Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU Trojaner auf Asus EEE PC Windows 7 Starter - FRST Scan (https://www.trojaner-board.de/139039-gvu-trojaner-asus-eee-pc-windows-7-starter-frst-scan.html)

Pro1102 30.07.2013 12:48
GVU Trojaner auf Asus EEE PC Windows 7 Starter - FRST Scan
 
Hallo zusammen,

ich habe den bekannten GVU Trojaner auf meinem Asus EEE PC Netbook mit Windows 7 Starter.

Ich habe nach folgender Anleitung den Scan mit FRST durchgeführt und das Logfile unten erhalten.
http://www.trojaner-board.de/132035-...ml#post1026550

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 03
Ran by SYSTEM on 30-07-2013 13:35:04
Running from E:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotkeyMon] - C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101800 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1258416 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-10] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] - C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [112632 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [218448 2010-10-20] (Trend Micro Inc.)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-05-25] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [3994992 2011-06-28] (Sentelic Corporation)
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-07-01] (ASUSTek Computer Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKU\Daniel\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-11-22] (Google Inc.)
HKU\Daniel\...\Run: [Remote Mouse] - C:\Program Files\Remote Mouse\RemoteMouse.exe [ 2012-03-19] ()
HKU\Daniel\...\Run: [Facebook Update] - C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-07-11] (Facebook Inc.)
HKU\Daniel\...\Run: [ALBATTTOOL] - E:\Windows_Tests\AL Batterie Tool\AL-Batterie-Tool.exe [x]
HKU\Daniel\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe [ 2013-07-27] () <===== ATTENTION
HKU\Daniel\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Daniel\...\Command Processor: "C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe" <===== ATTENTION!
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 ASUS InstantOn; C:\Program Files\Common Files\InstantOn\InsOnSrv.exe [64128 2011-04-27] (ASUS)
S2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-06-03] ()
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1316024 2013-06-09] (Microsoft Corporation)
S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [161104 2010-09-17] (Trend Micro Inc.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-25] ()
S2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-27] ()
S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] ()
S3 fspad_win732; C:\Windows\System32\DRIVERS\fspad_win732.sys [54640 2011-06-28] (Windows (R) Win 7 DDK provider)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
S2 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [x]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [x]
S3 DETECT; \??\D:\CheckImage\DETECTSYS.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-29 12:11 - 2013-07-29 12:11 - 00003288 ____N C:\bootsqm.dat
2013-07-27 09:18 - 2013-07-27 09:18 - 01084708 _____ C:\Users\Daniel\AppData\Roaming\2433f433
2013-07-27 09:18 - 2013-07-27 09:18 - 01084707 _____ C:\ProgramData\2433f433
2013-07-27 09:18 - 2013-07-27 09:18 - 01084698 _____ C:\Users\Daniel\AppData\Local\2433f433
2013-07-12 00:40 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 00:40 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 00:40 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-12 00:40 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 00:39 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 12:55 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 12:55 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 12:55 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 12:55 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-05 15:32 - 2013-07-05 15:32 - 00261368 _____ C:\Users\Daniel\Downloads\Aische-Pervers_–_Auf_dem_Oktoberfest_wmv_758.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-05 12:13 - 2013-07-05 12:13 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-05 12:13 - 2013-07-05 12:13 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-05 12:13 - 2013-07-05 12:13 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-05 12:13 - 2013-07-05 12:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-05 12:11 - 2013-07-05 12:21 - 00009518 _____ C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-29 12:50 - 2009-07-13 20:39 - 00115250 _____ C:\Windows\setupact.log
2013-07-29 12:11 - 2013-07-29 12:11 - 00003288 ____N C:\bootsqm.dat
2013-07-27 09:40 - 2011-11-22 22:23 - 01792103 _____ C:\Windows\WindowsUpdate.log
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 09:18 - 2013-07-27 09:18 - 01084708 _____ C:\Users\Daniel\AppData\Roaming\2433f433
2013-07-27 09:18 - 2013-07-27 09:18 - 01084707 _____ C:\ProgramData\2433f433
2013-07-27 09:18 - 2013-07-27 09:18 - 01084698 _____ C:\Users\Daniel\AppData\Local\2433f433
2013-07-27 07:05 - 2011-11-22 09:03 - 00000000 ____D C:\Users\Daniel\Documents\Studium
2013-07-27 06:22 - 2012-12-21 03:01 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-07-27 06:22 - 2012-12-21 02:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-07-21 06:11 - 2011-11-22 08:00 - 00002375 _____ C:\Users\Daniel\Desktop\Google Chrome.lnk
2013-07-12 01:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 01:12 - 2009-07-13 20:33 - 00465528 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-12 01:11 - 2011-07-01 09:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 01:11 - 2011-07-01 09:16 - 00099324 _____ C:\Windows\PFRO.log
2013-07-12 01:09 - 2012-04-12 11:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 01:09 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 00:55 - 2011-11-22 09:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 00:48 - 2013-02-01 06:09 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-07-12 00:48 - 2009-07-27 02:11 - 01550838 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-08 11:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-07-05 15:32 - 2013-07-05 15:32 - 00261368 _____ C:\Users\Daniel\Downloads\Aische-Pervers_–_Auf_dem_Oktoberfest_wmv_758.exe
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-07-05 12:21 - 2013-07-05 12:11 - 00009518 _____ C:\Windows\IE10_main.log
2013-07-05 12:13 - 2013-07-05 12:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-05 12:13 - 2013-07-05 12:13 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-05 12:13 - 2013-07-05 12:13 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-05 12:13 - 2013-07-05 12:13 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-05 12:13 - 2013-07-05 12:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

Files to move or delete:
====================
C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 2038.18 MB
Available physical RAM: 1615.04 MB
Total Pagefile: 2038.18 MB
Available Pagefile: 1613.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:182.98 GB) NTFS
Drive e: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3FF6F75)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 784BC695)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0E)


LastRegBack: 2013-07-08 11:20

==================== End Of Log ============================
Vielen Dank schon einmal für Eure Hilfe!

schrauber 30.07.2013 13:33
hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKU\Daniel\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe [ 2013-07-27] () <===== ATTENTION
HKU\Daniel\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Daniel\...\Command Processor: "C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe" <===== ATTENTION!
2013-07-27 09:18 - 2013-07-27 09:18 - 01084708 _____ C:\Users\Daniel\AppData\Roaming\2433f433
2013-07-27 09:18 - 2013-07-27 09:18 - 01084707 _____ C:\ProgramData\2433f433
2013-07-27 09:18 - 2013-07-27 09:18 - 01084698 _____ C:\Users\Daniel\AppData\Local\2433f433
C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


neu booten, freuen :)

Pro1102 30.07.2013 13:46
Hi Schrauber,

danke für die schnelle Antwort. Hier der Inhalt des Fixlogs:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-07-2013 03
Ran by SYSTEM at 2013-07-30 14:43:10 Run:1
Running from E:\
Boot Mode: Recovery

==============================================

HKLM\Software\Classes\CLSID\{750fdf10-2a26-11d1-a3ea-080036587f03}\InprocServer32\\Default => Value was restored successfully.
HKU\Daniel\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Daniel\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Daniel\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Daniel\AppData\Roaming\2433f433 => Moved successfully.
C:\ProgramData\2433f433  => Moved successfully.
C:\Users\Daniel\AppData\Local\2433f433  => Moved successfully.
C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe => Moved successfully.

==== End of Fixlog ====

schrauber 30.07.2013 14:11
dann hopp, rechner neu starten und freuen :)

Pro1102 30.07.2013 14:17
Hi,

Hab das Netbook nun normal hochgefahren und der bekannte GVU Sperrbildschirm war immer noch da :-(. Was hab ich nun falsch gemacht?

schrauber 30.07.2013 14:21
eigentlich unmöglich. Poste bitte ein frisches FRST log aus der Recovery.

Pro1102 30.07.2013 14:26
Hier das neue FRST Log:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 03
Ran by SYSTEM on 30-07-2013 15:24:02
Running from E:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotkeyMon] - C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101800 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1258416 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-10] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] - C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [112632 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [218448 2010-10-20] (Trend Micro Inc.)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-05-25] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [3994992 2011-06-28] (Sentelic Corporation)
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-07-01] (ASUSTek Computer Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Daniel\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-11-22] (Google Inc.)
HKU\Daniel\...\Run: [Remote Mouse] - C:\Program Files\Remote Mouse\RemoteMouse.exe [ 2012-03-19] ()
HKU\Daniel\...\Run: [Facebook Update] - C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-07-11] (Facebook Inc.)
HKU\Daniel\...\Run: [ALBATTTOOL] - E:\Windows_Tests\AL Batterie Tool\AL-Batterie-Tool.exe [x]
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 ASUS InstantOn; C:\Program Files\Common Files\InstantOn\InsOnSrv.exe [64128 2011-04-27] (ASUS)
S2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-06-03] ()
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1316024 2013-06-09] (Microsoft Corporation)
S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [161104 2010-09-17] (Trend Micro Inc.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-25] ()
S2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-27] ()
S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] ()
S3 fspad_win732; C:\Windows\System32\DRIVERS\fspad_win732.sys [54640 2011-06-28] (Windows (R) Win 7 DDK provider)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
S2 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [x]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [x]
S3 DETECT; \??\D:\CheckImage\DETECTSYS.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-29 12:11 - 2013-07-29 12:11 - 00003288 ____N C:\bootsqm.dat
2013-07-12 00:40 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 00:40 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 00:40 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-12 00:40 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 00:39 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 12:55 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 12:55 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 12:55 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 12:55 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-05 15:32 - 2013-07-05 15:32 - 00261368 _____ C:\Users\Daniel\Downloads\Aische-Pervers_–_Auf_dem_Oktoberfest_wmv_758.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-05 12:13 - 2013-07-05 12:13 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-05 12:13 - 2013-07-05 12:13 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-05 12:13 - 2013-07-05 12:13 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-05 12:13 - 2013-07-05 12:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-05 12:11 - 2013-07-05 12:21 - 00009518 _____ C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-30 05:16 - 2009-07-13 20:39 - 00115474 _____ C:\Windows\setupact.log
2013-07-29 12:57 - 2011-11-22 22:23 - 01792103 _____ C:\Windows\WindowsUpdate.log
2013-07-29 12:11 - 2013-07-29 12:11 - 00003288 ____N C:\bootsqm.dat
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 07:05 - 2011-11-22 09:03 - 00000000 ____D C:\Users\Daniel\Documents\Studium
2013-07-27 06:22 - 2012-12-21 03:01 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-07-27 06:22 - 2012-12-21 02:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-07-21 06:11 - 2011-11-22 08:00 - 00002375 _____ C:\Users\Daniel\Desktop\Google Chrome.lnk
2013-07-12 01:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 01:12 - 2009-07-13 20:33 - 00465528 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-12 01:11 - 2011-07-01 09:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 01:11 - 2011-07-01 09:16 - 00099324 _____ C:\Windows\PFRO.log
2013-07-12 01:09 - 2012-04-12 11:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 01:09 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 00:55 - 2011-11-22 09:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 00:48 - 2013-02-01 06:09 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-07-12 00:48 - 2009-07-27 02:11 - 01550838 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-08 11:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-07-05 15:32 - 2013-07-05 15:32 - 00261368 _____ C:\Users\Daniel\Downloads\Aische-Pervers_–_Auf_dem_Oktoberfest_wmv_758.exe
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-07-05 12:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-07-05 12:21 - 2013-07-05 12:11 - 00009518 _____ C:\Windows\IE10_main.log
2013-07-05 12:13 - 2013-07-05 12:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-05 12:13 - 2013-07-05 12:13 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-05 12:13 - 2013-07-05 12:13 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-05 12:13 - 2013-07-05 12:13 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-05 12:13 - 2013-07-05 12:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-05 12:13 - 2013-07-05 12:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-05 12:13 - 2013-07-05 12:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 2038.18 MB
Available physical RAM: 1616.98 MB
Total Pagefile: 2038.18 MB
Available Pagefile: 1614.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:13.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:182.98 GB) NTFS
Drive e: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3FF6F75)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 784BC695)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0E)


LastRegBack: 2013-07-08 11:20

==================== End Of Log ============================
--- --- ---

schrauber 30.07.2013 17:05
Und Du bist ganz sicher dass nach 2 weiteren Neustarts oder so der Rechner immer noch gesperrt is?

Pro1102 30.07.2013 17:40
Ich habe nun nochmal den Fix durchgeführt und folgenden Fixlog erhalten:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-07-2013 03
Ran by SYSTEM at 2013-07-30 18:26:21 Run:2
Running from E:\
Boot Mode: Recovery

==============================================

HKLM\Software\Classes\CLSID\{750fdf10-2a26-11d1-a3ea-080036587f03}\InprocServer32\\Default => Value was restored successfully.
HKU\Daniel\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value not found.
HKU\Daniel\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKU\Daniel\Software\Microsoft\Command Processor\\AutoRun => Value not found.
"C:\Users\Daniel\AppData\Roaming\2433f433" => File/Directory not found.
"C:\ProgramData\2433f433" => File/Directory not found.
"C:\Users\Daniel\AppData\Local\2433f433" => File/Directory not found.
"C:\Users\Daniel\AppData\Local\Temp\rekywkphergukpomy.exe" => File/Directory not found.

==== End of Fixlog ====
Gerade nochmal neugestartet und es kam wieder die GVU Seite http://www.trojaner-board.de/118616-gvu-trojaner.html

Bin echt am verzweifeln :-(

schrauber 31.07.2013 08:04
Weird. Poste bitte nochmal ein frisches FRST log aus der recovery.

Pro1102 05.08.2013 17:05
Sry für die verspätete Antwort, aber ich war beruflich unterwegs.
Hier das neue Frst Log:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 03 (ATTENTION: ====> FRST version is 6 days old and could be outdated)
Ran by SYSTEM on 05-08-2013 17:55:00
Running from E:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotkeyMon] - C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101800 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1258416 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-10] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] - C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [112632 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [218448 2010-10-20] (Trend Micro Inc.)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-05-25] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [3994992 2011-06-28] (Sentelic Corporation)
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-07-01] (ASUSTek Computer Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Daniel\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-11-22] (Google Inc.)
HKU\Daniel\...\Run: [Remote Mouse] - C:\Program Files\Remote Mouse\RemoteMouse.exe [ 2012-03-19] ()
HKU\Daniel\...\Run: [Facebook Update] - C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-07-11] (Facebook Inc.)
HKU\Daniel\...\Run: [ALBATTTOOL] - E:\Windows_Tests\AL Batterie Tool\AL-Batterie-Tool.exe [x]
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 ASUS InstantOn; C:\Program Files\Common Files\InstantOn\InsOnSrv.exe [64128 2011-04-27] (ASUS)
S2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-06-03] ()
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1316024 2013-06-09] (Microsoft Corporation)
S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [161104 2010-09-17] (Trend Micro Inc.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-25] ()
S2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-27] ()
S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] ()
S3 fspad_win732; C:\Windows\System32\DRIVERS\fspad_win732.sys [54640 2011-06-28] (Windows (R) Win 7 DDK provider)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
S2 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [x]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [x]
S3 DETECT; \??\D:\CheckImage\DETECTSYS.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-29 12:11 - 2013-07-29 12:11 - 00006576 ____N C:\bootsqm.dat
2013-07-12 00:40 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 00:40 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 00:40 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-12 00:40 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 00:39 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 12:55 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 12:55 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 12:55 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 12:55 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-30 08:36 - 2009-07-13 20:39 - 00115698 _____ C:\Windows\setupact.log
2013-07-29 12:57 - 2011-11-22 22:23 - 01813048 _____ C:\Windows\WindowsUpdate.log
2013-07-29 12:11 - 2013-07-29 12:11 - 00006576 ____N C:\bootsqm.dat
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 07:05 - 2011-11-22 09:03 - 00000000 ____D C:\Users\Daniel\Documents\Studium
2013-07-27 06:22 - 2012-12-21 03:01 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-07-27 06:22 - 2012-12-21 02:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-07-21 06:11 - 2011-11-22 08:00 - 00002375 _____ C:\Users\Daniel\Desktop\Google Chrome.lnk
2013-07-12 01:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 01:12 - 2009-07-13 20:33 - 00465528 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-12 01:11 - 2011-07-01 09:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 01:11 - 2011-07-01 09:16 - 00099324 _____ C:\Windows\PFRO.log
2013-07-12 01:09 - 2012-04-12 11:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 01:09 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 00:55 - 2011-11-22 09:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 00:48 - 2013-02-01 06:09 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-07-12 00:48 - 2009-07-27 02:11 - 01550838 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-08 11:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 2038.18 MB
Available physical RAM: 1584.62 MB
Total Pagefile: 2038.18 MB
Available Pagefile: 1585.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:182.98 GB) NTFS
Drive e: (HITMANPRO) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3FF6F75)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: D46BF46B)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)


LastRegBack: 2013-07-08 11:20

==================== End Of Log ============================
--- --- ---

--- --- ---


VG

Sry für die verspätete ANtwort, aber ich war beruflich unterwegs.

Hier das neue FRST LOG:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 03 (ATTENTION: ====> FRST version is 6 days old and could be outdated)
Ran by SYSTEM on 05-08-2013 17:55:00
Running from E:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotkeyMon] - C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101800 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1258416 2011-07-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-10] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] - C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [112632 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [218448 2010-10-20] (Trend Micro Inc.)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-05-25] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [3994992 2011-06-28] (Sentelic Corporation)
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-07-01] (ASUSTek Computer Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Daniel\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-11-22] (Google Inc.)
HKU\Daniel\...\Run: [Remote Mouse] - C:\Program Files\Remote Mouse\RemoteMouse.exe [ 2012-03-19] ()
HKU\Daniel\...\Run: [Facebook Update] - C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-07-11] (Facebook Inc.)
HKU\Daniel\...\Run: [ALBATTTOOL] - E:\Windows_Tests\AL Batterie Tool\AL-Batterie-Tool.exe [x]
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 ASUS InstantOn; C:\Program Files\Common Files\InstantOn\InsOnSrv.exe [64128 2011-04-27] (ASUS)
S2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-06-03] ()
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1316024 2013-06-09] (Microsoft Corporation)
S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [161104 2010-09-17] (Trend Micro Inc.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-25] ()
S2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-27] ()
S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] ()
S3 fspad_win732; C:\Windows\System32\DRIVERS\fspad_win732.sys [54640 2011-06-28] (Windows (R) Win 7 DDK provider)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
S2 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [x]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [x]
S3 DETECT; \??\D:\CheckImage\DETECTSYS.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-29 12:11 - 2013-07-29 12:11 - 00006576 ____N C:\bootsqm.dat
2013-07-12 00:40 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 00:40 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 00:40 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 00:40 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 00:40 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-12 00:40 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 00:39 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 12:55 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 12:55 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 12:55 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 12:55 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-07-30 13:34 - 2013-07-30 13:34 - 00000000 ____D C:\FRST
2013-07-30 08:36 - 2009-07-13 20:39 - 00115698 _____ C:\Windows\setupact.log
2013-07-29 12:57 - 2011-11-22 22:23 - 01813048 _____ C:\Windows\WindowsUpdate.log
2013-07-29 12:11 - 2013-07-29 12:11 - 00006576 ____N C:\bootsqm.dat
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 09:35 - 2009-07-13 20:34 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 07:05 - 2011-11-22 09:03 - 00000000 ____D C:\Users\Daniel\Documents\Studium
2013-07-27 06:22 - 2012-12-21 03:01 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-07-27 06:22 - 2012-12-21 02:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-07-21 06:11 - 2011-11-22 08:00 - 00002375 _____ C:\Users\Daniel\Desktop\Google Chrome.lnk
2013-07-12 01:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 01:12 - 2009-07-13 20:33 - 00465528 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-12 01:11 - 2011-07-01 09:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 01:11 - 2011-07-01 09:16 - 00099324 _____ C:\Windows\PFRO.log
2013-07-12 01:09 - 2012-04-12 11:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 01:09 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 00:55 - 2011-11-22 09:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 00:48 - 2013-02-01 06:09 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-07-12 00:48 - 2009-07-27 02:11 - 01550838 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-08 11:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 2038.18 MB
Available physical RAM: 1584.62 MB
Total Pagefile: 2038.18 MB
Available Pagefile: 1585.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:182.98 GB) NTFS
Drive e: (HITMANPRO) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3FF6F75)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: D46BF46B)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)


LastRegBack: 2013-07-08 11:20

==================== End Of Log ============================
--- --- ---

--- --- ---


VG

schrauber 06.08.2013 15:55
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Daniel\...\Run: [ALBATTTOOL] - E:\Windows_Tests\AL Batterie Tool\AL-Batterie-Tool.exe [x]
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Pro1102 06.08.2013 17:01
Als ich das Netbook nun hochgefahren habe ging wieder alles problemlos.

Hier dennoch das Fixlog:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-07-2013 03
Ran by Daniel at 2013-08-06 18:00:00 Run:3
Running from E:\
Boot Mode: Normal

==============================================

HKU\Daniel\Software\Microsoft\Windows\CurrentVersion\Run\\ALBATTTOOL => Value not found.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Reboot => Value not found.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AskScreensaver => Value not found.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Reboot => Value not found.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AskScreensaver => Value not found.

==== End of Fixlog ====
Viele Vielen Dank schon einmal! Wie gehts nun weiter? Welches Security Programm ist zu empfehlen?

schrauber 06.08.2013 19:51
Kontrollscans im normalen Modus :)

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Alle Zeitangaben in WEZ +1. Es ist jetzt 20:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131