Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundestrojaner eingefangen...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.08.2013, 17:37   #1
Mirco12345
 
Bundestrojaner eingefangen... - Standard

Bundestrojaner eingefangen...



Hallo meine Mutter hat sich den Bundestrojaner eingefangen . Habe schon mehrer Sachen probiert aber leider funktioniert der abgesicherte Modus nicht . Danke schonmal im voraus für die Hilfe .
Hier die FRST Logfile:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by SYSTEM on 29-08-2013 18:11:07
Running from G:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [466792 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [29528 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-06] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-07-30] (Toshiba Europe GmbH)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [ 2009-08-12] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [ 2009-08-12] (TOSHIBA)
HKU\Karin\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-09-07] (Google Inc.)
HKU\Karin\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2009-10-09] (Skype Technologies S.A.)
HKU\Karin\...\Winlogon: [Shell] explorer.exe,C:\Users\Karin\AppData\Roaming\cache.dat [ 2011-11-17] () <==== ATTENTION 
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

========================== Services (Whitelisted) =================

S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
S2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
S2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-07] (TOSHIBA Corporation)
S2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) ====================

S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
S3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-06-24] (Realtek Semiconductor Corp.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [376320 2009-08-13] (Realtek Semiconductor Corporation                           )
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-25 18:43 - 2013-08-29 16:45 - 00000004 _____ C:\Users\Karin\AppData\Roaming\cache.ini
2013-08-25 18:43 - 2013-06-15 04:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-08-29 16:45 - 2013-08-25 18:43 - 00000004 _____ C:\Users\Karin\AppData\Roaming\cache.ini
2013-08-29 16:43 - 2009-07-14 05:39 - 00063933 _____ C:\Windows\setupact.log
2013-08-28 16:55 - 2009-10-09 14:37 - 01157874 _____ C:\Windows\WindowsUpdate.log
2013-08-25 19:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-08-25 18:43 - 2009-07-14 05:34 - 00016080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-25 18:43 - 2009-07-14 05:34 - 00016080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 10:06 - 2010-01-17 18:18 - 00000000 ____D C:\Users\Karin\AppData\Roaming\Skype

Files to move or delete:
====================
C:\Users\Karin\AppData\Roaming\cache.dat
C:\Users\Karin\AppData\Roaming\cache.ini
C:\Users\Karin\AppData\Local\Temp\AskSLib.dll
C:\Users\Karin\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Karin\AppData\Local\Temp\install_flashplayer11x32ax_chra_awa_aih.exe
C:\Users\Karin\AppData\Local\Temp\mpengine.dll
C:\Users\Karin\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Karin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Karin\AppData\Local\Temp\verrikvrhnribhesy.exe
C:\Users\Karin\AppData\Local\Temp\_is31C9.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\difxapi.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\MSVCP60.DLL
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\DrvLangChg\DrvLangChg.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\DevSearch\DeviceSearch.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\DevSearch\NSSearch.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BRHOOK.DLL
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\brif03a.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\brlm03a.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BRLMW03A.DLL
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BrMonitor.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BroSNMP.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BrYNSvc.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\BrFirmUpdateCheck.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\BrStMonW.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\BrStMonWRes.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\prnadmin.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\THoop.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\Drivers\DPInst.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\Drivers\dpinst2k.exe
C:\Users\Karin\AppData\Local\Temp\{509B509F-F7BE-40FC-A1AF-E078C0659A36}\ISSetup.dll
C:\Users\Karin\AppData\Local\Temp\{509B509F-F7BE-40FC-A1AF-E078C0659A36}\_Setup.dll
C:\Users\Karin\AppData\Local\Temp\Setup00000ef4\OSETUP.DLL
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aebb.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aecore.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aeemu.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aegen.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aehelp.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aeheur.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aeoffice.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aepack.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aerdl.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aescn.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aescript.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aevdf.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avadmin.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avarkt.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avcenter.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avconfig.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avconfig.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avconfigrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avevtlog.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avgio.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avgnt.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avguard.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avinet.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avipc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avnotify.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avnotify.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avpref.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\AVReg.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avrep.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avscan.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avscan.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avupgsvc.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avwinll.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avwmi.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avwsc.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccev.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccevrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccgen.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccgenrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccgrdrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccguard.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cclib.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cclic.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cclicrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccmainrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccmsg.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccprofil.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccquamgr.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccquarc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccreporc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccreport.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccscanrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccsched.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccscherc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cctpc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccupdate.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccupdrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cfglib.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\fact.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\factrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\guardgui.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\guardmsg.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\imp64b.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\licmgr.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\licmgr.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\luke.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\lukeres.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\mgrs.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\msgclient.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\netnt.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\presetup.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\scewxmlw.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\sched.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\schedr.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\setup.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\setup.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\shlext.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\shlext64.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\smtplib.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\sqlite3.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\unacev2.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\update.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\update.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\updaterc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\updgui.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\updguirc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\vcredist_x86.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\wksstats.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\wsctool.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KcMV3Da.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KMPOPUPMGR.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KMSTMNET.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KMSTMNW.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KMSTMVM.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT2\KACT2.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KACT.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCBIDI.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCCODE32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCCOMM32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCDVEX.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCDVMON.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCLANG32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCNS32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCNW32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCNW32N.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCPORT32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCSIPX32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCSOCK32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\LANGDATA.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\mfc42.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\msvcrt.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\msvcrt40.dll

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-01 13:08:58
Restore point made on: 2013-06-04 18:29:21
Restore point made on: 2013-06-07 18:57:37
Restore point made on: 2013-06-12 20:19:54
Restore point made on: 2013-06-12 20:26:17
Restore point made on: 2013-06-21 17:17:51
Restore point made on: 2013-06-27 19:40:51
Restore point made on: 2013-07-03 17:47:44
Restore point made on: 2013-07-10 19:51:25
Restore point made on: 2013-07-10 20:00:35
Restore point made on: 2013-07-16 16:31:48
Restore point made on: 2013-07-20 13:23:32
Restore point made on: 2013-07-23 20:36:56
Restore point made on: 2013-07-31 20:11:57
Restore point made on: 2013-08-06 10:10:58
Restore point made on: 2013-08-25 18:41:46
Restore point made on: 2013-08-28 16:55:17

==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 3963.99 MB
Available physical RAM: 3472.77 MB
Total Pagefile: 3962.27 MB
Available Pagefile: 3476.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.7 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:116.29 GB) (Free:77.96 GB) NTFS
Drive d: (Data) (Fixed) (Total:116.21 GB) (Free:110.73 GB) NTFS
Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (MICTIAN) (Removable) (Total:0.11 GB) (Free:0.11 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 87FEAE93)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=116 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 124 MB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=118 MB) - (Type=0B)


LastRegBack: 2013-04-23 19:55

==================== End Of Log ============================
         
--- --- ---

Alt 29.08.2013, 17:54   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Bundestrojaner eingefangen... - Standard

Bundestrojaner eingefangen...



hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\Karin\...\Winlogon: [Shell] explorer.exe,C:\Users\Karin\AppData\Roaming\cache.dat [ 2011-11-17] () <==== ATTENTION 
C:\Users\Karin\AppData\Roaming\cache.dat
C:\Users\Karin\AppData\Roaming\cache.ini
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten
__________________

__________________

Alt 29.08.2013, 18:40   #3
Mirco12345
 
Bundestrojaner eingefangen... - Standard

Bundestrojaner eingefangen...



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-08-2013
Ran by SYSTEM at 2013-08-29 19:25:38 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Karin\...\Winlogon: [Shell] explorer.exe,C:\Users\Karin\AppData\Roaming\cache.dat [ 2011-11-17] () <==== ATTENTION 
C:\Users\Karin\AppData\Roaming\cache.dat
C:\Users\Karin\AppData\Roaming\cache.ini
*****************

HKU\Karin\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Karin\AppData\Roaming\cache.dat => Moved successfully.
C:\Users\Karin\AppData\Roaming\cache.ini => Moved successfully.

==== End of Fixlog ====
         
__________________

Alt 30.08.2013, 07:17   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Bundestrojaner eingefangen... - Standard

Bundestrojaner eingefangen...



startet der Rechner normal?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Bundestrojaner eingefangen...
adobe, alert, appdata, association, audio, code, explorer, explorer.exe, farbar, farbar recovery scan tool, google, home, ics, microsoft, online, realtek, recovery, registry, roaming, scan, services.exe, svchost.exe, system, system32, tool, toshiba, vcredist, winlogon, winlogon.exe



Ähnliche Themen: Bundestrojaner eingefangen...


  1. Windows 8: Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2015 (13)
  2. Neuster bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 17.09.2013 (9)
  3. Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (10)
  4. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 21.06.2013 (11)
  5. Bundestrojaner heute eingefangen
    Log-Analyse und Auswertung - 11.06.2013 (12)
  6. Bundestrojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (11)
  7. Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (21)
  8. Bundestrojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (2)
  9. Bundestrojaner eingefangen :-(
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (7)
  10. BUNDESTROJANER eingefangen! Was nun?
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (9)
  11. Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (19)
  12. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 16.07.2012 (1)
  13. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 13.07.2012 (9)
  14. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 13.03.2012 (11)
  15. Bundestrojaner eingefangen - 100€ zahlen?
    Log-Analyse und Auswertung - 08.03.2012 (1)
  16. Bundestrojaner heute eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (1)
  17. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 28.08.2011 (4)

Zum Thema Bundestrojaner eingefangen... - Hallo meine Mutter hat sich den Bundestrojaner eingefangen . Habe schon mehrer Sachen probiert aber leider funktioniert der abgesicherte Modus nicht . Danke schonmal im voraus für die Hilfe . - Bundestrojaner eingefangen......
Archiv
Du betrachtest: Bundestrojaner eingefangen... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.