Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojan.KillFiles - Neuinstallation oder rebirth möglich?

Trojan.KillFiles - Neuinstallation oder rebirth möglich?


Plagegeister aller Art und deren Bekämpfung: Trojan.KillFiles - Neuinstallation oder rebirth möglich?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 12.04.2016, 17:42   #5
chr1zZo
 
Trojan.KillFiles - Neuinstallation oder rebirth möglich? - Standard

Trojan.KillFiles - Neuinstallation oder rebirth möglich?



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by SYSTEM on MININT-NHEJULL (11-04-2016 19:53:53)
Running from G:\
Platform: Windows 8.1 (X64) Language: Englisch (Großbritannien)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2013-11-21] (Google)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1600072 2016-02-12] (APN)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [465320 2014-10-29] (Microsoft Corporation)
HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters).
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [273920 2014-10-29] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\Asus\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
HKU\Asus\...\Run: [Power2GoExpress] => NA
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
AppInit_DLLs-x32: "C:\PROGRA~2\Google\Google Desktop Search\GoogleDesktopNetwork3.dll => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [125952 2013-11-21] (Google)
AppInit_DLLs-x32: ",C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-10] (NVIDIA Corporation)
Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2013-11-13]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-01-04] (APN LLC.)
S2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS)
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.)
S2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2790368 2016-02-18] (G Data Software AG)
S2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [970872 2016-02-11] (G Data Software AG)
S2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [4068592 2016-02-18] (G Data Software AG)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2016-02-05] (WildTangent)
S3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3219360 2016-02-18] (G Data Software AG)
S3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [791160 2016-02-18] (G Data Software AG)
S3 GoogleDesktopManager-060409-093314; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2013-11-21] (Google)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2155848 2010-05-25] ()
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4364200 2016-02-15] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 BDESVC; %SystemRoot%\System32\bdesvc.dll [X]
S2 BFE; %SystemRoot%\System32\bfe.dll [X]
S2 FontCache; %SystemRoot%\system32\FntCache.dll [X]
S3 IEEtwCollectorService; %SystemRoot%\system32\IEEtwCollector.exe /V [X]
S2 IKEEXT; %SystemRoot%\System32\ikeext.dll [X]
S2 Netlogon; %SystemRoot%\system32\netlogon.dll [X]
S3 seclogon; %windir%\system32\seclogon.dll [X]
S3 smphost; %Systemroot%\System32\smphost.dll [X]
S2 wscsvc; %SystemRoot%\System32\wscsvc.dll [X]
S3 wuauserv; %systemroot%\system32\wuaueng.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-29] (ASUS Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [160768 2016-02-28] (G Data Software AG)
S1 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [37400 2016-02-28] (G Data Software AG)
S1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [29720 2016-02-28] (G Data Software AG)
S1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [246272 2016-02-28] (G Data Software AG)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [92160 2016-02-28] (G Data Software AG)
S1 GLogin; no ImagePath
S1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-11-25] (G Data Software)
S1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [134656 2016-02-28] (G Data Software AG)
S3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 Ntfs; no ImagePath
S0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-11-14] (Acronis International GmbH)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-11-14] (Acronis)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
S1 UimBus; C:\Windows\System32\drivers\uimx64.sys [50768 2010-07-14] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-07-14] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 AFD; \SystemRoot\system32\drivers\afd.sys [X]
S0 CNG; System32\Drivers\cng.sys [X]
S3 DfSdkS; no ImagePath
S3 drmkaud; \SystemRoot\system32\drivers\drmkaud.sys [X]
S0 GDElam; system32\DRIVERS\GDElam.sys [X]
S1 gdwfpcd; system32\drivers\gdwfpcd64.sys [X]
S0 KSecPkg; System32\Drivers\ksecpkg.sys [X]
S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [X]
S3 mrxsmb; system32\DRIVERS\mrxsmb.sys [X]
S2 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [X]
S3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [X]
S3 RdpVideoMiniport; System32\drivers\rdpvideominiport.sys [X]
S0 spaceport; System32\drivers\spaceport.sys [X]
S2 srv; System32\DRIVERS\srv.sys [X]
S1 tdx; \SystemRoot\system32\DRIVERS\tdx.sys [X]
S3 TPM; \SystemRoot\system32\drivers\tpm.sys [X]
S3 tunnel; \SystemRoot\system32\DRIVERS\tunnel.sys [X]
S3 usbehci; \SystemRoot\System32\drivers\usbehci.sys [X]
S3 usbhub; \SystemRoot\System32\drivers\usbhub.sys [X]
S3 USBHUB3; \SystemRoot\System32\drivers\UsbHub3.sys [X]
S3 usbohci; \SystemRoot\System32\drivers\usbohci.sys [X]
S3 USBSTOR; \SystemRoot\System32\drivers\USBSTOR.SYS [X]
S3 usbuhci; \SystemRoot\System32\drivers\usbuhci.sys [X]
S0 WFPLWFS; system32\DRIVERS\wfplwfs.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 19:53 - 2016-04-11 19:53 - 00000000 ____D C:\FRST
2016-04-11 17:49 - 2016-04-11 19:11 - 00000000 ____D C:\DrWeb Quarantine
2016-04-06 04:07 - 2016-04-06 04:07 - 00025961 _____ C:\Users\Asus\Downloads\Kontoauszug_430766194500_2016-04-02_0816.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-07 20:57 - 2015-04-05 17:04 - 00000000 ___SD C:\Windows\System32\GWX
2016-04-07 20:57 - 2013-08-22 15:36 - 00000000 ___RD C:\Windows\ToastData
2016-04-07 20:56 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\rescache
2016-04-07 20:56 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-07 20:55 - 2013-08-22 15:36 - 00000000 __RSD C:\Windows\Media
2016-04-07 20:55 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\Inf
2016-04-07 20:35 - 2013-09-30 03:59 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-07 20:35 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-07 20:33 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\registration
2016-04-07 20:27 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\System32\Sysprep
2016-04-07 20:23 - 2014-09-23 18:16 - 00000000 ____D C:\users\Sigrid
2016-04-07 20:23 - 2014-09-23 17:25 - 00000000 ____D C:\users\Gast
2016-04-07 20:23 - 2013-11-12 17:24 - 00000000 ____D C:\ProgramData\G DATA
2016-04-07 20:23 - 2013-11-12 16:32 - 00000000 ____D C:\users\UpdatusUser
2016-04-07 20:23 - 2013-11-12 16:32 - 00000000 ____D C:\users\Asus
2016-04-06 19:27 - 2013-11-12 12:46 - 00000000 ____D C:\Windows\System32\MRT
2016-04-06 07:50 - 2013-11-20 14:51 - 00000795 _____ C:\Users\Asus\Desktop\Chemnitz Information für Chemnitz bei meinestadt.de - Kopie.website
2016-04-06 07:47 - 2013-08-22 13:25 - 00262144 ___SH C:\Windows\System32\config\ELAM
2016-04-06 05:56 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\AppReadiness
2016-04-06 05:55 - 2013-11-20 14:52 - 00000582 _____ C:\Users\Asus\Desktop\noris.website
2016-03-14 15:20 - 2013-11-12 21:16 - 00000000 ____D C:\Users\Asus\AppData\Roaming\ClassicShell
2016-03-13 08:36 - 2012-07-26 07:59 - 00000000 ____D C:\Windows\CbsTemp

Some files in TEMP:
====================
C:\Users\Asus\AppData\Local\Temp\APNSetup.exe


==================== Known DLLs (Whitelisted) =========================

C:\Windows\System32\rpcrt4.dll IS MISSING <==== ATTENTION
C:\Windows\System32\combase.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\combase.dll IS MISSING <==== ATTENTION
C:\Windows\System32\gdiplus.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\gdiplus.dll IS MISSING <==== ATTENTION
C:\Windows\System32\IMAGEHLP.dll IS MISSING <==== ATTENTION
C:\Windows\System32\MSVCRT.dll IS MISSING <==== ATTENTION
C:\Windows\System32\SHLWAPI.dll IS MISSING <==== ATTENTION
C:\Windows\System32\COMDLG32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\NORMALIZ.dll IS MISSING <==== ATTENTION
C:\Windows\System32\PSAPI.dll IS MISSING <==== ATTENTION
C:\Windows\System32\WLDAP32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\ole32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\IMM32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\MSCTF.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\MSCTF.dll IS MISSING <==== ATTENTION
C:\Windows\System32\Wow64win.dll IS MISSING <==== ATTENTION
C:\Windows\System32\OLEAUT32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION
C:\Windows\System32\clbcatq.dll IS MISSING <==== ATTENTION
C:\Windows\System32\WS2_32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\SHELL32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\SHELL32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\gdi32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\gdi32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\DifxApi.dll IS MISSING <==== ATTENTION
C:\Windows\System32\Setupapi.dll IS MISSING <==== ATTENTION
C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\advapi32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\NSI.dll IS MISSING <==== ATTENTION
C:\Windows\System32\sechost.dll IS MISSING <==== ATTENTION

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION
C:\Windows\explorer.exe
[2015-03-30 12:45] - [2015-01-27 23:47] - 2501368 ____A (Microsoft Corporation) C10A66189DC8C090E7C84873EDCEBC88

C:\Windows\SysWOW64\explorer.exe
[2015-03-30 12:45] - [2015-01-27 23:41] - 2207488 ____A (Microsoft Corporation) 91E24273FCA076EA9E65DAFA98901225

C:\Windows\System32\svchost.exe
[2015-04-06 13:04] - [2014-10-29 04:11] - 0038792 ____A (Microsoft Corporation) E3A2AD05E24105B35E986CF9CB38EC47

C:\Windows\SysWOW64\svchost.exe
[2015-04-06 13:04] - [2014-10-29 03:17] - 0033088 ____A (Microsoft Corporation) D0ABC231C0B3E88C6B612B28ABBF734D

C:\Windows\System32\services.exe
[2015-05-17 13:03] - [2015-04-08 22:55] - 0410128 ____A (Microsoft Corporation) E0C7813A97CA7947FF5C18A8F3B61A45

C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\userinit.exe
[2015-04-06 13:02] - [2014-10-29 01:28] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F

C:\Windows\SysWOW64\userinit.exe
[2015-04-06 13:03] - [2014-10-29 01:05] - 0022528 ____A (Microsoft Corporation) D10643FC0095434C819316CA6CD748C0

C:\Windows\System32\rpcss.dll
[2015-04-06 13:10] - [2014-10-29 01:19] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00

C:\Windows\System32\dnsapi.dll
[2015-04-06 13:10] - [2014-10-29 01:30] - 0657920 ____A (Microsoft Corporation) A5675939CF0F99B20B5A3CFCC3C1B46A

C:\Windows\SysWOW64\dnsapi.dll
[2015-04-06 13:09] - [2014-10-29 01:06] - 0498688 ____A (Microsoft Corporation) BD9C7A068C46053F8747CEA73B5930AB

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\System32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION

==================== EXE Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 8149.7 MB
Available physical RAM: 7124.54 MB
Total Virtual: 8149.7 MB
Available Virtual: 7166.47 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.26 GB) (Free:315.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:3.42 GB) (Free:3.27 GB) NTFS
Drive e: (Daten) (Fixed) (Total:97.66 GB) (Free:74.13 GB) NTFS
Drive g: () (Removable) (Total:29.45 GB) (Free:3.43 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 91A883DE)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.5 GB) (Disk ID: 550C6C3B)
Partition 1: (Active) - (Size=29.5 GB) - (Type=07 NTFS)


LastRegBack: 2016-04-06 02:57

==================== End of FRST.txt ============================
--- --- ---
 

Themen zu Trojan.KillFiles - Neuinstallation oder rebirth möglich?
backup, bekannte, booten, calculator, critical, data, entdeck, livecd, loader, loading, neuinstallation, nicht, nicht mehr, notepad, system, this, troja, windows, windows 8.1


« Eventueller Adware Befall | Meldung von Internetseite, dass sie mit einem Trojaner gehackt wurden »


Ähnliche Themen: Trojan.KillFiles - Neuinstallation oder rebirth möglich?


  1. Netbook mit windows7 arbeitet sehr langsam - Neuinstallation von software nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 13.04.2015 (19)
  2. WIN 7 neuinstallation auf DELL XPS wegen fehlenden DVD Treiber nicht möglich ?
    Alles rund um Windows - 08.03.2015 (9)
  3. Infostealer snifula b, Neuinstallation nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (13)
  4. Windows 7 Neuinstallation, Updates nicht möglich.
    Antiviren-, Firewall- und andere Schutzprogramme - 09.12.2014 (3)
  5. Windows 7 Neuinstallation nicht möglich
    Log-Analyse und Auswertung - 07.09.2014 (3)
  6. Windows Neuinstallation nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (3)
  7. Win XP Neuinstallation mit Recovery-CD nicht möglich
    Alles rund um Windows - 23.07.2012 (10)
  8. TR/Trash.Gen/Trojan.Agent/Gen-Nullo[Short]/Risktool.KillFiles
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (54)
  9. AVG deaktiviert, Neuinstallation nicht möglich
    Log-Analyse und Auswertung - 19.06.2012 (20)
  10. Mozilla Firefox: komplette Deinstallation/Neuinstallation nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 21.01.2012 (0)
  11. Keine Neuinstallation von CD möglich
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (5)
  12. Neuinstallation von XP Home nicht möglich
    Alles rund um Windows - 24.05.2011 (5)
  13. Msn Live Messenger ist komplett weg. neuinstallation nicht möglich
    Log-Analyse und Auswertung - 10.03.2010 (20)
  14. Antivir und Firewall wurden gelöscht - Neuinstallation nicht möglich!!
    Log-Analyse und Auswertung - 24.06.2009 (3)
  15. Trojan.Killfiles enfernen
    Plagegeister aller Art und deren Bekämpfung - 14.01.2007 (4)
  16. Nach Neuinstallation ist keine Anmeldung mehr möglich
    Alles rund um Windows - 13.09.2006 (1)
  17. Wie entferne ich den der Virus Trojan.Killfiles?
    Plagegeister aller Art und deren Bekämpfung - 16.07.2005 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojan.KillFiles - Neuinstallation oder rebirth möglich? - FRST Logfile: Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016 Ran by SYSTEM on MININT-NHEJULL (11-04-2016 19:53:53) Running from G:\ Platform: Windows 8.1 - Trojan.KillFiles - Neuinstallation oder rebirth möglich?...
Archiv
Du betrachtest: Trojan.KillFiles - Neuinstallation oder rebirth möglich? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131