Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Software-Updater beim Hochfahren

Software-Updater beim Hochfahren


Log-Analyse und Auswertung: Software-Updater beim Hochfahren

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.01.2014, 21:18   #1
SR14
 
Software-Updater beim Hochfahren - Standard

Software-Updater beim Hochfahren



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014 01
Ran by Sandro Reich (administrator) on 8530G on 27-01-2014 21:16:31
Running from C:\Users\Sandro Reich\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PnkBstrB.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\GoogleClean\GoogleRadar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Realtek Semiconductor Corp.) C:\Users\Sandro Reich\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6294048 2008-09-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1833504 2008-09-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [858632 2008-12-17] (Dritek System Inc.)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-11] (Acer Incorporated)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17888944 2012-11-09] (Skype Technologies S.A.)
HKCU\...\Run: [GoogleRadar] - C:\Program Files\GoogleClean\GoogleRadar.exe [1540096 2013-05-23] ()
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {133cfe2b-7da1-11e1-b7e0-001d72ed6f80} - F:\Startme.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1011&m=aspire_8530
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1011&m=aspire_8530
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - No Name - !{82E1477C-B154-48D3-9891-33D83C26BCD3} -  No File
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - No Name - !{bfc39e47-d643-4dc2-aa1d-61377501c844} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Sandro Reich\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Sandro Reich\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Sandro Reich\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sandro Reich\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\Sandro Reich\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-06-20]
FF Extension: GoPhotoIt - C:\Users\Sandro Reich\AppData\Roaming\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi [2013-08-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "sync": {
      "favicons_syncing_enabled": true,
      "suppress_start"
CHR Plugin: (Shockwave Flash) - C:\Users\Sandro Reich\AppData\Local\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Sandro Reich\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Sandro Reich\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Media Go Detector) - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Sandro Reich\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Google Wallet) - C:\Users\Sandro Reich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]
CHR StartMenuInternet: Google Chrome - C:\Users\Sandro Reich\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-04-05] (Advanced Micro Devices, Inc.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-11-28] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2565632 2011-10-24] (Deutsche Telekom AG)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [3993576 2011-11-17] (INCA Internet Co., Ltd.)
S4 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2012-08-13] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2012-08-13] ()
S4 RichVideo; c:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
S4 BBSvc; "C:\Program Files\Microsoft\BingBar\BBSvc.EXE" [x]
S4 BBUpdate; "C:\Program Files\Microsoft\BingBar\SeaPort.EXE" [x]

==================== Drivers (Whitelisted) ====================

R2 ACEDRV05; C:\Windows\system32\drivers\ACEDRV05.sys [97792 2012-06-17] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [183312 2008-10-03] (Advanced Micro Devices, Inc)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S4 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [33112 2013-02-19] (AVG Technologies)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys [17536 2006-10-09] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [150560 2008-08-26] (Realtek Semiconductor Corp.)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-21] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-27 21:14 - 2014-01-27 21:14 - 00000000 ____D C:\Users\Sandro Reich\Downloads\FRST-OlderVersion
2014-01-26 18:03 - 2014-01-26 18:03 - 00987425 _____ C:\Users\Sandro Reich\Downloads\SecurityCheck.exe
2014-01-26 12:35 - 2014-01-26 12:35 - 02347384 _____ (ESET) C:\Users\Sandro Reich\Downloads\esetsmartinstaller_enu.exe
2014-01-26 02:16 - 2014-01-26 02:16 - 01037068 _____ (Thisisu) C:\Users\Sandro Reich\Downloads\JRT.exe
2014-01-26 02:16 - 2014-01-26 02:16 - 00000000 ____D C:\Windows\ERUNT
2014-01-26 00:10 - 2014-01-26 00:10 - 00000000 ____D C:\Users\Sandro Reich\AppData\Roaming\Malwarebytes
2014-01-26 00:09 - 2014-01-26 02:02 - 00000000 ____D C:\AdwCleaner
2014-01-26 00:09 - 2014-01-26 00:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-26 00:08 - 2014-01-26 00:09 - 01236282 _____ C:\Users\Sandro Reich\Downloads\adwcleaner.exe
2014-01-26 00:08 - 2014-01-26 00:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sandro Reich\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-25 19:07 - 2014-01-25 19:17 - 00039676 _____ C:\Users\Sandro Reich\Downloads\Addition.txt
2014-01-25 19:04 - 2014-01-27 21:16 - 00022264 _____ C:\Users\Sandro Reich\Downloads\FRST.txt
2014-01-25 19:04 - 2014-01-27 21:14 - 01223168 _____ (Farbar) C:\Users\Sandro Reich\Downloads\FRST.exe
2014-01-25 19:04 - 2014-01-27 21:14 - 00000000 ____D C:\FRST
2014-01-25 18:34 - 2014-01-25 18:34 - 00001668 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-25 18:30 - 2014-01-25 18:34 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-25 18:30 - 2014-01-25 18:34 - 00000000 ____D C:\Program Files\iTunes
2014-01-25 18:30 - 2014-01-25 18:30 - 00000000 ____D C:\Program Files\iPod
2014-01-25 18:09 - 2014-01-25 18:09 - 00000000 ____D C:\Users\Sandro Reich\AppData\Local\cache
2014-01-25 18:09 - 2014-01-25 18:09 - 00000000 ____D C:\Users\Sandro Reich\.android
2014-01-25 18:09 - 2014-01-25 18:09 - 00000000 _____ C:\Users\Sandro Reich\daemonprocess.txt
2014-01-15 18:29 - 2014-01-15 18:29 - 00000000 ____D C:\Windows\Sun
2014-01-15 18:28 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-15 18:27 - 2014-01-15 18:27 - 00005315 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-15 18:27 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-15 18:27 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-15 18:27 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-06 19:18 - 2014-01-06 19:19 - 02821767 _____ C:\Users\Sandro Reich\Downloads\PGR_F1_2012.zip

==================== One Month Modified Files and Folders =======

2014-01-27 21:16 - 2014-01-25 19:04 - 00022264 _____ C:\Users\Sandro Reich\Downloads\FRST.txt
2014-01-27 21:14 - 2014-01-27 21:14 - 00000000 ____D C:\Users\Sandro Reich\Downloads\FRST-OlderVersion
2014-01-27 21:14 - 2014-01-25 19:04 - 01223168 _____ (Farbar) C:\Users\Sandro Reich\Downloads\FRST.exe
2014-01-27 21:14 - 2014-01-25 19:04 - 00000000 ____D C:\FRST
2014-01-27 21:12 - 2006-11-02 11:33 - 01567416 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-27 21:10 - 2011-10-08 16:12 - 01445018 _____ C:\Windows\WindowsUpdate.log
2014-01-27 21:06 - 2011-10-08 15:50 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2014-01-27 21:06 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-27 21:06 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-27 21:06 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 20:33 - 2006-11-02 14:01 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-26 20:20 - 2011-10-23 16:33 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-26 19:51 - 2012-04-16 14:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-26 19:35 - 2011-10-23 16:29 - 00001148 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3924443048-4238619720-2961966764-1000UA.job
2014-01-26 18:58 - 2011-10-23 16:33 - 00002391 _____ C:\Users\Sandro Reich\Desktop\Google Chrome.lnk
2014-01-26 18:20 - 2008-01-21 03:47 - 04360972 _____ C:\Windows\PFRO.log
2014-01-26 18:03 - 2014-01-26 18:03 - 00987425 _____ C:\Users\Sandro Reich\Downloads\SecurityCheck.exe
2014-01-26 12:35 - 2014-01-26 12:35 - 02347384 _____ (ESET) C:\Users\Sandro Reich\Downloads\esetsmartinstaller_enu.exe
2014-01-26 02:16 - 2014-01-26 02:16 - 01037068 _____ (Thisisu) C:\Users\Sandro Reich\Downloads\JRT.exe
2014-01-26 02:16 - 2014-01-26 02:16 - 00000000 ____D C:\Windows\ERUNT
2014-01-26 02:02 - 2014-01-26 00:09 - 00000000 ____D C:\AdwCleaner
2014-01-26 02:00 - 2011-10-23 22:15 - 00000000 ____D C:\ProgramData\ICQ
2014-01-26 00:10 - 2014-01-26 00:10 - 00000000 ____D C:\Users\Sandro Reich\AppData\Roaming\Malwarebytes
2014-01-26 00:09 - 2014-01-26 00:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-26 00:09 - 2014-01-26 00:08 - 01236282 _____ C:\Users\Sandro Reich\Downloads\adwcleaner.exe
2014-01-26 00:08 - 2014-01-26 00:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sandro Reich\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-25 21:20 - 2011-10-23 16:33 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-25 20:35 - 2011-10-23 16:29 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3924443048-4238619720-2961966764-1000Core.job
2014-01-25 19:17 - 2014-01-25 19:07 - 00039676 _____ C:\Users\Sandro Reich\Downloads\Addition.txt
2014-01-25 18:47 - 2012-07-07 00:26 - 00000000 ____D C:\Users\Sandro Reich\AppData\Local\Apple Computer
2014-01-25 18:42 - 2012-07-06 23:37 - 00000000 ____D C:\Program Files\Avidemux 2.5
2014-01-25 18:34 - 2014-01-25 18:34 - 00001668 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-25 18:34 - 2014-01-25 18:30 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-25 18:34 - 2014-01-25 18:30 - 00000000 ____D C:\Program Files\iTunes
2014-01-25 18:30 - 2014-01-25 18:30 - 00000000 ____D C:\Program Files\iPod
2014-01-25 18:30 - 2012-07-07 00:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-25 18:15 - 2012-07-07 00:18 - 00000000 ____D C:\ProgramData\Apple
2014-01-25 18:10 - 2009-01-22 06:42 - 00000000 ____D C:\Program Files\Acer GameZone
2014-01-25 18:09 - 2014-01-25 18:09 - 00000000 ____D C:\Users\Sandro Reich\AppData\Local\cache
2014-01-25 18:09 - 2014-01-25 18:09 - 00000000 ____D C:\Users\Sandro Reich\.android
2014-01-25 18:09 - 2014-01-25 18:09 - 00000000 _____ C:\Users\Sandro Reich\daemonprocess.txt
2014-01-25 18:09 - 2011-10-08 15:23 - 00000000 ____D C:\Users\Sandro Reich
2014-01-19 08:32 - 2011-10-23 15:51 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-15 20:14 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-15 20:06 - 2009-01-22 07:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 19:54 - 2013-08-15 22:50 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 19:48 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-15 18:29 - 2014-01-15 18:29 - 00000000 ____D C:\Windows\Sun
2014-01-15 18:28 - 2013-11-03 18:57 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 18:27 - 2014-01-15 18:27 - 00005315 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-15 18:27 - 2012-03-01 18:09 - 00000000 ____D C:\Program Files\Java
2014-01-15 18:10 - 2012-11-10 23:34 - 00000000 ____D C:\Users\Sandro Reich\AppData\Roaming\Skype
2014-01-13 18:24 - 2013-12-18 18:25 - 00000101 _____ C:\Users\Sandro Reich\AppData\Roaming\WB.CFG
2014-01-07 23:37 - 2011-10-08 15:35 - 00000000 ____D C:\Users\Sandro Reich\Desktop\SR14
2014-01-06 19:19 - 2014-01-06 19:18 - 02821767 _____ C:\Users\Sandro Reich\Downloads\PGR_F1_2012.zip
2013-12-31 18:33 - 2011-10-23 17:02 - 00000000 ____D C:\Users\Sandro Reich\AppData\Roaming\vlc

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.3548.dll


Some content of TEMP:
====================
C:\Users\Sandro Reich\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Sandro Reich\AppData\Local\Temp\Quarantine.exe
C:\Users\Sandro Reich\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Sandro Reich\AppData\Local\Temp\setupA9_.exe
C:\Users\Sandro Reich\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-27 21:13

==================== End Of Log ============================
--- --- ---
Antwort

Themen zu Software-Updater beim Hochfahren
abelssoft, acedrv05.sys, avg security toolbar, bingbar, branding, chromium, device driver, freemium, hijack.searchpage, koyote, launch, msiinstaller, nextlive, pup.bprotector, pup.optional.1clickdownload.a, pup.optional.alexatb.a, pup.optional.amazontb.a, pup.optional.atdhenettvap.a, pup.optional.babylon.a, pup.optional.bandoo.a, pup.optional.bprotector.a, pup.optional.crossrider.a, pup.optional.datamngr.a, pup.optional.dealply.a, pup.optional.delta.a, pup.optional.downloadguide.a, pup.optional.filesfrog.a, pup.optional.gophoto.a, pup.optional.hometab.a, pup.optional.iminent.a, pup.optional.installcore.a, pup.optional.nextlive.a, pup.optional.opencandy, pup.optional.pcspeedup.a, pup.optional.searchqu, pup.optional.sweetim.a, secure search, svchost.exe, vtoolbarupdater


« Windows 7 32 Bit: Java-Schädling? USB Device Installation + Webcam Start | Windows 7: Netbanking sperrt Konto wegen Trojanermeldung; Kaspersky nicht fündig »


Ähnliche Themen: Software-Updater beim Hochfahren


  1. Software.Updater.Ui
    Log-Analyse und Auswertung - 27.03.2015 (7)
  2. Windows7, Trojaner Software.Updater.UI.exe, Popup erscheint hartnäckig
    Log-Analyse und Auswertung - 21.03.2014 (17)
  3. Trojaner Software.Updater.UI.exe dank Schreiber entfernt
    Lob, Kritik und Wünsche - 20.03.2014 (0)
  4. Win 7: Software Updater Malware ?
    Plagegeister aller Art und deren Bekämpfung - 08.02.2014 (7)
  5. Hilfe bei trojaner Software Updater Ui.exe
    Log-Analyse und Auswertung - 17.11.2013 (10)
  6. Software Updater UI, benötigte Unterstützung bei Entfernung
    Log-Analyse und Auswertung - 02.11.2013 (1)
  7. Software Updater.ui ebenfalls eingefangen :/
    Plagegeister aller Art und deren Bekämpfung - 15.10.2013 (2)
  8. Software Updater.ui .exe/ windows vista
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (13)
  9. software.updater.ui.exe legt Rechner komplett Lahm
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (17)
  10. Laptop langsam - Gescannt und gereinigt - software.updater.exe gefunden
    Log-Analyse und Auswertung - 07.10.2013 (7)
  11. Windows Vista : Software Updater.ui
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (7)
  12. Problem beim starten: x86/Home Tab/Tb updater.dll, Modul nicht gefunden. Zusätzlich Probleme beim Herunterfahren
    Log-Analyse und Auswertung - 12.09.2013 (15)
  13. Software.Updater.ui.exe nun auf dem Rechner meiner Freundin nach dem Hochfahren
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (9)
  14. Software Updater UI.exe wie entferne ich das von meinem Laptop?
    Plagegeister aller Art und deren Bekämpfung - 08.08.2013 (11)
  15. software.updater.ui.exe Netzwerk bricht ab
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (12)
  16. Software.updater.ui.exe möchte an meinen Laptop
    Plagegeister aller Art und deren Bekämpfung - 21.06.2013 (9)
  17. 'Microsoft Windows malicious software removal tool' öffnet sich beim Hochfahren
    Plagegeister aller Art und deren Bekämpfung - 04.05.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Software-Updater beim Hochfahren - FRST Logfile: Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014 01 Ran by Sandro Reich (administrator) on 8530G on 27-01-2014 21:16:31 Running - Software-Updater beim Hochfahren...
Archiv
Du betrachtest: Software-Updater beim Hochfahren auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131