Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner (https://www.trojaner-board.de/143274-gvu-trojaner.html)

CHUT 19.10.2013 11:30
GVU Trojaner
 
Hallo zusammen,

ich soll auf dem Rechner (Windows 7, 64Bit) eines Freundes den GVU Trojaner entfernen und habe die Lösung bzw. Anleitung dazu hier im Forum gefunden.

Ich habe alle Schritte, die mit Farbar Recovery Tool angegeben sind durchgeführt und würde an dieser Stelle gerne das Logfile posten, verbunden mit der Bitte an den Admin, mir damit entsprechend weiterzuhelfen.

Vielen Dank im Voraus!

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-5E49ICO on 19-10-2013 12:12:02
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11779176 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [1208320 2010-12-16] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2706216 2011-02-25] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2012-07-06] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] - C:\windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [OmniPage Preload] - C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe [2987880 2011-08-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance OmniPage 18-reminder] - C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini [363 2013-06-18] ()
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini [354 2013-05-14] ()
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfpro5hook.exe [1369376 2010-02-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe [62752 2010-02-08] (Nuance Communications, Inc.)
HKU\Administrator\...\Run: [OpAgent] - "OpAgent.exe" /agent
HKU\Administrator\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKU\Leilich\...\Run: [OpAgent] - "OpAgent.exe" /agent
HKU\Leilich\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKU\Leilich\...\Winlogon: [Shell] explorer.exe,C:\Users\Leilich\AppData\Roaming\cache.dat [69632 2013-10-16] () <==== ATTENTION
HKU\UpdatusUser\...\Run: [OpAgent] - "OpAgent.exe" /agent
HKU\UpdatusUser\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [324976 2010-05-21] (Flexera Software, Inc.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2013-06-04] (Sophos Limited)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2013-06-04] (Sophos Limited)
Startup: C:\Users\Leilich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)

==================== Services (Whitelisted) =================

S2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [29552 2011-07-26] (Gladinet, INC)
S2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2010-12-16] ()
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-02-10] (Nuance Communications, Inc.)
S2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2012-11-29] (Sophos Limited)
S2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139840 2012-06-15] (Sophos Limited)
S2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2012-07-06] (Sophos Limited)
S2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-11-29] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-11-29] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

S3 samsung_hspa_datacard_cdc_acm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_acm.sys [48128 2011-02-11] (Samsung)
S3 samsung_hspa_datacard_cdc_ecm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_ecm.sys [52736 2011-02-11] (Samsung)
S3 samsung_hspa_datacard_dc_enum; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [59904 2011-02-11] (Samsung)
S1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-06-15] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-10-23] (Sophos Plc)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-19 12:11 - 2013-10-19 12:11 - 00000000 ____D C:\FRST
2013-10-16 14:22 - 2013-10-19 01:52 - 00000004 _____ C:\Users\Leilich\AppData\Roaming\cache.ini
2013-10-16 14:11 - 2013-10-16 14:11 - 00069632 ____R C:\Users\Leilich\AppData\Roaming\cache.dat
2013-10-12 11:48 - 2013-10-12 11:48 - 00102400 _____ C:\Users\Leilich\Downloads\movie1080p.mkv(1).exe
2013-10-11 04:59 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 04:59 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 04:59 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 04:59 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 04:59 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 04:59 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 04:59 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 04:59 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-11 04:59 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-11 04:59 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-11 04:59 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-11 04:59 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-11 04:59 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-11 04:59 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-11 04:59 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-11 04:59 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-11 04:59 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-11 04:59 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 04:59 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-11 04:59 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 04:58 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 04:58 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 04:58 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 04:58 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 04:58 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 04:58 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 04:58 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-11 04:58 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-11 04:58 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-11 04:58 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-11 04:58 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-10 05:43 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-10 05:43 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 05:43 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-10 05:43 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-10 05:43 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-10 05:43 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-10 05:43 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 05:43 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 05:43 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 05:43 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-10 05:43 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 05:43 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 05:39 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-10 05:39 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-10 05:39 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-10 05:39 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 05:39 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-10 05:39 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-10 05:39 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-10 05:39 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-10-10 05:39 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-10 05:39 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 05:39 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 05:39 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 05:39 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 05:39 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 05:39 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 05:39 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 05:39 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 05:39 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 05:39 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 05:39 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-10 05:39 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-10 05:39 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-10 05:39 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 05:39 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 05:39 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-10 05:39 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-10 05:39 - 2013-07-12 02:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys
2013-10-10 05:39 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-10 05:39 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-10 05:39 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 05:39 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 05:39 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-10 05:39 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-10 05:39 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-10 05:39 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-10 05:39 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-08 06:38 - 2013-10-08 06:38 - 07549072 _____ (Avanquest) C:\Users\Leilich\Downloads\Foto-Software_Ausschneiden_Trial_Test4.exe
2013-10-01 05:47 - 2013-10-01 05:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-28 05:13 - 2013-09-28 05:13 - 00054272 _____ C:\Users\Leilich\Downloads\movie1080p.mkv.exe
2013-09-19 04:08 - 2013-10-10 18:16 - 00119715 _____ C:\Users\Leilich\Downloads\pspbrwse.jbf
2013-09-19 00:10 - 2013-09-19 00:10 - 00000289 _____ C:\Users\Leilich\Desktop\Unveröffentlichte Aufnahmen Deutsche Jagdflieger im Ersten Weltkrieg.URL

==================== One Month Modified Files and Folders =======

2013-10-19 12:11 - 2013-10-19 12:11 - 00000000 ____D C:\FRST
2013-10-19 11:02 - 2011-05-30 03:19 - 00000000 ____D C:\ProgramData\WinClon
2013-10-19 01:52 - 2013-10-16 14:22 - 00000004 _____ C:\Users\Leilich\AppData\Roaming\cache.ini
2013-10-19 01:52 - 2012-09-06 06:25 - 00000000 ____D C:\Users\Leilich\AppData\Local\gladinet
2013-10-19 01:51 - 2011-11-16 01:12 - 00058288 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2013-10-19 01:51 - 2011-05-30 18:42 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.dll
2013-10-19 01:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-19 01:50 - 2009-07-13 20:51 - 00088350 _____ C:\Windows\setupact.log
2013-10-19 01:49 - 2011-05-30 18:41 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.exe
2013-10-19 01:49 - 2011-05-30 18:41 - 00017920 _____ C:\Windows\System32\rpcnetp.exe
2013-10-19 01:47 - 2013-09-12 04:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-19 01:44 - 2009-07-13 20:45 - 00020992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-19 01:44 - 2009-07-13 20:45 - 00020992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-19 01:43 - 2011-05-30 18:45 - 01119432 _____ C:\Windows\WindowsUpdate.log
2013-10-16 14:11 - 2013-10-16 14:11 - 00069632 ____R C:\Users\Leilich\AppData\Roaming\cache.dat
2013-10-16 13:14 - 2011-11-17 07:34 - 00000000 ____D C:\Users\Leilich\Documents\Outlook-Dateien
2013-10-13 20:05 - 2011-11-17 07:46 - 00000000 ____D C:\Users\Leilich\Documents\My PSP8 Files
2013-10-13 17:24 - 2011-05-30 17:04 - 00697098 _____ C:\Windows\System32\perfh007.dat
2013-10-13 17:24 - 2011-05-30 17:04 - 00148362 _____ C:\Windows\System32\perfc007.dat
2013-10-13 17:24 - 2009-07-13 21:13 - 01613412 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-12 11:48 - 2013-10-12 11:48 - 00102400 _____ C:\Users\Leilich\Downloads\movie1080p.mkv(1).exe
2013-10-11 05:20 - 2013-03-13 13:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 05:20 - 2013-03-13 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 05:20 - 2012-05-02 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-11 05:20 - 2009-07-13 20:45 - 00355080 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-11 05:01 - 2011-11-15 06:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 04:56 - 2012-09-06 05:51 - 01591306 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 04:48 - 2013-08-15 05:17 - 00000000 ____D C:\Windows\System32\MRT
2013-10-11 04:47 - 2011-11-15 07:13 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-10 18:16 - 2013-09-19 04:08 - 00119715 _____ C:\Users\Leilich\Downloads\pspbrwse.jbf
2013-10-10 17:46 - 2011-11-17 07:48 - 00000000 ____D C:\Users\Leilich\Documents\Privat
2013-10-09 06:47 - 2013-09-12 04:06 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 06:47 - 2012-08-22 06:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 06:47 - 2011-11-17 06:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 05:16 - 2011-11-17 07:46 - 00000000 ____D C:\Users\Leilich\Documents\PDF
2013-10-08 06:38 - 2013-10-08 06:38 - 07549072 _____ (Avanquest) C:\Users\Leilich\Downloads\Foto-Software_Ausschneiden_Trial_Test4.exe
2013-10-04 12:28 - 2012-04-26 07:34 - 00000000 ____D C:\Users\Leilich\Documents\My Kindle Content
2013-10-01 05:59 - 2011-11-17 06:51 - 00000000 ____D C:\Users\Leilich\AppData\Local\Mozilla
2013-10-01 05:47 - 2013-10-01 05:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-28 05:13 - 2013-09-28 05:13 - 00054272 _____ C:\Users\Leilich\Downloads\movie1080p.mkv.exe
2013-09-25 17:32 - 2011-11-17 07:18 - 00000000 ____D C:\Users\Leilich\Documents\Gemeindezentrum
2013-09-25 12:42 - 2011-11-17 07:51 - 00000000 ____D C:\Users\Leilich\Documents\Vortrag 6. Dez
2013-09-25 12:34 - 2011-11-17 07:18 - 00000000 ____D C:\Users\Leilich\Documents\Kunst
2013-09-25 12:25 - 2011-11-17 07:17 - 00000000 ____D C:\Users\Leilich\Documents\bibel digital
2013-09-22 15:28 - 2013-10-11 04:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 15:28 - 2013-10-11 04:58 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 15:27 - 2013-10-11 04:59 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 15:27 - 2013-10-11 04:59 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 15:27 - 2013-10-11 04:59 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 15:27 - 2013-10-11 04:59 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-22 15:27 - 2013-10-11 04:59 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-22 15:27 - 2013-10-11 04:59 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-22 15:27 - 2013-10-11 04:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-22 15:27 - 2013-10-11 04:58 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 15:27 - 2013-10-11 04:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 15:27 - 2013-10-11 04:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 15:27 - 2013-10-11 04:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 14:55 - 2013-10-11 04:59 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-22 14:55 - 2013-10-11 04:58 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-22 14:55 - 2013-10-11 04:58 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-22 14:54 - 2013-10-11 04:59 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-22 14:54 - 2013-10-11 04:59 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-22 14:54 - 2013-10-11 04:59 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-22 14:54 - 2013-10-11 04:59 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-22 14:54 - 2013-10-11 04:59 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-22 14:54 - 2013-10-11 04:59 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-22 14:54 - 2013-10-11 04:59 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-22 14:54 - 2013-10-11 04:59 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-22 14:54 - 2013-10-11 04:58 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-22 14:54 - 2013-10-11 04:58 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-22 14:54 - 2013-10-11 04:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-20 19:38 - 2013-10-11 04:59 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-20 19:30 - 2013-10-11 04:59 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-20 18:48 - 2013-10-11 04:59 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-20 18:39 - 2013-10-11 04:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-19 04:01 - 2011-11-17 07:18 - 00000000 ____D C:\Users\Leilich\Documents\Kindergarten
2013-09-19 00:10 - 2013-09-19 00:10 - 00000289 _____ C:\Users\Leilich\Desktop\Unveröffentlichte Aufnahmen Deutsche Jagdflieger im Ersten Weltkrieg.URL

Files to move or delete:
====================
C:\Users\Leilich\AppData\Roaming\cache.dat
C:\Users\Leilich\AppData\Roaming\cache.ini


Some content of TEMP:
====================
C:\Users\Leilich\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Leilich\AppData\Local\Temp\MSETUP4.EXE


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

8
Restore point made on: 2013-09-17 19:47:47
Restore point made on: 2013-09-23 22:39:16
Restore point made on: 2013-09-27 16:02:44
Restore point made on: 2013-10-01 14:42:35
Restore point made on: 2013-10-08 03:28:31
Restore point made on: 2013-10-11 04:40:18
Restore point made on: 2013-10-15 12:55:31
Restore point made on: 2013-10-19 01:41:42

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4006.05 MB
Available physical RAM: 3365.89 MB
Total Pagefile: 4004.25 MB
Available Pagefile: 3366.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:443.28 GB) (Free:369.07 GB) NTFS
Drive e: (SAMSUNG_REC) (Fixed) (Total:22.38 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:1.88 GB) (Free:0.57 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: BCD18A1E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2012-09-06 01:51

==================== End Of Log ============================

schrauber 19.10.2013 14:11
hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Leilich\...\Winlogon: [Shell] explorer.exe,C:\Users\Leilich\AppData\Roaming\cache.dat [69632 2013-10-16] () <==== ATTENTION
C:\Users\Leilich\AppData\Roaming\cache.dat
C:\Users\Leilich\AppData\Roaming\cache.ini
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten.

CHUT 23.10.2013 08:12
Gleiches Spiel noch einmal ...

Habe alles so gemacht, wie vorgeschrieben und es hat super geklappt! Bevor ich aber hier die Fixlog.txt posten konnte, hat sich der Computerbesitzer über - den mittlerweile immerhin als Verursacher erkannten Inhalt - den gleichen Mist wieder gefangen.

Deshalb noch einmal meine Bitte um Hilfe, unten das Ergebnis des neuen Scans.

Danke vielmals für Eure Hilfe!


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-TUPQOE8 on 23-10-2013 08:57:32
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11779176 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [1208320 2010-12-16] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2706216 2011-02-25] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2012-07-06] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] - C:\windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [OmniPage Preload] - C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe [2987880 2011-08-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance OmniPage 18-reminder] - C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini [363 2013-06-18] ()
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini [354 2013-05-14] ()
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfpro5hook.exe [1369376 2010-02-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe [62752 2010-02-08] (Nuance Communications, Inc.)
HKU\Administrator\...\Run: [OpAgent] - "OpAgent.exe" /agent
HKU\Administrator\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKU\Leilich\...\Run: [OpAgent] - "OpAgent.exe" /agent
HKU\Leilich\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKU\Leilich\...\Winlogon: [Shell] explorer.exe,C:\Users\Leilich\AppData\Roaming\cache.dat [102400 2013-08-28] () <==== ATTENTION
HKU\UpdatusUser\...\Run: [OpAgent] - "OpAgent.exe" /agent
HKU\UpdatusUser\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [324976 2010-05-21] (Flexera Software, Inc.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2013-06-04] (Sophos Limited)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2013-06-04] (Sophos Limited)
Startup: C:\Users\Leilich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)

==================== Services (Whitelisted) =================

S2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [29552 2011-07-26] (Gladinet, INC)
S2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2010-12-16] ()
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-02-10] (Nuance Communications, Inc.)
S2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2012-11-29] (Sophos Limited)
S2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139840 2012-06-15] (Sophos Limited)
S2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2012-07-06] (Sophos Limited)
S2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-11-29] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-11-29] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

S3 samsung_hspa_datacard_cdc_acm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_acm.sys [48128 2011-02-11] (Samsung)
S3 samsung_hspa_datacard_cdc_ecm; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_cdc_ecm.sys [52736 2011-02-11] (Samsung)
S3 samsung_hspa_datacard_dc_enum; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [59904 2011-02-11] (Samsung)
S1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-06-15] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-10-23] (Sophos Plc)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-22 14:14 - 2013-10-22 14:16 - 00000004 _____ C:\Users\Leilich\AppData\Roaming\cache.ini
2013-10-22 14:10 - 2013-10-22 14:10 - 00002031 _____ C:\Users\Public\Desktop\Ausschneiden 1.0.lnk
2013-10-22 14:09 - 2013-10-22 14:09 - 00000000 ____D C:\Users\Public\Documents\Avanquest Software
2013-10-22 14:09 - 2013-10-22 14:09 - 00000000 ____D C:\ProgramData\Avanquest
2013-10-22 14:09 - 2013-10-22 14:09 - 00000000 ____D C:\Program Files (x86)\Ausschneiden 1.0
2013-10-19 12:11 - 2013-10-19 12:11 - 00000000 ____D C:\FRST
2013-10-11 04:59 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 04:59 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 04:59 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 04:59 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 04:59 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 04:59 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 04:59 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 04:59 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-11 04:59 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-11 04:59 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-11 04:59 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-11 04:59 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-11 04:59 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-11 04:59 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-11 04:59 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-11 04:59 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-11 04:59 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-11 04:59 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 04:59 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-11 04:59 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 04:58 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 04:58 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 04:58 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 04:58 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 04:58 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 04:58 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 04:58 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-11 04:58 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-11 04:58 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-11 04:58 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-11 04:58 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-10 05:43 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-10 05:43 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 05:43 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-10 05:43 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-10 05:43 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-10 05:43 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-10 05:43 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 05:43 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 05:43 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 05:43 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-10 05:43 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 05:43 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 05:39 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-10 05:39 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-10 05:39 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-10 05:39 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 05:39 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-10 05:39 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-10 05:39 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-10 05:39 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-10-10 05:39 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-10 05:39 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 05:39 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 05:39 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 05:39 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 05:39 - 2013-08-28 17:50 - 00102400 _____ C:\Users\Leilich\AppData\Roaming\cache.dat
2013-10-10 05:39 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 05:39 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 05:39 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 05:39 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 05:39 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 05:39 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 05:39 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-10 05:39 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-10 05:39 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-10 05:39 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 05:39 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 05:39 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-10 05:39 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-10 05:39 - 2013-07-12 02:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys
2013-10-10 05:39 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-10 05:39 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-10 05:39 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 05:39 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 05:39 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-10 05:39 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-10 05:39 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-10 05:39 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-10 05:39 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-01 05:47 - 2013-10-01 05:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-22 14:16 - 2013-10-22 14:14 - 00000004 _____ C:\Users\Leilich\AppData\Roaming\cache.ini
2013-10-22 14:10 - 2013-10-22 14:10 - 00002031 _____ C:\Users\Public\Desktop\Ausschneiden 1.0.lnk
2013-10-22 14:09 - 2013-10-22 14:09 - 00000000 ____D C:\Users\Public\Documents\Avanquest Software
2013-10-22 14:09 - 2013-10-22 14:09 - 00000000 ____D C:\ProgramData\Avanquest
2013-10-22 14:09 - 2013-10-22 14:09 - 00000000 ____D C:\Program Files (x86)\Ausschneiden 1.0
2013-10-22 14:09 - 2011-05-30 02:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-22 14:03 - 2011-05-30 18:45 - 01238661 _____ C:\Windows\WindowsUpdate.log
2013-10-22 14:03 - 2011-05-30 18:41 - 00017920 _____ C:\Windows\System32\rpcnetp.exe
2013-10-22 13:47 - 2013-09-12 04:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-22 12:23 - 2011-11-17 07:34 - 00000000 ____D C:\Users\Leilich\Documents\Outlook-Dateien
2013-10-22 03:53 - 2011-11-17 07:46 - 00000000 ____D C:\Users\Leilich\Documents\My PSP8 Files
2013-10-21 23:26 - 2009-07-13 20:45 - 00020992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-21 23:26 - 2009-07-13 20:45 - 00020992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-21 23:22 - 2012-09-06 06:25 - 00000000 ____D C:\Users\Leilich\AppData\Local\gladinet
2013-10-21 23:19 - 2009-07-13 20:51 - 00088608 _____ C:\Windows\setupact.log
2013-10-21 23:18 - 2011-11-16 01:12 - 00058288 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2013-10-21 23:18 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-21 23:14 - 2011-05-30 18:42 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.dll
2013-10-21 23:14 - 2011-05-30 18:41 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.exe
2013-10-19 12:11 - 2013-10-19 12:11 - 00000000 ____D C:\FRST
2013-10-19 11:02 - 2011-05-30 03:19 - 00000000 ____D C:\ProgramData\WinClon
2013-10-13 17:24 - 2011-05-30 17:04 - 00697098 _____ C:\Windows\System32\perfh007.dat
2013-10-13 17:24 - 2011-05-30 17:04 - 00148362 _____ C:\Windows\System32\perfc007.dat
2013-10-13 17:24 - 2009-07-13 21:13 - 01613412 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-11 05:20 - 2013-03-13 13:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 05:20 - 2013-03-13 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 05:20 - 2012-05-02 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-11 05:20 - 2009-07-13 20:45 - 00355080 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-11 05:01 - 2011-11-15 06:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 04:56 - 2012-09-06 05:51 - 01591306 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 04:50 - 2013-08-15 05:17 - 00000000 ____D C:\Windows\System32\MRT
2013-10-11 04:47 - 2011-11-15 07:13 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-10 17:46 - 2011-11-17 07:48 - 00000000 ____D C:\Users\Leilich\Documents\Privat
2013-10-09 06:47 - 2013-09-12 04:06 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 06:47 - 2012-08-22 06:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 06:47 - 2011-11-17 06:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 05:16 - 2011-11-17 07:46 - 00000000 ____D C:\Users\Leilich\Documents\PDF
2013-10-04 12:28 - 2012-04-26 07:34 - 00000000 ____D C:\Users\Leilich\Documents\My Kindle Content
2013-10-01 05:59 - 2011-11-17 06:51 - 00000000 ____D C:\Users\Leilich\AppData\Local\Mozilla
2013-10-01 05:47 - 2013-10-01 05:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-25 17:32 - 2011-11-17 07:18 - 00000000 ____D C:\Users\Leilich\Documents\Gemeindezentrum
2013-09-25 12:42 - 2011-11-17 07:51 - 00000000 ____D C:\Users\Leilich\Documents\Vortrag 6. Dez
2013-09-25 12:34 - 2011-11-17 07:18 - 00000000 ____D C:\Users\Leilich\Documents\Kunst
2013-09-25 12:25 - 2011-11-17 07:17 - 00000000 ____D C:\Users\Leilich\Documents\bibel digital

Files to move or delete:
====================
C:\Users\Leilich\AppData\Roaming\cache.dat
C:\Users\Leilich\AppData\Roaming\cache.ini


Some content of TEMP:
====================
C:\Users\Leilich\AppData\Local\Temp\BitMaster__2721_i105903859_il5511497.exe
C:\Users\Leilich\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Leilich\AppData\Local\Temp\MSETUP4.EXE


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

8
Restore point made on: 2013-09-17 19:47:47
Restore point made on: 2013-09-23 22:39:16
Restore point made on: 2013-09-27 16:02:44
Restore point made on: 2013-10-01 14:42:35
Restore point made on: 2013-10-08 03:28:31
Restore point made on: 2013-10-11 04:40:18
Restore point made on: 2013-10-15 12:55:31
Restore point made on: 2013-10-19 01:41:42

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4006.05 MB
Available physical RAM: 3362.36 MB
Total Pagefile: 4004.25 MB
Available Pagefile: 3356.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:443.28 GB) (Free:369.15 GB) NTFS
Drive e: (SAMSUNG_REC) (Fixed) (Total:22.38 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:1.88 GB) (Free:0.57 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: BCD18A1E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2012-09-06 01:51

==================== End Of Log ============================
--- --- ---

schrauber 23.10.2013 14:36
Zitat:
en mittlerweile immerhin als Verursacher erkannten Inhalt
den hätte ich gerne gewusst.

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Leilich\...\Winlogon: [Shell] explorer.exe,C:\Users\Leilich\AppData\Roaming\cache.dat [102400 2013-08-28] () <==== ATTENTION
C:\Users\Leilich\AppData\Roaming\cache.dat
C:\Users\Leilich\AppData\Roaming\cache.ini
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19