Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7 64 Bit Weißer Bildschirm nach der Anmeldung (https://www.trojaner-board.de/151419-windows-7-64-bit-weisser-bildschirm-anmeldung.html)

Kawamatze 24.03.2014 13:17
Windows 7 64 Bit Weißer Bildschirm nach der Anmeldung
 
Moin zusammen,

ich hab da ein riesen Problem mit meinem Notebook. Es erschien von jetzt auf gleich ein weißer Bildschirm mit einer art Browser drinn der keine Inetverbindung hat (Die Seite kann nicht angezeigt werden). Nun kommt er direkt nach der Anmeldung. Ich kann drücken was ich will, ohne Erfolg :killpc:

Am liebsten wäre mir eine Lösung ohne formatieren der Platte wegen vieler wichtiger Daten die ich nur mit großem Aufwand wieder beschaffen kann.

Welchen schritt muss bzw kann ich nun als ersten machen?

Ich sag im vorraus schonmal :dankeschoen:

Gruß Marcel

Ich hab mittlerweile schonmal ein bißchen hier gelesen und schonmal ein Logfile erstellt. Hoffentlich auch richtig.


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by SYSTEM on MININT-VPP3OB6 on 24-03-2014 12:33:27
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-15] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2013-03-11] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2013-03-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2013-03-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11831400 2011-04-21] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1739480 2014-02-27] (Bitdefender)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2013-03-11] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [KORG USB-MIDI Driver] - C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe [394096 2013-05-30] (KORG Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [111696 2013-10-18] (VMware, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\Marcel\...\Run: [AdobeBridge] - [X]
HKU\Marcel\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\Marcel\...\Run: [Bitdefender-Geldbörse-Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-02-10] (Bitdefender)
HKU\Marcel\...\Run: [Bitdefender-Geldbörse] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-02-10] (Bitdefender)
HKU\Marcel\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-02-10] (Bitdefender)
HKU\Marcel\...\Run: [One.com] - C:\Program Files (x86)\OnecomCloudDrive\Dlls\AppLauncher.exe [21704 2013-09-03] ()
HKU\Marcel\...\Winlogon: [Userinit] C:\Users\Marcel\AppData\Roaming\loadit.exe [498601 2014-03-23] ()
HKU\Marcel\...\Winlogon: [Shell] C:\Users\Marcel\AppData\Roaming\loadit.exe [498601 2014-03-23] () <==== ATTENTION
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-27] (Bitdefender)
S2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
S2 RaMediaServer; C:\Program Files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe [454656 2010-05-19] ()
S2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S2 SBS_GM_TOMCAT6; C:\Program Files (x86)\Snap-on Business Solutions\Global EPC\GM\Tomcat\bin\tomcat6.exe [57344 2008-07-21] (Apache Software Foundation)
S2 SBS_GM_TRANSBASE; C:\Program Files (x86)\Snap-on Business Solutions\Global EPC\GM\Transbase\tbmux32.exe [417792 2009-09-03] (Transaction Software, D 81829 Munich)
S2 SuperProServer; C:\windows\SysWOW64\spnsrvnt.exe [126976 2001-10-21] (Rainbow Technologies)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-24] (Bitdefender)
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14405200 2013-10-18] ()
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1507248 2014-02-27] (Bitdefender)
S2 GLOBALTISTB; C:\PROGRA~2\GLOBAL~1\TRANSB~1\tbmux32.exe [X]

==================== Drivers (Whitelisted) ====================

S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-02-03] (BitDefender)
S3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-02-03] (BitDefender)
S1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-10-07] (Bitdefender SRL)
S3 BDSandBox; C:\windows\system32\drivers\bdsandbox.sys [82824 2013-11-27] (BitDefender SRL)
S1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-09-15] (DT Soft Ltd)
S3 evserial7; C:\Windows\System32\DRIVERS\evserial7.sys [72480 2011-06-16] (ELTIMA Software)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-07] (BitDefender LLC)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [34136 2013-05-30] (KORG INC.)
S3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows (R) Win 7 DDK provider)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-07] (BitDefender S.R.L.)
S3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)
S3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)
S3 VSBC7; C:\Windows\System32\DRIVERS\evsbc7.sys [38688 2011-06-16] (ELTIMA Software)
S0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-21] (VMware, Inc.)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 BcmSqlStartupSvc;
S2 CLKMSVC10_3A60B698;
S2 CLKMSVC10_C3B3B687;
S2 DriverService;
S2 IAStorDataMgrSvc;
S2 iATAgentService;
S2 idealife Update Service;
S3 IGRS;
S2 IviRegMgr;
S2 nvUpdatusService;
S2 Oasis2Service;
S2 PCCarerServic;
S2 PCCarerService;
S2 ReadyComm.DirectRouter;
S2 RichVideo;
S2 RtLedService;
S2 SeaPort;
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
S3 Sntnlusb; \SystemRoot\System32\Drivers\SNTNLUSB.SYS [X]
S2 SoftwareService;
S3 SQLWriter;
S2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-24 12:33 - 2014-03-24 12:33 - 00000000 ____D () C:\FRST
2014-03-23 17:39 - 2014-03-23 17:39 - 00498601 _____ () C:\Users\Marcel\AppData\Roaming\loadit.exe
2014-03-21 10:49 - 2014-03-21 11:00 - 00000000 ____D () C:\Edm Sound´s
2014-03-18 23:29 - 2014-03-18 23:31 - 34633846 _____ () C:\Users\Marcel\Desktop\nws_gue.MP4
2014-03-18 23:16 - 2014-03-18 23:16 - 00000000 ____D () C:\Users\Marcel\Desktop\NIKON D5100
2014-03-15 10:41 - 2014-03-15 10:45 - 00000000 ____D () C:\Fotos Karte märz
2014-03-15 09:51 - 2014-03-15 09:51 - 00159419 _____ () C:\Users\Marcel\Documents\E0010008_3169v010008_N1.PAD
2014-03-15 04:24 - 2006-08-04 04:26 - 00016070 _____ () C:\Windows\German2.ini
2014-03-15 04:21 - 2014-03-15 04:21 - 00000000 ____D () C:\Users\Marcel\Documents\DATA BECKER Druckereien
2014-03-15 04:21 - 2014-03-15 04:21 - 00000000 ____D () C:\Program Files (x86)\DATA BECKER
2014-03-15 02:01 - 2014-03-15 02:01 - 00000000 ____D () C:\Sampler
2014-03-13 17:01 - 2014-02-28 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-13 17:01 - 2014-02-28 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-03-13 17:01 - 2014-02-28 20:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-13 17:01 - 2014-02-28 20:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-03-13 17:01 - 2014-02-28 20:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-03-13 17:01 - 2014-02-28 20:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-13 17:01 - 2014-02-28 20:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-03-13 17:01 - 2014-02-28 20:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-13 17:01 - 2014-02-28 20:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-03-13 17:01 - 2014-02-28 20:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-03-13 17:01 - 2014-02-28 20:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-03-13 17:01 - 2014-02-28 20:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 17:01 - 2014-02-28 20:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-03-13 17:01 - 2014-02-28 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 17:01 - 2014-02-28 19:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-13 17:01 - 2014-02-28 19:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 17:01 - 2014-02-28 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 17:01 - 2014-02-28 19:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 17:01 - 2014-02-28 19:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 17:01 - 2014-02-28 19:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 17:01 - 2014-02-28 19:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-13 17:01 - 2014-02-28 19:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 17:01 - 2014-02-28 19:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 17:01 - 2014-02-28 19:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 17:01 - 2014-02-28 19:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-03-13 17:01 - 2014-02-28 19:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-13 17:01 - 2014-02-28 19:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 17:01 - 2014-02-28 19:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 17:01 - 2014-02-28 19:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 17:01 - 2014-02-28 19:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 17:01 - 2014-02-28 18:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 17:01 - 2014-02-28 18:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-13 17:01 - 2014-02-28 18:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 17:01 - 2014-02-28 18:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 17:01 - 2014-02-28 18:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-03-13 17:01 - 2014-02-28 18:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 17:01 - 2014-02-06 17:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-13 17:01 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-03-13 17:01 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 17:01 - 2014-01-27 18:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2014-03-13 17:00 - 2014-02-28 22:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-13 17:00 - 2014-02-28 20:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-13 17:00 - 2014-02-28 20:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-03-13 17:00 - 2014-02-28 19:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-13 16:57 - 2014-02-03 18:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-03-13 16:57 - 2014-02-03 18:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-13 16:57 - 2014-02-03 18:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 16:57 - 2014-02-03 18:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-02-28 10:14 - 2014-02-28 10:16 - 00000000 ____D () C:\Musik UW
2014-02-26 14:04 - 2014-02-26 14:04 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\HbidruMc
2014-02-25 13:32 - 2014-02-25 13:32 - 01894361 _____ () C:\Users\Marcel\Desktop\wapv.MP4
2014-02-24 13:10 - 2014-02-24 13:11 - 03079813 _____ () C:\Users\Marcel\Desktop\Partysound´s coming.MP4
2014-02-23 06:39 - 2014-03-15 05:01 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Nitro PDF
2014-02-23 06:19 - 2014-02-23 06:19 - 00000000 ____D () C:\Users\Marcel\AppData\Local\{2A61F1FF-FD88-4A9B-9BD1-20471247EF7C}

==================== One Month Modified Files and Folders =======

2014-03-24 12:33 - 2014-03-24 12:33 - 00000000 ____D () C:\FRST
2014-03-24 04:15 - 2013-07-29 08:54 - 00000000 ____D () C:\Users\Marcel\Documents\UseNeXT
2014-03-24 03:27 - 2013-08-28 09:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-24 03:27 - 2009-07-13 20:45 - 00021616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-24 03:27 - 2009-07-13 20:45 - 00021616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-24 03:24 - 2014-02-19 05:18 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2d7515f12172.job
2014-03-24 03:19 - 2014-02-19 05:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2d75123284c9.job
2014-03-24 03:19 - 2013-12-17 15:19 - 00000000 ____D () C:\ProgramData\VMware
2014-03-24 03:19 - 2013-07-17 13:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 03:19 - 2013-05-29 09:02 - 00467706 _____ () C:\FaceProv.log
2014-03-24 03:19 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-24 03:18 - 2009-07-13 20:51 - 00127726 _____ () C:\Windows\setupact.log
2014-03-23 22:03 - 2013-07-17 10:37 - 01340115 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 21:47 - 2013-07-24 00:29 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\BitTorrent
2014-03-23 21:22 - 2014-01-24 09:21 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\OnecomCloudDrive
2014-03-23 21:22 - 2013-08-27 12:36 - 00000000 ____D () C:\Users\Marcel\AppData\Local\HTC MediaHub
2014-03-23 21:22 - 2013-03-11 11:25 - 00715368 _____ () C:\Windows\System32\perfh007.dat
2014-03-23 21:22 - 2013-03-11 11:25 - 00156952 _____ () C:\Windows\System32\perfc007.dat
2014-03-23 21:22 - 2009-07-13 21:13 - 01660028 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-23 21:21 - 2013-03-11 04:20 - 00000000 ____D () C:\ProgramData\VeriFace
2014-03-23 17:39 - 2014-03-23 17:39 - 00498601 _____ () C:\Users\Marcel\AppData\Roaming\loadit.exe
2014-03-23 17:17 - 2013-07-17 13:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-23 14:26 - 2013-07-29 08:54 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\UseNeXT
2014-03-23 14:10 - 2013-07-29 09:03 - 00001857 _____ () C:\Users\Marcel\Desktop\UseNeXT by Tangysoft.lnk
2014-03-23 14:10 - 2013-07-29 08:54 - 00000000 ____D () C:\Program Files (x86)\UseNeXT
2014-03-21 11:00 - 2014-03-21 10:49 - 00000000 ____D () C:\Edm Sound´s
2014-03-21 10:53 - 2014-01-04 09:59 - 00076800 ___SH () C:\Users\Marcel\Documents\Thumbs.db
2014-03-18 23:31 - 2014-03-18 23:29 - 34633846 _____ () C:\Users\Marcel\Desktop\nws_gue.MP4
2014-03-18 23:16 - 2014-03-18 23:16 - 00000000 ____D () C:\Users\Marcel\Desktop\NIKON D5100
2014-03-18 18:03 - 2013-09-30 11:29 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-18 18:00 - 2013-03-11 13:05 - 90015360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-03-18 03:00 - 2014-01-22 16:22 - 00000451 _____ () C:\Windows\System32\checkdnsid.xml
2014-03-16 11:48 - 2014-02-16 10:07 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\FileZilla
2014-03-16 10:30 - 2013-07-17 10:43 - 00177496 _____ () C:\Users\Marcel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-16 10:29 - 2009-07-13 20:45 - 05139768 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-15 18:20 - 2013-07-17 13:03 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 10:45 - 2014-03-15 10:41 - 00000000 ____D () C:\Fotos Karte märz
2014-03-15 09:51 - 2014-03-15 09:51 - 00159419 _____ () C:\Users\Marcel\Documents\E0010008_3169v010008_N1.PAD
2014-03-15 05:01 - 2014-02-23 06:39 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Nitro PDF
2014-03-15 04:52 - 2013-10-29 03:23 - 00000000 ____D () C:\Users\Marcel\AppData\Local\CrashDumps
2014-03-15 04:21 - 2014-03-15 04:21 - 00000000 ____D () C:\Program Files (x86)\DATA BECKER
2014-03-15 02:01 - 2014-03-15 02:01 - 00000000 ____D () C:\Sampler
2014-03-14 15:05 - 2014-03-14 15:05 - 00000000 ____D () C:\Program Files (x86)\Sigel
2014-03-13 18:20 - 2013-03-11 13:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 18:20 - 2013-03-11 13:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 08:27 - 2013-08-28 09:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 08:27 - 2013-08-28 09:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-28 22:05 - 2014-03-13 17:00 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-28 21:17 - 2014-03-13 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-28 21:16 - 2014-03-13 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-28 20:58 - 2014-03-13 17:01 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-28 20:52 - 2014-03-13 17:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-28 20:51 - 2014-03-13 17:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-28 20:42 - 2014-03-13 17:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-28 20:40 - 2014-03-13 17:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-28 20:37 - 2014-03-13 17:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-28 20:33 - 2014-03-13 17:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-28 20:33 - 2014-03-13 17:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-28 20:32 - 2014-03-13 17:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-28 20:30 - 2014-03-13 17:01 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 20:23 - 2014-03-13 17:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-02-28 20:17 - 2014-03-13 17:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-28 20:11 - 2014-03-13 17:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 20:02 - 2014-03-13 17:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-28 19:54 - 2014-03-13 17:01 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-28 19:52 - 2014-03-13 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 19:51 - 2014-03-13 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 19:47 - 2014-03-13 17:01 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 19:43 - 2014-03-13 17:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 19:43 - 2014-03-13 17:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 19:42 - 2014-03-13 17:01 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-28 19:40 - 2014-03-13 17:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 19:38 - 2014-03-13 17:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 19:37 - 2014-03-13 17:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 19:35 - 2014-03-13 17:01 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-28 19:18 - 2014-03-13 17:01 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-28 19:16 - 2014-03-13 17:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 19:14 - 2014-03-13 17:01 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 19:10 - 2014-03-13 17:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-28 19:03 - 2014-03-13 17:01 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 19:00 - 2014-03-13 17:01 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 18:57 - 2014-03-13 17:01 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 18:38 - 2014-03-13 17:01 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-28 18:32 - 2014-03-13 17:01 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 18:27 - 2014-03-13 17:01 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 18:25 - 2014-03-13 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-28 18:25 - 2014-03-13 17:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 11:01 - 2014-02-02 18:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-28 10:16 - 2014-02-28 10:14 - 00000000 ____D () C:\Musik UW
2014-02-26 14:04 - 2014-02-26 14:04 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\HbidruMc
2014-02-25 13:32 - 2014-02-25 13:32 - 01894361 _____ () C:\Users\Marcel\Desktop\wapv.MP4
2014-02-24 13:11 - 2014-02-24 13:10 - 03079813 _____ () C:\Users\Marcel\Desktop\Partysound´s coming.MP4
2014-02-24 12:47 - 2014-01-20 09:03 - 00000000 ____D () C:\Users\Marcel\Desktop\Bilder Laju inet
2014-02-23 07:01 - 2013-12-17 15:24 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\VMware
2014-02-23 07:01 - 2013-12-17 15:24 - 00000000 ____D () C:\Users\Marcel\AppData\Local\VMware
2014-02-23 06:40 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-02-23 06:19 - 2014-02-23 06:19 - 00000000 ____D () C:\Users\Marcel\AppData\Local\{2A61F1FF-FD88-4A9B-9BD1-20471247EF7C}
2014-02-23 05:23 - 2013-08-27 12:30 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-02-23 05:23 - 2013-03-11 03:51 - 00057236 _____ () C:\Windows\DPINST.LOG

Some content of TEMP:
====================
C:\Users\Marcel\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Marcel\AppData\Local\Temp\COMAP.EXE
C:\Users\Marcel\AppData\Local\Temp\DeleteUninstall.exe
C:\Users\Marcel\AppData\Local\Temp\devcon.exe
C:\Users\Marcel\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Marcel\AppData\Local\Temp\GUninstaller.exe
C:\Users\Marcel\AppData\Local\Temp\remove.exe
C:\Users\Marcel\AppData\Local\Temp\uninst1.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-03-03 18:22:42
Restore point made on: 2014-03-11 18:44:40
Restore point made on: 2014-03-13 18:00:30
Restore point made on: 2014-03-18 18:00:30

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 5606.11 MB
Available physical RAM: 4862.25 MB
Total Pagefile: 5604.31 MB
Available Pagefile: 4847.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:240.63 GB) (Free:25.55 GB) NTFS
Drive d: () (Fixed) (Total:200.03 GB) (Free:177.14 GB) NTFS
Drive g: () (Removable) (Total:0.23 GB) (Free:0.23 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 27B450E5)
Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=241 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200 GB) - (Type=05)
Partition 4: (Not Active) - (Size=25 GB) - (Type=12)

========================================================
Disk: 1 (Size: 241 MB) (Disk ID: 6E652072)
No partition Table on disk 1.


LastRegBack: 2014-03-19 17:33

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 24.03.2014 13:21
Hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Marcel\...\Winlogon: [Userinit] C:\Users\Marcel\AppData\Roaming\loadit.exe [498601 2014-03-23] ()
HKU\Marcel\...\Winlogon: [Shell] C:\Users\Marcel\AppData\Roaming\loadit.exe [498601 2014-03-23] () <==== ATTENTION
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)
C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
C:\Users\Marcel\AppData\Roaming\loadit.exe
C:\Users\Marcel\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Marcel\AppData\Local\Temp\COMAP.EXE
C:\Users\Marcel\AppData\Local\Temp\DeleteUninstall.exe
C:\Users\Marcel\AppData\Local\Temp\devcon.exe
C:\Users\Marcel\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Marcel\AppData\Local\Temp\GUninstaller.exe
C:\Users\Marcel\AppData\Local\Temp\remove.exe
C:\Users\Marcel\AppData\Local\Temp\uninst1.exe
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Kawamatze 24.03.2014 16:27
Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by SYSTEM at 2014-03-24 16:24:17 Run:3
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Marcel\...\Winlogon: [Userinit] C:\Users\Marcel\AppData\Roaming\loadit.exe [498601 2014-03-23] ()
HKU\Marcel\...\Winlogon: [Shell] C:\Users\Marcel\AppData\Roaming\loadit.exe [498601 2014-03-23] () <==== ATTENTION
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)
C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
C:\Users\Marcel\AppData\Roaming\loadit.exe
C:\Users\Marcel\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Marcel\AppData\Local\Temp\COMAP.EXE
C:\Users\Marcel\AppData\Local\Temp\DeleteUninstall.exe
C:\Users\Marcel\AppData\Local\Temp\devcon.exe
C:\Users\Marcel\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Marcel\AppData\Local\Temp\GUninstaller.exe
C:\Users\Marcel\AppData\Local\Temp\remove.exe
C:\Users\Marcel\AppData\Local\Temp\uninst1.exe
*****************

HKU\Marcel\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value deleted successfully.
HKU\Marcel\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk => Moved successfully.
ShortcutTarget: AutoStarter.lnk ->  (No File) not found.
C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk => Moved successfully.
ShortcutTarget: ja.lnk ->  (No File) not found.
"C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk" => File/Directory not found.
"C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk" => File/Directory not found.
C:\Users\Marcel\AppData\Roaming\loadit.exe => Moved successfully.
C:\Users\Marcel\AppData\Local\Temp\BingBarSetup-Partner.exe => Moved successfully.
C:\Users\Marcel\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\Marcel\AppData\Local\Temp\DeleteUninstall.exe => Moved successfully.
C:\Users\Marcel\AppData\Local\Temp\devcon.exe => Moved successfully.
C:\Users\Marcel\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\Marcel\AppData\Local\Temp\GUninstaller.exe => Moved successfully.
C:\Users\Marcel\AppData\Local\Temp\remove.exe => Moved successfully.
C:\Users\Marcel\AppData\Local\Temp\uninst1.exe => Moved successfully.

==== End of Fixlog ====

cosinus 24.03.2014 16:28
Startet Windows wieder normal?

Kawamatze 24.03.2014 16:39
Er startet wieder!! Ein Traum!! :singsing: :dankeschoen:

Muss oder kann ich noch weitere Schritte unternehmen oder war es das schon?

cosinus 24.03.2014 21:26
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Alle Zeitangaben in WEZ +1. Es ist jetzt 11:42 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19