensen\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\j.carstensen\AppData\Local\Temp\tbFre2.dll
C:\Users\j.carstensen\AppData\Local\Temp\tbsof0.dll
C:\Users\j.carstensen\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\j.carstensen\AppData\Local\Temp\TorchSetupFull.exe
C:\Users\j.carstensen\AppData\Local\Temp\wpsetup.exe
*****************

HKU\j.carstensen\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
ckignqbb => Service deleted successfully.
msporqsb => Service deleted successfully.
C:\Users\j.carstensen\AppData\Roaming\settings.ini => Moved successfully.
"C:\Users\j.carstensen\AppData\Roaming\i.ini" => File/Directory not found.
C:\Users\j.carstensen\AppData\Roaming\data.dat => Moved successfully.
"C:\Windows\system32\drivers\ckignqbb.sys" => File/Directory not found.
"C:\Windows\system32\drivers\msporqsb.sys" => File/Directory not found.
C:\Users\j.carstensen\AppData\Local\Temp\aacdec.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\APNStub.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\avguidx.dll => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\CommonInstaller.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\doxillionsetup.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\fbjsjhdhekyywgodsnbundfpehwnb.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\ffmpeg15.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\ffunzip.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\GLF22F6.tmp.ConduitEngineSetup.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\iGearedHelper.dll => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\iMesh_setup.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\Installhelper.dll => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\laxiiaarkkpypnpqikg.bfg => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\MachineIdCreator.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\mp3el.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\MSN39A.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\nsj6DF4.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\nsv2A0E.tmp.ConduitEngineEmbbed.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\nsy93D1.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\oi_{5ACDA8FF-6585-4CF8-A623-6CBDF9566B7C}.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\prismsetup.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\SecondStepInstaller.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\setup_fsu_cid.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\softonic-de3.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\Softonicde3.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\SPStub.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\SRAssetsHelper.dll => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\tbFre2.dll => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\tbsof0.dll => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\ToolbarInstaller.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\TorchSetupFull.exe => Moved successfully.
C:\Users\j.carstensen\AppData\Local\Temp\wpsetup.exe => Moved successfully.

==== End of Fixlog ====

cosinus · 01.10.2013, 23:56

Startet Windows wieder normal?

Andi_Abseits · 02.10.2013, 00:29

Wollte nichts auf eigene Faust von deinen Anweisungen abweichend machen, deswegen habe ich es noch nicht getestet. Hab den Rechner erst morgen wieder bei mir und berichte dann.
Vielen Dank bis hierher.

Andi_Abseits · 03.10.2013, 21:30

Der Rechner läuft wieder Ohne Probleme.
Wars das dann oder muss man jetzt noch irgendwas nachträglich machen, damit das nicht irgendwann wieder kommt?

cosinus · 03.10.2013, 23:18

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

30.09.2013, 18:28	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Sperrbildschirm Interpol Hallo und Code: ATTFilter Microsoft Windows XP (X86) OS Language: German Standard Internet Explorer Version 7 Wie bitte hast du das Log erstellt? Wenn du Windows 7 hast kann da nicht Windows XP auftauchen! __________________ __________________

30.09.2013, 19:42	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Sperrbildschirm Interpol Mach das Log bitte neu __________________ --> Sperrbildschirm Interpol

01.10.2013, 23:56	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Sperrbildschirm Interpol Startet Windows wieder normal? __________________ Logfiles bitte immer in CODE-Tags posten

Sperrbildschirm Interpol

Log-Analyse und Auswertung: Sperrbildschirm Interpol