Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundestrojaner eingefangen... (https://www.trojaner-board.de/140677-bundestrojaner-eingefangen.html)

Mirco12345 29.08.2013 17:37
Bundestrojaner eingefangen...
 
Hallo meine Mutter hat sich den Bundestrojaner eingefangen . Habe schon mehrer Sachen probiert aber leider funktioniert der abgesicherte Modus nicht . Danke schonmal im voraus für die Hilfe .
Hier die FRST Logfile:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by SYSTEM on 29-08-2013 18:11:07
Running from G:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [466792 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [29528 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-06] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-07-30] (Toshiba Europe GmbH)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [ 2009-08-12] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [ 2009-08-12] (TOSHIBA)
HKU\Karin\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-09-07] (Google Inc.)
HKU\Karin\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2009-10-09] (Skype Technologies S.A.)
HKU\Karin\...\Winlogon: [Shell] explorer.exe,C:\Users\Karin\AppData\Roaming\cache.dat [ 2011-11-17] () <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

========================== Services (Whitelisted) =================

S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
S2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
S2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-07] (TOSHIBA Corporation)
S2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) ====================

S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
S3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-06-24] (Realtek Semiconductor Corp.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [376320 2009-08-13] (Realtek Semiconductor Corporation                          )
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-25 18:43 - 2013-08-29 16:45 - 00000004 _____ C:\Users\Karin\AppData\Roaming\cache.ini
2013-08-25 18:43 - 2013-06-15 04:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-08-29 16:45 - 2013-08-25 18:43 - 00000004 _____ C:\Users\Karin\AppData\Roaming\cache.ini
2013-08-29 16:43 - 2009-07-14 05:39 - 00063933 _____ C:\Windows\setupact.log
2013-08-28 16:55 - 2009-10-09 14:37 - 01157874 _____ C:\Windows\WindowsUpdate.log
2013-08-25 19:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-08-25 18:43 - 2009-07-14 05:34 - 00016080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-25 18:43 - 2009-07-14 05:34 - 00016080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 10:06 - 2010-01-17 18:18 - 00000000 ____D C:\Users\Karin\AppData\Roaming\Skype

Files to move or delete:
====================
C:\Users\Karin\AppData\Roaming\cache.dat
C:\Users\Karin\AppData\Roaming\cache.ini
C:\Users\Karin\AppData\Local\Temp\AskSLib.dll
C:\Users\Karin\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Karin\AppData\Local\Temp\install_flashplayer11x32ax_chra_awa_aih.exe
C:\Users\Karin\AppData\Local\Temp\mpengine.dll
C:\Users\Karin\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Karin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Karin\AppData\Local\Temp\verrikvrhnribhesy.exe
C:\Users\Karin\AppData\Local\Temp\_is31C9.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\difxapi.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\MSVCP60.DLL
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\DrvLangChg\DrvLangChg.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\DevSearch\DeviceSearch.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\DevSearch\NSSearch.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BRHOOK.DLL
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\brif03a.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\brlm03a.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BRLMW03A.DLL
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BrMonitor.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BroSNMP.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\BrYNSvc.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\BrFirmUpdateCheck.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\BrStMonW.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\BrStMonWRes.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\prnadmin.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\{E2A97415-BD97-4867-B906-05E39E9EE51F}\Browny02\Company\THoop.dll
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\Drivers\DPInst.exe
C:\Users\Karin\AppData\Local\Temp\{D3A6E64C-E74D-4277-95E5-1C28230758A2}\Drivers\dpinst2k.exe
C:\Users\Karin\AppData\Local\Temp\{509B509F-F7BE-40FC-A1AF-E078C0659A36}\ISSetup.dll
C:\Users\Karin\AppData\Local\Temp\{509B509F-F7BE-40FC-A1AF-E078C0659A36}\_Setup.dll
C:\Users\Karin\AppData\Local\Temp\Setup00000ef4\OSETUP.DLL
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aebb.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aecore.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aeemu.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aegen.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aehelp.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aeheur.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aeoffice.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aepack.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aerdl.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aescn.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aescript.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\aevdf.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avadmin.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avarkt.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avcenter.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avconfig.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avconfig.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avconfigrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avevtlog.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avgio.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avgnt.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avguard.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avinet.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avipc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avnotify.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avnotify.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avpref.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\AVReg.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avrep.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avscan.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avscan.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avupgsvc.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avwinll.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avwmi.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\avwsc.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccev.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccevrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccgen.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccgenrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccgrdrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccguard.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cclib.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cclic.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cclicrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccmainrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccmsg.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccprofil.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccquamgr.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccquarc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccreporc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccreport.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccscanrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccsched.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccscherc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cctpc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccupdate.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\ccupdrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\cfglib.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\fact.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\factrc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\guardgui.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\guardmsg.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\imp64b.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\licmgr.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\licmgr.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\luke.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\lukeres.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\mgrs.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\msgclient.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\netnt.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\presetup.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\scewxmlw.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\sched.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\schedr.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\setup.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\setup.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\shlext.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\shlext64.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\smtplib.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\sqlite3.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\unacev2.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\update.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\update.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\updaterc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\updgui.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\updguirc.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\vcredist_x86.exe
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\wksstats.dll
C:\Users\Karin\AppData\Local\Temp\RarSFX0\basic\wsctool.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KcMV3Da.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KMPOPUPMGR.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KMSTMNET.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KMSTMNW.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KMSTMVM.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT2\KACT2.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KACT.exe
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCBIDI.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCCODE32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCCOMM32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCDVEX.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCDVMON.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCLANG32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCNS32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCNW32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCNW32N.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCPORT32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCSIPX32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\KCSOCK32.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\LANGDATA.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\mfc42.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\msvcrt.dll
C:\Users\Karin\AppData\Local\Temp\KyoceraFS-1020D43AD\KACT\msvcrt40.dll

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-01 13:08:58
Restore point made on: 2013-06-04 18:29:21
Restore point made on: 2013-06-07 18:57:37
Restore point made on: 2013-06-12 20:19:54
Restore point made on: 2013-06-12 20:26:17
Restore point made on: 2013-06-21 17:17:51
Restore point made on: 2013-06-27 19:40:51
Restore point made on: 2013-07-03 17:47:44
Restore point made on: 2013-07-10 19:51:25
Restore point made on: 2013-07-10 20:00:35
Restore point made on: 2013-07-16 16:31:48
Restore point made on: 2013-07-20 13:23:32
Restore point made on: 2013-07-23 20:36:56
Restore point made on: 2013-07-31 20:11:57
Restore point made on: 2013-08-06 10:10:58
Restore point made on: 2013-08-25 18:41:46
Restore point made on: 2013-08-28 16:55:17

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 3963.99 MB
Available physical RAM: 3472.77 MB
Total Pagefile: 3962.27 MB
Available Pagefile: 3476.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.7 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:116.29 GB) (Free:77.96 GB) NTFS
Drive d: (Data) (Fixed) (Total:116.21 GB) (Free:110.73 GB) NTFS
Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (MICTIAN) (Removable) (Total:0.11 GB) (Free:0.11 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 87FEAE93)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=116 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 124 MB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=118 MB) - (Type=0B)


LastRegBack: 2013-04-23 19:55

==================== End Of Log ============================
--- --- ---

schrauber 29.08.2013 17:54
hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Karin\...\Winlogon: [Shell] explorer.exe,C:\Users\Karin\AppData\Roaming\cache.dat [ 2011-11-17] () <==== ATTENTION
C:\Users\Karin\AppData\Roaming\cache.dat
C:\Users\Karin\AppData\Roaming\cache.ini
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten :)

Mirco12345 29.08.2013 18:40
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-08-2013
Ran by SYSTEM at 2013-08-29 19:25:38 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Karin\...\Winlogon: [Shell] explorer.exe,C:\Users\Karin\AppData\Roaming\cache.dat [ 2011-11-17] () <==== ATTENTION
C:\Users\Karin\AppData\Roaming\cache.dat
C:\Users\Karin\AppData\Roaming\cache.ini
*****************

HKU\Karin\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Karin\AppData\Roaming\cache.dat => Moved successfully.
C:\Users\Karin\AppData\Roaming\cache.ini => Moved successfully.

==== End of Fixlog ====

schrauber 30.08.2013 07:17
startet der Rechner normal?


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:55 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55