Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU Trojaner auf Asus EEE PC Windows 7 Starter - FRST Scan (https://www.trojaner-board.de/139039-gvu-trojaner-asus-eee-pc-windows-7-starter-frst-scan.html)

Pro1102 30.07.2013 12:48
GVU Trojaner auf Asus EEE PC Windows 7 Starter - FRST Scan
 
Hallo zusammen,

ich habe den bekannten GVU Trojaner auf meinem Asus EEE PC Netbook mit Windows 7 Starter.

Ich habe nach folgender Anleitung den Scan mit FRST durchgeführt und das Logfile unten erhalten.
http://www.trojaner-board.de/132035-...ml#post1026550

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 03
Ran by SYSTEM on 30-07-2013 13:35:04
Running from E:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotkeyMon] - C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101800 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1258416 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-10] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] - C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [112632 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [218448 2010-10-20] (Trend Micro Inc.)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-05-25] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [3994992 2011-06-28] (Sentelic Corporation)
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-07-01] (ASUSTek Computer Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKU\Daniel\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-11-22] (Google Inc.)
HKU\Daniel\...\Run: [Remote Mouse] - C:\Program Files\Remote Mouse\RemoteMouse.exe [ 2012-03-19] ()
HKU\Daniel\...\Run: [Facebook Update] - C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-07-11] (Facebook Inc.)
HKU\Daniel\...\Run: [ALBATTTOOL] - E:\Windows_Tests\AL Batterie Tool\AL-Batterie-Tool.exe [x]
HKU\Daniel\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe [ 2013-07-27] () <===== ATTENTION
HKU\Daniel\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Daniel\...\Command Processor: "C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe" <===== ATTENTION!
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 ASUS InstantOn; C:\Program Files\Common Files\InstantOn\InsOnSrv.exe [64128 2011-04-27] (ASUS)
S2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-06-03] ()
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1316024 2013-06-09] (Microsoft Corporation)
S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [161104 2010-09-17] (Trend Micro Inc.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-25] ()
S2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-27] ()
S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] ()
S3 fspad_win732; C:\Windows\System32\DRIVERS\fspad_win732.sys [54640 2011-06-28] (Windows (R) Win 7 DDK provider)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
S2 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [x]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [x]
S3 DETECT; \??\D:\CheckImage\DETECTSYS.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-29 12:11 - 2013-07-29 12:11 - 00003288 ____N C:\bootsqm.dat
2013-07-27 09:18 - 2013-07-27 09:18 - 01084708 _____ C:\Users\Daniel\AppData\Roaming\2433f433
2013-07-27 09:18 - 2013-07-27 09:18 - 01084707 _____ C:\ProgramData\2433f433
2013-07-27 09:18 - 2013-07-27 09:18 - 01084698 _____ C:\Users\Daniel\AppData\Local\2433f433
2013-07-12 00:40 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 00:40 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 00:40 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-12 00:40 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 00:39 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 12:55 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 12:55 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 12:55 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 12:55 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-05 15:32 - 2013-07-05 15:32 - 00261368 _____ C:\Users\Daniel\Downloads\Aische-Pervers_–_Auf_dem_Oktoberfest_wmv_758.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-05 12:13 - 2013-07-05 12:13 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-05 12:13 - 2013-07-05 12:13 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-05 12:13 - 2013-07-05 12:13 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-05 12:13 - 2013-07-05 12:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-05 12:11 - 2013-07-05 12:21 - 00009518 _____ C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-29 12:50 - 2009-07-13 20:39 - 00115250 _____ C:\Windows\setupact.log
2013-07-29 12:11 - 2013-07-29 12:11 - 00003288 ____N C:\bootsqm.dat
2013-07-27 09:40 - 2011-11-22 22:23 - 01792103 _____ C:\Windows\WindowsUpdate.log
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 09:18 - 2013-07-27 09:18 - 01084708 _____ C:\Users\Daniel\AppData\Roaming\2433f433
2013-07-27 09:18 - 2013-07-27 09:18 - 01084707 _____ C:\ProgramData\2433f433
2013-07-27 09:18 - 2013-07-27 09:18 - 01084698 _____ C:\Users\Daniel\AppData\Local\2433f433
2013-07-27 07:05 - 2011-11-22 09:03 - 00000000 ____D C:\Users\Daniel\Documents\Studium
2013-07-27 06:22 - 2012-12-21 03:01 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-07-27 06:22 - 2012-12-21 02:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-07-21 06:11 - 2011-11-22 08:00 - 00002375 _____ C:\Users\Daniel\Desktop\Google Chrome.lnk
2013-07-12 01:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 01:12 - 2009-07-13 20:33 - 00465528 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-12 01:11 - 2011-07-01 09:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 01:11 - 2011-07-01 09:16 - 00099324 _____ C:\Windows\PFRO.log
2013-07-12 01:09 - 2012-04-12 11:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 01:09 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 00:55 - 2011-11-22 09:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 00:48 - 2013-02-01 06:09 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-07-12 00:48 - 2009-07-27 02:11 - 01550838 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-08 11:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-07-05 15:32 - 2013-07-05 15:32 - 00261368 _____ C:\Users\Daniel\Downloads\Aische-Pervers_–_Auf_dem_Oktoberfest_wmv_758.exe
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-07-05 12:21 - 2013-07-05 12:11 - 00009518 _____ C:\Windows\IE10_main.log
2013-07-05 12:13 - 2013-07-05 12:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-05 12:13 - 2013-07-05 12:13 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-05 12:13 - 2013-07-05 12:13 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-05 12:13 - 2013-07-05 12:13 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-05 12:13 - 2013-07-05 12:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

Files to move or delete:
====================
C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 2038.18 MB
Available physical RAM: 1615.04 MB
Total Pagefile: 2038.18 MB
Available Pagefile: 1613.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:182.98 GB) NTFS
Drive e: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3FF6F75)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 784BC695)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0E)


LastRegBack: 2013-07-08 11:20

==================== End Of Log ============================
Vielen Dank schon einmal für Eure Hilfe!

schrauber 30.07.2013 13:33
hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKU\Daniel\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe [ 2013-07-27] () <===== ATTENTION
HKU\Daniel\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Daniel\...\Command Processor: "C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe" <===== ATTENTION!
2013-07-27 09:18 - 2013-07-27 09:18 - 01084708 _____ C:\Users\Daniel\AppData\Roaming\2433f433
2013-07-27 09:18 - 2013-07-27 09:18 - 01084707 _____ C:\ProgramData\2433f433
2013-07-27 09:18 - 2013-07-27 09:18 - 01084698 _____ C:\Users\Daniel\AppData\Local\2433f433
C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


neu booten, freuen :)

Pro1102 30.07.2013 13:46
Hi Schrauber,

danke für die schnelle Antwort. Hier der Inhalt des Fixlogs:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-07-2013 03
Ran by SYSTEM at 2013-07-30 14:43:10 Run:1
Running from E:\
Boot Mode: Recovery

==============================================

HKLM\Software\Classes\CLSID\{750fdf10-2a26-11d1-a3ea-080036587f03}\InprocServer32\\Default => Value was restored successfully.
HKU\Daniel\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Daniel\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Daniel\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Daniel\AppData\Roaming\2433f433 => Moved successfully.
C:\ProgramData\2433f433  => Moved successfully.
C:\Users\Daniel\AppData\Local\2433f433  => Moved successfully.
C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe => Moved successfully.

==== End of Fixlog ====

schrauber 30.07.2013 14:11
dann hopp, rechner neu starten und freuen :)

Pro1102 30.07.2013 14:17
Hi,

Hab das Netbook nun normal hochgefahren und der bekannte GVU Sperrbildschirm war immer noch da :-(. Was hab ich nun falsch gemacht?

schrauber 30.07.2013 14:21
eigentlich unmöglich. Poste bitte ein frisches FRST log aus der Recovery.

Pro1102 30.07.2013 14:26
Hier das neue FRST Log:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 03
Ran by SYSTEM on 30-07-2013 15:24:02
Running from E:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotkeyMon] - C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101800 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1258416 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-10] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] - C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [112632 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [218448 2010-10-20] (Trend Micro Inc.)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-05-25] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [3994992 2011-06-28] (Sentelic Corporation)
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-07-01] (ASUSTek Computer Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Daniel\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-11-22] (Google Inc.)
HKU\Daniel\...\Run: [Remote Mouse] - C:\Program Files\Remote Mouse\RemoteMouse.exe [ 2012-03-19] ()
HKU\Daniel\...\Run: [Facebook Update] - C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-07-11] (Facebook Inc.)
HKU\Daniel\...\Run: [ALBATTTOOL] - E:\Windows_Tests\AL Batterie Tool\AL-Batterie-Tool.exe [x]
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 ASUS InstantOn; C:\Program Files\Common Files\InstantOn\InsOnSrv.exe [64128 2011-04-27] (ASUS)
S2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-06-03] ()
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1316024 2013-06-09] (Microsoft Corporation)
S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [161104 2010-09-17] (Trend Micro Inc.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-25] ()
S2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-27] ()
S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] ()
S3 fspad_win732; C:\Windows\System32\DRIVERS\fspad_win732.sys [54640 2011-06-28] (Windows (R) Win 7 DDK provider)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
S2 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [x]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [x]
S3 DETECT; \??\D:\CheckImage\DETECTSYS.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-29 12:11 - 2013-07-29 12:11 - 00003288 ____N C:\bootsqm.dat
2013-07-12 00:40 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 00:40 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 00:40 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-12 00:40 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 00:39 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 12:55 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 12:55 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 12:55 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 12:55 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-05 15:32 - 2013-07-05 15:32 - 00261368 _____ C:\Users\Daniel\Downloads\Aische-Pervers_–_Auf_dem_Oktoberfest_wmv_758.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-05 12:13 - 2013-07-05 12:13 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-05 12:13 - 2013-07-05 12:13 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-05 12:13 - 2013-07-05 12:13 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-05 12:13 - 2013-07-05 12:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-05 12:11 - 2013-07-05 12:21 - 00009518 _____ C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-30 05:16 - 2009-07-13 20:39 - 00115474 _____ C:\Windows\setupact.log
2013-07-29 12:57 - 2011-11-22 22:23 - 01792103 _____ C:\Windows\WindowsUpdate.log
2013-07-29 12:11 - 2013-07-29 12:11 - 00003288 ____N C:\bootsqm.dat
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 07:05 - 2011-11-22 09:03 - 00000000 ____D C:\Users\Daniel\Documents\Studium
2013-07-27 06:22 - 2012-12-21 03:01 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-07-27 06:22 - 2012-12-21 02:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-07-21 06:11 - 2011-11-22 08:00 - 00002375 _____ C:\Users\Daniel\Desktop\Google Chrome.lnk
2013-07-12 01:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 01:12 - 2009-07-13 20:33 - 00465528 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-12 01:11 - 2011-07-01 09:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 01:11 - 2011-07-01 09:16 - 00099324 _____ C:\Windows\PFRO.log
2013-07-12 01:09 - 2012-04-12 11:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 01:09 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 00:55 - 2011-11-22 09:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 00:48 - 2013-02-01 06:09 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-07-12 00:48 - 2009-07-27 02:11 - 01550838 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-08 11:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-07-05 15:32 - 2013-07-05 15:32 - 00261368 _____ C:\Users\Daniel\Downloads\Aische-Pervers_–_Auf_dem_Oktoberfest_wmv_758.exe
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-07-05 12:21 - 2013-07-05 12:11 - 00009518 _____ C:\Windows\IE10_main.log
2013-07-05 12:13 - 2013-07-05 12:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-05 12:13 - 2013-07-05 12:13 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-05 12:13 - 2013-07-05 12:13 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-05 12:13 - 2013-07-05 12:13 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-05 12:13 - 2013-07-05 12:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 2038.18 MB
Available physical RAM: 1616.98 MB
Total Pagefile: 2038.18 MB
Available Pagefile: 1614.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:13.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:182.98 GB) NTFS
Drive e: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3FF6F75)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 784BC695)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0E)


LastRegBack: 2013-07-08 11:20

==================== End Of Log ============================
--- --- ---

schrauber 30.07.2013 17:05
Und Du bist ganz sicher dass nach 2 weiteren Neustarts oder so der Rechner immer noch gesperrt is?

Pro1102 30.07.2013 17:40
Ich habe nun nochmal den Fix durchgeführt und folgenden Fixlog erhalten:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-07-2013 03
Ran by SYSTEM at 2013-07-30 18:26:21 Run:2
Running from E:\
Boot Mode: Recovery

==============================================

HKLM\Software\Classes\CLSID\{750fdf10-2a26-11d1-a3ea-080036587f03}\InprocServer32\\Default => Value was restored successfully.
HKU\Daniel\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value not found.
HKU\Daniel\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKU\Daniel\Software\Microsoft\Command Processor\\AutoRun => Value not found.
"C:\Users\Daniel\AppData\Roaming\2433f433" => File/Directory not found.
"C:\ProgramData\2433f433" => File/Directory not found.
"C:\Users\Daniel\AppData\Local\2433f433" => File/Directory not found.
"C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe" => File/Directory not found.

==== End of Fixlog ====
Gerade nochmal neugestartet und es kam wieder die GVU Seite http://www.trojaner-board.de/118616-gvu-trojaner.html

Bin echt am verzweifeln :-(

schrauber 31.07.2013 08:04
Weird. Poste bitte nochmal ein frisches FRST log aus der recovery.

Pro1102 05.08.2013 17:05
Sry für die verspätete Antwort, aber ich war beruflich unterwegs.
Hier das neue Frst Log:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 03 (ATTENTION: ====> FRST version is 6 days old and could be outdated)
Ran by SYSTEM on 05-08-2013 17:55:00
Running from E:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotkeyMon] - C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101800 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1258416 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-10] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] - C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [112632 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [218448 2010-10-20] (Trend Micro Inc.)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-05-25] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [3994992 2011-06-28] (Sentelic Corporation)
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-07-01] (ASUSTek Computer Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Daniel\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-11-22] (Google Inc.)
HKU\Daniel\...\Run: [Remote Mouse] - C:\Program Files\Remote Mouse\RemoteMouse.exe [ 2012-03-19] ()
HKU\Daniel\...\Run: [Facebook Update] - C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-07-11] (Facebook Inc.)
HKU\Daniel\...\Run: [ALBATTTOOL] - E:\Windows_Tests\AL Batterie Tool\AL-Batterie-Tool.exe [x]
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 ASUS InstantOn; C:\Program Files\Common Files\InstantOn\InsOnSrv.exe [64128 2011-04-27] (ASUS)
S2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-06-03] ()
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1316024 2013-06-09] (Microsoft Corporation)
S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [161104 2010-09-17] (Trend Micro Inc.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-25] ()
S2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-27] ()
S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] ()
S3 fspad_win732; C:\Windows\System32\DRIVERS\fspad_win732.sys [54640 2011-06-28] (Windows (R) Win 7 DDK provider)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
S2 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [x]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [x]
S3 DETECT; \??\D:\CheckImage\DETECTSYS.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-29 12:11 - 2013-07-29 12:11 - 00006576 ____N C:\bootsqm.dat
2013-07-12 00:40 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 00:40 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 00:40 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-12 00:40 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 00:39 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 12:55 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 12:55 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 12:55 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 12:55 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-30 08:36 - 2009-07-13 20:39 - 00115698 _____ C:\Windows\setupact.log
2013-07-29 12:57 - 2011-11-22 22:23 - 01813048 _____ C:\Windows\WindowsUpdate.log
2013-07-29 12:11 - 2013-07-29 12:11 - 00006576 ____N C:\bootsqm.dat
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 07:05 - 2011-11-22 09:03 - 00000000 ____D C:\Users\Daniel\Documents\Studium
2013-07-27 06:22 - 2012-12-21 03:01 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-07-27 06:22 - 2012-12-21 02:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-07-21 06:11 - 2011-11-22 08:00 - 00002375 _____ C:\Users\Daniel\Desktop\Google Chrome.lnk
2013-07-12 01:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 01:12 - 2009-07-13 20:33 - 00465528 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-12 01:11 - 2011-07-01 09:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 01:11 - 2011-07-01 09:16 - 00099324 _____ C:\Windows\PFRO.log
2013-07-12 01:09 - 2012-04-12 11:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 01:09 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 00:55 - 2011-11-22 09:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 00:48 - 2013-02-01 06:09 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-07-12 00:48 - 2009-07-27 02:11 - 01550838 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-08 11:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 2038.18 MB
Available physical RAM: 1584.62 MB
Total Pagefile: 2038.18 MB
Available Pagefile: 1585.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:182.98 GB) NTFS
Drive e: (HITMANPRO) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3FF6F75)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: D46BF46B)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)


LastRegBack: 2013-07-08 11:20

==================== End Of Log ============================
--- --- ---

--- --- ---


VG

Sry für die verspätete ANtwort, aber ich war beruflich unterwegs.

Hier das neue FRST LOG:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 03 (ATTENTION: ====> FRST version is 6 days old and could be outdated)
Ran by SYSTEM on 05-08-2013 17:55:00
Running from E:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotkeyMon] - C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101800 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1258416 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-10] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] - C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [112632 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [218448 2010-10-20] (Trend Micro Inc.)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-05-25] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [3994992 2011-06-28] (Sentelic Corporation)
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-07-01] (ASUSTek Computer Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Daniel\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-11-22] (Google Inc.)
HKU\Daniel\...\Run: [Remote Mouse] - C:\Program Files\Remote Mouse\RemoteMouse.exe [ 2012-03-19] ()
HKU\Daniel\...\Run: [Facebook Update] - C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-07-11] (Facebook Inc.)
HKU\Daniel\...\Run: [ALBATTTOOL] - E:\Windows_Tests\AL Batterie Tool\AL-Batterie-Tool.exe [x]
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 ASUS InstantOn; C:\Program Files\Common Files\InstantOn\InsOnSrv.exe [64128 2011-04-27] (ASUS)
S2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-06-03] ()
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1316024 2013-06-09] (Microsoft Corporation)
S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [161104 2010-09-17] (Trend Micro Inc.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-25] ()
S2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-27] ()
S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] ()
S3 fspad_win732; C:\Windows\System32\DRIVERS\fspad_win732.sys [54640 2011-06-28] (Windows (R) Win 7 DDK provider)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
S2 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [x]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [x]
S3 DETECT; \??\D:\CheckImage\DETECTSYS.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-29 12:11 - 2013-07-29 12:11 - 00006576 ____N C:\bootsqm.dat
2013-07-12 00:40 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 00:40 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 00:40 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-12 00:40 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 00:39 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 12:55 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 12:55 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 12:55 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 12:55 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-30 08:36 - 2009-07-13 20:39 - 00115698 _____ C:\Windows\setupact.log
2013-07-29 12:57 - 2011-11-22 22:23 - 01813048 _____ C:\Windows\WindowsUpdate.log
2013-07-29 12:11 - 2013-07-29 12:11 - 00006576 ____N C:\bootsqm.dat
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 07:05 - 2011-11-22 09:03 - 00000000 ____D C:\Users\Daniel\Documents\Studium
2013-07-27 06:22 - 2012-12-21 03:01 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-07-27 06:22 - 2012-12-21 02:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-07-21 06:11 - 2011-11-22 08:00 - 00002375 _____ C:\Users\Daniel\Desktop\Google Chrome.lnk
2013-07-12 01:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 01:12 - 2009-07-13 20:33 - 00465528 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-12 01:11 - 2011-07-01 09:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 01:11 - 2011-07-01 09:16 - 00099324 _____ C:\Windows\PFRO.log
2013-07-12 01:09 - 2012-04-12 11:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 01:09 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 00:55 - 2011-11-22 09:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 00:48 - 2013-02-01 06:09 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-07-12 00:48 - 2009-07-27 02:11 - 01550838 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-08 11:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 2038.18 MB
Available physical RAM: 1584.62 MB
Total Pagefile: 2038.18 MB
Available Pagefile: 1585.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:182.98 GB) NTFS
Drive e: (HITMANPRO) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3FF6F75)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: D46BF46B)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)


LastRegBack: 2013-07-08 11:20

==================== End Of Log ============================
--- --- ---

--- --- ---


VG

schrauber 06.08.2013 15:55
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Daniel\...\Run: [ALBATTTOOL] - E:\Windows_Tests\AL Batterie Tool\AL-Batterie-Tool.exe [x]
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Pro1102 06.08.2013 17:01
Als ich das Netbook nun hochgefahren habe ging wieder alles problemlos.

Hier dennoch das Fixlog:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-07-2013 03
Ran by Daniel at 2013-08-06 18:00:00 Run:3
Running from E:\
Boot Mode: Normal

==============================================

HKU\Daniel\Software\Microsoft\Windows\CurrentVersion\Run\\ALBATTTOOL => Value not found.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Reboot => Value not found.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AskScreensaver => Value not found.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Reboot => Value not found.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AskScreensaver => Value not found.

==== End of Fixlog ====
Viele Vielen Dank schon einmal! Wie gehts nun weiter? Welches Security Programm ist zu empfehlen?

schrauber 06.08.2013 19:51
Kontrollscans im normalen Modus :)

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Alle Zeitangaben in WEZ +1. Es ist jetzt 18:04 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19