So jetzt hat es mich nach dem Büroangriff ach daheim getroffen. ImBüro hat die EDV Abteilung geholfen, Privat brauch ich eure.
Grüße und herzlichen Dank
Code:
Alles auswählen Aufklappen ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013 (ATTENTION: ====> FRST version is 103 days old and could be outdated )
Ran by SYSTEM on MININT-GOIMVDU on 07-03-2014 21:40:41
Running from F:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7940128 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-07-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SBRegRebootCleaner] - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [200560 2011-12-19] (GFI Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.EXE [825864 2009-08-16] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [540056 2012-08-08] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-29] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation)
HKU\Bertrand\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\Bertrand\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Bertrand\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll [ ] ()
Startup: C:\Users\Bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zjeqodjw0.lnk
ShortcutTarget: zjeqodjw0.lnk -> C:\PROGRA~3\0wjdoqejz.cpp ()
==================== Services (Whitelisted) =================
S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-09-20] (Lavasoft Limited)
S3 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
S2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
S2 dlea_device; C:\Windows\system32\dleacoms.exe [1054888 2009-07-01] ( )
S2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\zjeqodjw0.zvv [332540 2014-03-07] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
S1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2012-11-02] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-03] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-03] (Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-10-18] (Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab)
S1 SBRE; C:\Windows\SysWow64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
S3 StarOpen; No ImagePath
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2012-11-02] (Kaspersky Lab)
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-07 21:38 - 2014-03-07 21:38 - 00000000 ____D C:\FRST
2014-03-07 10:31 - 2014-03-07 10:33 - 95027928 ____T C:\ProgramData\zjeqodjw0.fee
2014-03-07 10:31 - 2014-03-07 10:31 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\zjeqodjw0.zvv
2014-03-07 10:31 - 2014-03-07 10:31 - 00144896 _____ C:\ProgramData\0wjdoqejz.cpp
2014-03-06 07:23 - 2014-03-06 07:23 - 00000016 _____ C:\Users\Bertrand\Desktop\Go.txt
2014-02-16 06:22 - 2014-02-16 06:22 - 00015820 _____ C:\Users\Bertrand\AppData\Local\recently-used.xbel
2014-02-16 03:02 - 2014-02-16 03:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2014-03-07 21:38 - 2014-03-07 21:38 - 00000000 ____D C:\FRST
2014-03-07 12:34 - 2009-07-13 20:45 - 00015568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 12:34 - 2009-07-13 20:45 - 00015568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 12:29 - 2012-12-29 07:03 - 00031839 _____ C:\Windows\setupact.log
2014-03-07 12:29 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-03-07 11:56 - 2012-10-06 07:41 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2014-03-07 11:04 - 2009-08-30 12:04 - 01729113 _____ C:\Windows\WindowsUpdate.log
2014-03-07 10:35 - 2012-10-27 02:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-07 10:33 - 2014-03-07 10:31 - 95027928 ____T C:\ProgramData\zjeqodjw0.fee
2014-03-07 10:31 - 2014-03-07 10:31 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\zjeqodjw0.zvv
2014-03-07 10:31 - 2014-03-07 10:31 - 00144896 _____ C:\ProgramData\0wjdoqejz.cpp
2014-03-07 08:21 - 2009-10-26 11:18 - 00000000 ____D C:\Musik
2014-03-07 03:20 - 2010-02-04 11:51 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E766B5F1-2D27-48A8-B21C-5E7BC66F64F4}
2014-03-06 07:23 - 2014-03-06 07:23 - 00000016 _____ C:\Users\Bertrand\Desktop\Go.txt
2014-02-16 06:22 - 2014-02-16 06:22 - 00015820 _____ C:\Users\Bertrand\AppData\Local\recently-used.xbel
2014-02-16 06:22 - 2012-07-26 09:49 - 00000000 ____D C:\Users\Bertrand\.gimp-2.8
2014-02-16 03:31 - 2014-02-16 03:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2014-02-15 06:07 - 2009-11-01 04:13 - 00000000 ____D C:\Bild
2014-02-15 05:59 - 2013-08-01 05:04 - 00037888 ___SH C:\Users\Bertrand\Documents\Thumbs.db
Some content of TEMP:
====================
C:\Users\Bertrand\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Bertrand\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Bertrand\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Bertrand\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Bertrand\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
8
Restore point made on: 2013-08-24 01:53:41
Restore point made on: 2013-08-31 05:22:17
Restore point made on: 2013-09-09 10:12:49
Restore point made on: 2013-09-12 09:58:09
Restore point made on: 2013-09-29 03:39:16
Restore point made on: 2013-10-17 21:20:57
Restore point made on: 2013-11-02 09:58:18
Restore point made on: 2013-11-17 05:57:02
==================== Memory info ===========================
Percentage of memory in use: 27%
Total physical RAM: 1978.91 MB
Available physical RAM: 1431.99 MB
Total Pagefile: 1978.91 MB
Available Pagefile: 1425.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:220.79 GB) (Free:67.37 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:3.69 GB) NTFS
Drive f: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 3DE589B9)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 123 MB) (Disk ID: 0041BBB2)
Partition 1: (Active) - (Size=123 MB) - (Type=0E)
LastRegBack: 2013-10-29 12:19
==================== End Of Log ============================
07.03.2014, 21:57
Baum-Darstellung