Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundestrojaner eingefangen... (https://www.trojaner-board.de/140677-bundestrojaner-eingefangen.html)

Mirco12345 29.08.2013 17:37
Bundestrojaner eingefangen...
 
Hallo meine Mutter hat sich den Bundestrojaner eingefangen . Habe schon mehrer Sachen probiert aber leider funktioniert der abgesicherte Modus nicht . Danke schonmal im voraus für die Hilfe .
Hier die FRST Logfile:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by SYSTEM on 29-08-2013 18:11:07
Running from G:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [466792 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [29528 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-06] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-07-30] (Toshiba Europe GmbH)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [ 2009-08-12] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [ 2009-08-12] (TOSHIBA)
HKU\Karin\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-09-07] (Google Inc.)
HKU\Karin\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2009-10-09] (Skype Technologies S.A.)
HKU\Karin\...\Winlogon: [Shell] explorer.exe,C:\Users\Karin\AppData\Roaming\cache.dat [ 2011-11-17] () <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

========================== Services (Whitelisted) =================

S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
S2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
S2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-07] (TOSHIBA Corporation)
S2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) ====================

S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
S3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-06-24] (Realtek Semiconductor Corp.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [376320 2009-08-13] (Realtek Semiconductor Corporation                          )
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-25 18:43 - 2013-08-29 16:45 - 00000004 _____ C:\Users\Karin\AppData\Roaming\cache.ini
2013-08-25 18:43 - 2013-06-15 04:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-08-29 16:45 - 2013-08-25 18:43 - 00000004 _____ C:\Users\Karin\AppData\Roaming\cache.ini
2013-08-29 16:43 - 2009-07-14 05:39 - 00063933 _____ C:\Windows\setupact.log
2013-08-28 16:55 - 2009-10-09 14:37 - 01157874 _____ C:\Windows\WindowsUpdate.log
2013-08-25 19:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-08-25 18:43 - 2009-07-14 05:34 - 00016080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-25 18:43 - 2009-07-14 05:34 - 00016080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 10:06 - 2010-01-17 18:18 - 00000000 ____D C:\Users\Karin\AppData\Roaming\Skype

Files to move or delete:
====================
C:\Users\Karin\AppData\Roaming\cache.dat
C:\Users\Karin\AppData\Roaming\cache.ini
C:\Users\Karin\AppData\Local\Temp\AskSLib.dll
C:\Users\Karin\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Karin\AppData\Local\Temp\install_flashplayer11x32ax_chra_awa_aih.exe
C:\Users\Karin\AppData\Local\Temp\mpengine.dll
C:\Users\Karin\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Karin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Karin\AppData\Local\Temp\verrikvrhnribhesy.exe
C:\Users\Karin\AppData\Local\Temp\_is31C9.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\difxapi.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\MSVCP60.DLL
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\DrvLangChg\DrvLangChg.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\DevSearch\DeviceSearch.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\DevSearch\NSSearch.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BRHOOK.DLL
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\brif03a.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\brlm03a.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BRLMW03A.DLL
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BrMonitor.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BroSNMP.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BrYNSvc.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\BrFirmUpdateCheck.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\BrStMonW.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\BrStMonWRes.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\prnadmin.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\THoop.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\Drivers\DPInst.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\Drivers\dpinst2k.exe
C:\Users\Karin\AppData\Local\Temp\{509B509F-F7BE-40FC-A1AF-E078C0659A36}\ISSetup.dll
C:\Users\Karin\AppData\Local\Temp\{509B509F-F7BE-40FC-A1AF-E078C0659A36}\_Setup.dll
C:\Users\Karin\AppData\Local\Temp\Setup00000ef4\OSETUP.DLL
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aebb.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aecore.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aeemu.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aegen.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aehelp.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aeheur.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aeoffice.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aepack.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aerdl.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aescn.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aescript.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aevdf.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avadmin.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avarkt.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avcenter.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avconfig.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avconfig.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avconfigrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avevtlog.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avgio.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avgnt.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avguard.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avinet.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avipc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avnotify.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avnotify.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avpref.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\AVReg.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avrep.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avscan.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avscan.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avupgsvc.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avwinll.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avwmi.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avwsc.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccev.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccevrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccgen.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccgenrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccgrdrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccguard.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cclib.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cclic.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cclicrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccmainrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccmsg.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccprofil.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccquamgr.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccquarc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccreporc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccreport.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccscanrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccsched.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccscherc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cctpc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccupdate.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccupdrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cfglib.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\fact.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\factrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\guardgui.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\guardmsg.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\imp64b.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\licmgr.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\licmgr.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\luke.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\lukeres.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\mgrs.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\msgclient.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\netnt.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\presetup.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\scewxmlw.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\sched.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\schedr.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\setup.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\setup.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\shlext.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\shlext64.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\smtplib.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\sqlite3.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\unacev2.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\update.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\update.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\updaterc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\updgui.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\updguirc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\vcredist_x86.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\wksstats.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\wsctool.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KcMV3Da.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KMPOPUPMGR.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KMSTMNET.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KMSTMNW.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KMSTMVM.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT2\KACT2.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KACT.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCBIDI.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCCODE32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCCOMM32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCDVEX.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCDVMON.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCLANG32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCNS32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCNW32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCNW32N.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCPORT32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCSIPX32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCSOCK32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\LANGDATA.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\mfc42.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\msvcrt.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\msvcrt40.dll

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-01 13:08:58
Restore point made on: 2013-06-04 18:29:21
Restore point made on: 2013-06-07 18:57:37
Restore point made on: 2013-06-12 20:19:54
Restore point made on: 2013-06-12 20:26:17
Restore point made on: 2013-06-21 17:17:51
Restore point made on: 2013-06-27 19:40:51
Restore point made on: 2013-07-03 17:47:44
Restore point made on: 2013-07-10 19:51:25
Restore point made on: 2013-07-10 20:00:35
Restore point made on: 2013-07-16 16:31:48
Restore point made on: 2013-07-20 13:23:32
Restore point made on: 2013-07-23 20:36:56
Restore point made on: 2013-07-31 20:11:57
Restore point made on: 2013-08-06 10:10:58
Restore point made on: 2013-08-25 18:41:46
Restore point made on: 2013-08-28 16:55:17

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 3963.99 MB
Available physical RAM: 3472.77 MB
Total Pagefile: 3962.27 MB
Available Pagefile: 3476.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.7 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:116.29 GB) (Free:77.96 GB) NTFS
Drive d: (Data) (Fixed) (Total:116.21 GB) (Free:110.73 GB) NTFS
Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (MICTIAN) (Removable) (Total:0.11 GB) (Free:0.11 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 87FEAE93)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=116 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 124 MB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=118 MB) - (Type=0B)


LastRegBack: 2013-04-23 19:55

==================== End Of Log ============================
--- --- ---

schrauber 29.08.2013 17:54
hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Karin\...\Winlogon: [Shell] explorer.exe,C:\Users\Karin\AppData\Roaming\cache.dat [ 2011-11-17] () <==== ATTENTION
C:\Users\Karin\AppData\Roaming\cache.dat
C:\Users\Karin\AppData\Roaming\cache.ini
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten :)

Mirco12345 29.08.2013 18:40
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-08-2013
Ran by SYSTEM at 2013-08-29 19:25:38 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Karin\...\Winlogon: [Shell] explorer.exe,C:\Users\Karin\AppData\Roaming\cache.dat [ 2011-11-17] () <==== ATTENTION
C:\Users\Karin\AppData\Roaming\cache.dat
C:\Users\Karin\AppData\Roaming\cache.ini
*****************

HKU\Karin\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Karin\AppData\Roaming\cache.dat => Moved successfully.
C:\Users\Karin\AppData\Roaming\cache.ini => Moved successfully.

==== End of Fixlog ====

schrauber 30.08.2013 07:17
startet der Rechner normal?


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131