Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by SYSTEM on MININT-FS3LCK2 on 27-10-2014 18:23:46
Running from H:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-07] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [mbot_at_18] => C:\Program Files (x86)\mbot_at_18\mbot_at_18.exe [3975112 2014-09-30] ()
HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [7168 2014-09-23] ()
HKLM-x32\...\RunOnce: [upmbot_at_18.exe] => C:\Users\Jenny\AppData\Local\mbot_at_18\upmbot_at_18.exe [3304952 2014-09-30] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\Jenny\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\Jenny\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\Jenny\...\Policies\Explorer: [NoInstrumentation] 1
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S2 CodecOfficeTrash; C:\windows\SysWOW64\CodecOfficeTrash\CodecOfficeTrash.exe [60453 2014-10-03] ()
S2 FastPlayerUpdaterService; C:\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe [11776 2014-09-30] ()
S2 GammaQuickSymbolic.exe; C:\Users\Jenny\AppData\Local\GammaQuickSymbolic\GammaQuickSymbolic.exe [129061 2014-10-03] ()
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-10-03] (Fuyu LIMITED)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-14] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-14] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-14] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-14] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-14] (Kaspersky Lab ZAO)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-08-11] (Windows (R) 2003 DDK 3790 provider)
S2 webinstrNew; C:\windows\system32\Drivers\webinstrNew.sys [56504 2014-10-03] (Corsica)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 18:08 - 2014-10-27 18:23 - 00000000 ____D () C:\FRST
2014-10-14 01:09 - 2014-10-14 01:09 - 00262144 _____ () C:\Windows\System32\config\elam
2014-10-14 00:04 - 2014-10-14 00:04 - 00000000 ____D () C:\Users\Jenny\Desktop\Spielszenen
2014-10-04 02:08 - 2014-10-04 02:08 - 00000000 ____D () C:\Users\Jenny\AppData\Local\SearchProtect
2014-10-04 02:06 - 2014-10-10 19:20 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-10-04 02:06 - 2014-10-10 19:20 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-10-04 02:06 - 2014-10-10 19:20 - 00000000 ____D () C:\Program Files (x86)\ASP
2014-10-04 02:06 - 2014-10-04 02:08 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-10-04 02:06 - 2014-10-04 02:06 - 00000000 ____D () C:\ProgramData\Systweak
2014-10-03 07:22 - 2014-10-03 07:22 - 00001016 _____ () C:\Windows\PFRO.log
2014-10-03 04:02 - 2014-10-26 08:47 - 00000272 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-10-03 04:02 - 2014-10-03 07:02 - 00000278 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-10-03 04:02 - 2014-10-03 04:02 - 00003216 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-10-03 04:02 - 2014-10-03 04:02 - 00002504 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2014-10-03 04:02 - 2014-10-03 04:02 - 00001133 _____ () C:\Users\Public\Desktop\SpeedUpMyPC.lnk
2014-10-03 04:02 - 2014-10-03 04:02 - 00000000 ____D () C:\Users\Jenny\AppData\Roaming\Uniblue
2014-10-03 04:02 - 2014-10-03 04:02 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-10-03 03:59 - 2014-10-03 03:59 - 00000000 ____D () C:\Users\Jenny\AppData\Local\com
2014-10-03 03:58 - 2014-10-26 18:10 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-10-03 03:58 - 2014-10-26 18:10 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-10-03 03:58 - 2014-10-26 08:49 - 00000412 _____ () C:\Windows\Tasks\SpeedCheck Update.job
2014-10-03 03:58 - 2014-10-03 03:58 - 00003060 _____ () C:\Windows\System32\Tasks\SpeedCheck Update
2014-10-03 03:58 - 2014-10-03 03:58 - 00001873 _____ () C:\Users\UpdatusUser\Desktop\FastPlayer.lnk
2014-10-03 03:58 - 2014-10-03 03:58 - 00001873 _____ () C:\Users\Jenny\Desktop\FastPlayer.lnk
2014-10-03 03:58 - 2014-10-03 03:58 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-03 03:58 - 2014-10-03 03:58 - 00000000 ____D () C:\Users\Jenny\AppData\Local\fastplayer
2014-10-03 03:58 - 2014-10-03 03:58 - 00000000 ____D () C:\Program Files (x86)\ver3SpeedCheck
2014-10-03 03:58 - 2014-10-03 03:57 - 00056504 _____ (Corsica) C:\Windows\System32\Drivers\webinstrNew.sys
2014-10-03 03:57 - 2014-10-03 03:58 - 00000000 ____D () C:\Program Files (x86)\FastPlayer
2014-10-03 03:57 - 2014-10-03 03:57 - 00000000 ____D () C:\Users\Jenny\AppData\Roaming\omiga-plus
2014-10-03 03:56 - 2014-10-03 07:25 - 00000000 ____D () C:\Users\Jenny\AppData\Local\GammaQuickSymbolic
2014-10-03 03:56 - 2014-10-03 03:56 - 00000000 ____D () C:\Windows\SysWOW64\CodecOfficeTrash
2014-10-03 03:56 - 2014-10-03 03:56 - 00000000 ____D () C:\Program Files (x86)\eDealPop
2014-10-03 03:55 - 2014-10-03 07:28 - 00000000 ____D () C:\Users\Jenny\AppData\Local\mbot_at_18
2014-10-03 03:55 - 2014-10-03 03:55 - 00000000 ____D () C:\Users\Jenny\AppData\Roaming\VOPackage
2014-10-03 03:55 - 2014-10-03 03:55 - 00000000 ____D () C:\Program Files (x86)\mbot_at_18
2014-10-03 03:53 - 2014-10-03 03:53 - 01390648 _____ () C:\Users\Jenny\Downloads\Player Setup.exe
2014-10-03 03:03 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2014-10-03 03:03 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-27 10:29 - 2014-09-09 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-09-27 10:29 - 2014-09-09 13:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-27 10:28 - 2014-07-06 18:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-09-27 10:28 - 2014-07-06 18:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-09-27 10:28 - 2014-07-06 17:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-27 10:28 - 2014-07-06 17:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-27 10:28 - 2014-07-06 17:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-27 10:26 - 2014-09-04 18:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-27 10:26 - 2014-09-04 18:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-09-27 10:12 - 2014-09-27 10:12 - 00010714 _____ () C:\Users\Jenny\Documents\Stellungnahme.xml

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 18:10 - 2011-12-15 09:59 - 00000000 ____D () C:\users\Jenny
2014-10-26 18:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-26 18:07 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-10-26 18:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-26 08:52 - 2014-05-14 07:17 - 01286414 _____ () C:\Windows\WindowsUpdate.log
2014-10-26 08:51 - 2014-05-14 07:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-26 08:46 - 2014-09-05 08:37 - 00001281 _____ () C:\Windows\setupact.log
2014-10-26 08:46 - 2014-05-14 10:02 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 08:46 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-14 00:03 - 2011-12-27 11:25 - 00000000 ____D () C:\Users\Jenny\AppData\Local\CrashDumps
2014-10-10 19:20 - 2011-06-09 13:30 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-03 08:03 - 2014-05-14 08:25 - 00000000 ____D () C:\Windows\System32\MRT
2014-10-03 07:32 - 2009-07-13 20:45 - 00028848 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 07:32 - 2009-07-13 20:45 - 00028848 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 07:23 - 2011-12-26 03:48 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2363513811-1566349318-2052125673-1002UA.job
2014-10-03 07:17 - 2014-05-14 10:02 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 05:21 - 2014-05-14 10:03 - 00002363 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-03 04:23 - 2011-12-26 03:48 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2363513811-1566349318-2052125673-1002Core.job
2014-10-03 03:07 - 2012-04-03 00:35 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{82432A66-76D0-44A8-A139-64C32B92DD84}
2014-10-03 03:02 - 2014-05-14 07:42 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-10-03 02:57 - 2009-07-13 21:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.8348.dll


Some content of TEMP:
====================
C:\Users\Jenny\AppData\Local\Temp\ppqh2.exe
C:\Users\Jenny\AppData\Local\Temp\vBlt5.dll
C:\Users\Jenny\AppData\Local\Temp\vBlt5.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-07-23 02:27:16
Restore point made on: 2014-07-30 03:58:57
Restore point made on: 2014-08-09 08:10:06
Restore point made on: 2014-08-09 08:10:57
Restore point made on: 2014-08-09 08:11:42
Restore point made on: 2014-08-09 08:12:03
Restore point made on: 2014-08-09 08:28:18
Restore point made on: 2014-08-09 08:31:54
Restore point made on: 2014-08-09 08:32:18
Restore point made on: 2014-08-13 05:19:26
Restore point made on: 2014-08-23 11:08:49
Restore point made on: 2014-08-23 11:09:28
Restore point made on: 2014-08-23 12:56:33
Restore point made on: 2014-09-04 09:40:05
Restore point made on: 2014-10-03 03:02:41
Restore point made on: 2014-10-03 03:55:08
Restore point made on: 2014-10-03 07:59:28

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 4008.19 MB
Available physical RAM: 3378.28 MB
Total Pagefile: 4006.39 MB
Available Pagefile: 3367.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:230 GB) (Free:146.85 GB) NTFS
Drive d: () (Fixed) (Total:343.24 GB) (Free:343.13 GB) NTFS
Drive f: (SAMSUNG_REC) (Fixed) (Total:22.83 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (SARDU) (Removable) (Total:3.81 GB) (Free:3.81 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1F8D46A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=343.2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=22.8 GB) - (Type=27)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 04030201)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)


LastRegBack: 2014-08-20 11:35

==================== End Of Log ============================
         

Hi

- genaue Beschreibung fehlt, einfach nur das Log im Eröffneungsposting reinknallen ist nicht gerade sehr nett
- Begründung warum FRST nicht normal ausgeführt wurde?
- Virendunf, Logs dazu?

Ich habe mich an die Anleitung gehalten
http://www.trojaner-board.de/132035-...ml#post1026555


Der Computer beginnt normal hochzufahren. Dann kommt der Bildschirm "Windows-Fehlerbehebung".
Wenn man versucht, Windows normal zu starten wird der Bildschirm nach ein paar Sekunden schwarz und man kommt wieder zur Windowsfehlerbehebung.
Wenn man die Windows-Starthilfe wählt kommt man zum Startup Repair. Das läuft dann kurz und es erscheint ein Fenster: "Do you want to restore your Computer usining System Restore?
Wenn man Restore wählt erscheint "Attempting repairs..." und das läuft dann eine Zeit lang. Nach ca. 30min kommt die Meldung "Startup Repai cannot repair this computer automatically"
Man kann dann einen Report senden oder eben nicht. Dann kommt man zu einem Fenster "Click Finish to exit an shut down your Computer"
und das ganze fängt wieder von vorne an.

Aha, Windows startet also nicht normal. So eine Beschreibung wollte ich lesen

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

HKLM-x32\...\Run: [mbot_at_18] => C:\Program Files (x86)\mbot_at_18\mbot_at_18.exe [3975112 2014-09-30] ()
HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [7168 2014-09-23] ()
HKLM-x32\...\RunOnce: [upmbot_at_18.exe] => C:\Users\Jenny\AppData\Local\mbot_at_18\upmbot_at_18.exe [3304952 2014-09-30] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
C:\Users\Jenny\AppData\Local\Temp\ppqh2.exe
C:\Users\Jenny\AppData\Local\Temp\vBlt5.dll
C:\Users\Jenny\AppData\Local\Temp\vBlt5.exe
         

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

• Starte deinen Rechner erneut in die Reparaturoptionen
• Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.