Hallo,

ich habe den Laptop eines Arbeitskollegen erhalten um dort den BKA Trojaner zu entfernen.
Das hat bisher schon öfters geklappt.
Bei diesem beisse ich mir jedoch die Zähne aus. Ich kann nämlich den abgesicherten Modus nicht starten...

Aus diesem Grund habe ich schon einmal, wie in den Anleitungen beschrieben, FRST drüber laufen lassen.

Hier mal der Output:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014 01
Ran by SYSTEM on MININT-IG5NB2L on 11-06-2014 16:09:59
Running from E:\
Platform: Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK.

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AppMon Utility] => C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe [542560 2007-09-20] (Sony Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM-x32\...\Winlogon: [Shell]  [ ] () <=== ATTENTION
Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\CAF74D6A386B4A4C2F0D0974B41974CA\gkz8rffo.cpp ()
Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65192 2012-12-18] (Adobe Systems Incorporated)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [878416 2009-06-10] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [118680 2014-05-04] (Mozilla Foundation)
S3 odserv; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\CAF74D6A386B4A4C2F0D0974B41974CA\gkz8rffo.cpp [168821 2014-06-09] ()

==================== Drivers (Whitelisted) ====================

S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation)
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation)
S3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2009-07-13] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation)
S3 netw5v32; C:\Windows\System32\DRIVERS\netw5v32.sys [4231168 2009-07-13] (Intel Corporation)
S3 R5U870FLx86; C:\Windows\System32\Drivers\R5U870FLx86.sys [73472 2013-03-02] (Ricoh)
S3 R5U870FUx86; C:\Windows\System32\Drivers\R5U870FUx86.sys [43904 2013-03-02] (Ricoh)
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [139776 2009-07-13] (Realtek Corporation                                            )
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Conexant Systems, Inc.)
S3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [818688 2013-03-02] (Texas Instruments)
S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\FRST
2014-06-11 15:44 - 2014-06-11 15:44 - 00000000 ____D () C:\Temp
2014-06-11 14:55 - 2014-06-11 14:58 - 00000564 _____ () C:\ProgramData\RUNDLL32.EXE-1940-F.txt
2014-06-11 14:48 - 2014-06-11 14:51 - 00000452 _____ () C:\ProgramData\RUNDLL32.EXE-1908-F.txt
2014-06-11 14:46 - 2014-06-11 14:46 - 00000111 _____ () C:\ProgramData\RUNDLL32.EXE-1852-F.txt
2014-06-11 14:37 - 2014-06-11 14:38 - 00000174 _____ () C:\ProgramData\RUNDLL32.EXE-1708-F.txt
2014-06-11 14:36 - 2014-06-11 14:36 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-1488-F.txt
2014-06-11 04:27 - 2014-06-11 04:29 - 00000230 _____ () C:\ProgramData\RUNDLL32.EXE-1976-F.txt
2014-06-11 04:24 - 2014-06-11 04:26 - 00000345 _____ () C:\ProgramData\RUNDLL32.EXE-1876-F.txt
2014-06-11 04:20 - 2014-06-11 04:20 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-1924-F.txt
2014-06-11 04:14 - 2014-06-11 04:18 - 00000512 _____ () C:\ProgramData\RUNDLL32.EXE-1844-F.txt
2014-06-11 04:11 - 2014-06-11 04:12 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-1880-F.txt
2014-06-11 04:09 - 2014-06-11 04:09 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-1888-F.txt
2014-06-11 04:07 - 2014-06-11 04:08 - 00000175 _____ () C:\ProgramData\RUNDLL32.EXE-1748-F.txt
2014-06-10 13:14 - 2014-06-10 13:14 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-1992-F.txt
2014-06-10 08:01 - 2014-06-10 08:08 - 00001943 _____ () C:\ProgramData\RUNDLL32.EXE-592-F.txt
2014-06-09 22:06 - 2014-06-09 22:11 - 00002348 _____ () C:\ProgramData\RUNDLL32.EXE-2120-F.txt
2014-06-09 22:03 - 2014-06-09 22:03 - 00000610 _____ () C:\ProgramData\RUNDLL32.EXE-2072-F.txt
2014-06-09 22:01 - 2014-06-09 22:01 - 00000365 _____ () C:\ProgramData\RUNDLL32.EXE-2116-F.txt
2014-06-09 21:53 - 2014-06-09 21:55 - 00001334 _____ () C:\ProgramData\RUNDLL32.EXE-280-F.txt
2014-06-09 21:46 - 2014-06-09 21:46 - 00000000 ____D () C:\ProgramData\CAF74D6A386B4A4C2F0D0974B41974CA
2014-05-22 08:57 - 2014-05-22 08:58 - 00000000 ____D () C:\Users\Martina\AppData\Local\Microsoft Games

==================== One Month Modified Files and Folders =======

2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\FRST
2014-06-11 15:44 - 2014-06-11 15:44 - 00000000 ____D () C:\Temp
2014-06-11 14:59 - 2013-03-02 21:57 - 01117419 _____ () C:\Windows\WindowsUpdate.log
2014-06-11 14:59 - 2009-07-14 05:39 - 00075385 _____ () C:\Windows\setupact.log
2014-06-11 14:59 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-11 14:59 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-11 14:58 - 2014-06-11 14:55 - 00000564 _____ () C:\ProgramData\RUNDLL32.EXE-1940-F.txt
2014-06-11 14:55 - 2013-03-02 21:55 - 00000000 ____D () C:\Users\Martina\AppData\Local\Temp
2014-06-11 14:54 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-11 14:51 - 2014-06-11 14:48 - 00000452 _____ () C:\ProgramData\RUNDLL32.EXE-1908-F.txt
2014-06-11 14:46 - 2014-06-11 14:46 - 00000111 _____ () C:\ProgramData\RUNDLL32.EXE-1852-F.txt
2014-06-11 14:38 - 2014-06-11 14:37 - 00000174 _____ () C:\ProgramData\RUNDLL32.EXE-1708-F.txt
2014-06-11 14:36 - 2014-06-11 14:36 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-1488-F.txt
2014-06-11 04:29 - 2014-06-11 04:27 - 00000230 _____ () C:\ProgramData\RUNDLL32.EXE-1976-F.txt
2014-06-11 04:26 - 2014-06-11 04:24 - 00000345 _____ () C:\ProgramData\RUNDLL32.EXE-1876-F.txt
2014-06-11 04:20 - 2014-06-11 04:20 - 00000058 _____ () C:\ProgramData\RUNDLL32.EXE-1924-F.txt
2014-06-11 04:18 - 2014-06-11 04:14 - 00000512 _____ () C:\ProgramData\RUNDLL32.EXE-1844-F.txt
2014-06-11 04:12 - 2014-06-11 04:11 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-1880-F.txt
2014-06-11 04:09 - 2014-06-11 04:09 - 00000057 _____ () C:\ProgramData\RUNDLL32.EXE-1888-F.txt
2014-06-11 04:08 - 2014-06-11 04:07 - 00000175 _____ () C:\ProgramData\RUNDLL32.EXE-1748-F.txt
2014-06-10 13:14 - 2014-06-10 13:14 - 00000116 _____ () C:\ProgramData\RUNDLL32.EXE-1992-F.txt
2014-06-10 08:08 - 2014-06-10 08:01 - 00001943 _____ () C:\ProgramData\RUNDLL32.EXE-592-F.txt
2014-06-09 22:11 - 2014-06-09 22:06 - 00002348 _____ () C:\ProgramData\RUNDLL32.EXE-2120-F.txt
2014-06-09 22:03 - 2014-06-09 22:03 - 00000610 _____ () C:\ProgramData\RUNDLL32.EXE-2072-F.txt
2014-06-09 22:01 - 2014-06-09 22:01 - 00000365 _____ () C:\ProgramData\RUNDLL32.EXE-2116-F.txt
2014-06-09 21:55 - 2014-06-09 21:53 - 00001334 _____ () C:\ProgramData\RUNDLL32.EXE-280-F.txt
2014-06-09 21:46 - 2014-06-09 21:46 - 00000000 ____D () C:\ProgramData\CAF74D6A386B4A4C2F0D0974B41974CA
2014-06-09 21:37 - 2009-11-10 19:44 - 01472002 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-06-09 21:37 - 2009-07-14 09:47 - 00643866 _____ () C:\Windows\System32\perfh007.dat
2014-06-09 21:37 - 2009-07-14 09:47 - 00126394 _____ () C:\Windows\System32\perfc007.dat
2014-06-08 19:15 - 2013-07-21 20:37 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-05-23 20:22 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-22 08:58 - 2014-05-22 08:57 - 00000000 ____D () C:\Users\Martina\AppData\Local\Microsoft Games
2014-05-21 22:57 - 2014-05-04 14:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-21 22:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\NDF
2014-05-12 19:34 - 2013-05-20 14:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 08:46 - 2013-05-20 15:29 - 00000000 ____D () C:\Users\Martina\AppData\Local\Mozilla

Some content of TEMP:
====================
C:\Users\Martina\AppData\Local\Temp\jr6Q.dll
C:\Users\Martina\AppData\Local\Temp\ose00000.exe


==================== Known DLLs (Whitelisted) ================

C:\Windows\SysWOW64\clbcatq.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\COMDLG32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\gdi32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IMAGEHLP.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IMM32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\LPK.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\MSCTF.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\MSVCRT.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\NORMALIZ.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\NSI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\OLEAUT32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\PSAPI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\sechost.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\Setupapi.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\SHELL32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\SHLWAPI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\URLMON.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\USP10.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WININET.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WLDAP32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WS2_32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\DifxApi.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2009-07-14 00:37] - [2009-07-14 02:14] - 0285696 ____A (Microsoft Corporation) 8EC6A4AB12B8F3759E21F8E3A388F2CF

C:\Windows\System32\wininit.exe
[2009-07-14 00:36] - [2009-07-14 02:14] - 0096256 ____A (Microsoft Corporation) B5C5DCAD3899512020D135600129D665

C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2009-11-10 19:48] - [2009-08-03 06:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047

C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe
[2009-07-14 00:19] - [2009-07-14 02:14] - 0020992 ____A (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866

C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe
[2009-07-14 00:11] - [2009-07-14 02:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\User32.dll
[2009-07-14 00:24] - [2009-07-14 02:16] - 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861

C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe
[2009-07-14 00:34] - [2009-07-14 02:14] - 0026112 ____A (Microsoft Corporation) 6DE80F60D7DE9CE6B8C2DDFDF79EF175

C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll
[2009-07-14 00:45] - [2009-07-14 02:16] - 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2009-07-14 00:11] - [2009-07-14 02:19] - 0245328 ____A (Microsoft Corporation) 58DF9D2481A56EDDE167E51B334D44FD


==================== Restore Points  =========================

Restore point made on: 2013-10-02 17:23:28
Restore point made on: 2013-12-01 20:14:15
Restore point made on: 2014-01-20 13:01:19
Restore point made on: 2014-02-10 16:41:56
Restore point made on: 2014-02-26 18:52:33

==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 2046.43 MB
Available physical RAM: 1540.77 MB
Total Pagefile: 2046.43 MB
Available Pagefile: 1538.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (GRMCPRXVOL_DE_DVD) (CDROM) (Total:2.86 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:0.94 GB) (Free:0.9 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 83E265E5)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 961 MB) (Disk ID: 49E2A461)
Partition 1: (Active) - (Size=960 MB) - (Type=07 NTFS)


LastRegBack: 2014-05-30 21:24

==================== End Of Log ============================
         

Es wäre sehr nett, wenn mir jemand helfen könnte.

Gruß LarsDon

Hi,

startet der Rechner wieder normal nach diesem Fix?


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\CAF74D6A386B4A4C2F0D0974B41974CA\gkz8rffo.cpp ()
S2 Winmgmt; C:\ProgramData\CAF74D6A386B4A4C2F0D0974B41974CA\gkz8rffo.cpp [168821 2014-06-09] ()
2014-06-09 21:46 - 2014-06-09 21:46 - 00000000 ____D () C:\ProgramData\CAF74D6A386B4A4C2F0D0974B41974CA
         

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

• Starte deinen Rechner erneut in die Reparaturoptionen
• Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Hallo aharonov,

danke, dass du dich meiner annimmst!!!

Juhu, der Laptop startet jetzt ganz normal. Es kommt kein BKA Trojaner mehr

Hier der Inhalt der Fixlog.txt:

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2014 01
Ran by SYSTEM at 2014-06-11 18:56:55 Run:1
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\CAF74D6A386B4A4C2F0D0974B41974CA\gkz8rffo.cpp ()
S2 Winmgmt; C:\ProgramData\CAF74D6A386B4A4C2F0D0974B41974CA\gkz8rffo.cpp [168821 2014-06-09] ()
2014-06-09 21:46 - 2014-06-09 21:46 - 00000000 ____D () C:\ProgramData\CAF74D6A386B4A4C2F0D0974B41974CA
*****************

C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk => Moved successfully.
C:\ProgramData\CAF74D6A386B4A4C2F0D0974B41974CA\gkz8rffo.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\CAF74D6A386B4A4C2F0D0974B41974CA => Moved successfully.

==== End of Fixlog ====
         

Gruß LarsDon

Prima. Dann weiter im normalen Modus:


Verschiebe die frst.exe vom USB-Stick auf den Desktop.

• Starte dann FRST.
• Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
• Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
• Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.