Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Softwareupdater.UI.exe eingefangen

Softwareupdater.UI.exe eingefangen


Plagegeister aller Art und deren Bekämpfung: Softwareupdater.UI.exe eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.10.2013, 21:25   #1
Pyroflash
 
Softwareupdater.UI.exe eingefangen - Ausrufezeichen

Softwareupdater.UI.exe eingefangen


Ich habe mir den Softwareupdater.UI.exe Fehler eingefangen und weiß nicht wie ich den wieder los werden kann.Ich hoffe es kann mir jemand helfen.

Alt 21.10.2013, 06:43   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Softwareupdater.UI.exe eingefangen - Standard

Softwareupdater.UI.exe eingefangen


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 21.10.2013, 16:25   #3
Pyroflash
 
Softwareupdater.UI.exe eingefangen - Standard

Softwareupdater.UI.exe eingefangen


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013
Ran by Andreas (administrator) on ANDREAS-PC on 21-10-2013 17:18:08
Running from C:\Users\Andreas\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(Simplygen) C:\Program Files\Protected Search\ProtectedSearch.exe
(ATK0100) C:\Program Files\ATK Hotkey\Hcontrol.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\ASScrPro.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(W3i, LLC) C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.)
HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\ASScrPro.exe [33136 2008-08-25] ()
HKLM\...\Run: [ASUS Camera ScreenSaver] - C:\Windows\ASScrProlog.exe [37232 2008-08-25] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [InstallIQUpdater] - C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe [1179648 2011-10-11] (W3i, LLC)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
MountPoints2: {92a74b34-b63b-11e1-a090-0022159b5383} - F:\LGAutoRun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

ProxyServer: http=131.247.2.247:3127
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1369053976098&tguid=43169-3580-1369053976098-2AAEA28C3B7BF3E3BFAB69ABE640A071&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1369053976098&tguid=43169-3580-1369053976098-2AAEA28C3B7BF3E3BFAB69ABE640A071&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1369053976098&tguid=43169-3580-1369053976098-2AAEA28C3B7BF3E3BFAB69ABE640A071&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1369053976098&tguid=43169-3580-1369053976098-2AAEA28C3B7BF3E3BFAB69ABE640A071&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1369053976098&tguid=43169-3580-1369053976098-2AAEA28C3B7BF3E3BFAB69ABE640A071&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.1&ts=1369053976098&tguid=43169-3580-1369053976098-2AAEA28C3B7BF3E3BFAB69ABE640A071&st=chrome&q=
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.1&ts=1369053976098&tguid=43169-3580-1369053976098-2AAEA28C3B7BF3E3BFAB69ABE640A071&q={searchTerms}
SearchScopes: HKCU - {3ECA6D8A-0785-492D-858F-CB308DD4138C} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=W3I4&o=15996&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^A9Q&apn_dtid=^YYYYYY^YY^DE&apn_uid=AB0E780C-BB5B-494C-99FB-7EA2FC374E9E&apn_sauid=BA1E1257-27A5-46EB-99B5-71F91D19D661
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.1&ts=1369053976098&tguid=43169-3580-1369053976098-2AAEA28C3B7BF3E3BFAB69ABE640A071&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.1&ts=1369053976098&tguid=43169-3580-1369053976098-2AAEA28C3B7BF3E3BFAB69ABE640A071&q={searchTerms}
SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = hxxp://eu.ask.com/web?l=dis&o=16552&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=5315692958224844&p2=^A9T^YYYYYY^YY^DE&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_fs
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
SearchScopes: HKCU - {FD334B2D-D0C2-4A86-AD7F-150A8A6E9BF2} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: HomeTab - {96edaac7-6183-4cb5-8823-b8b12d94f967} - C:\Users\Andreas\AppData\Roaming\HomeTab\HomeTab.dll (Simplytech Ltd.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Flagfox - {BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24} - C:\Users\Andreas\AppData\LocalLow\Flagfox\IE\Flagfox.dll (Dave G)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - HomeTab - {96edaac7-6183-4cb5-8823-b8b12d94f967} - C:\Users\Andreas\AppData\Roaming\HomeTab\HomeTab.dll (Simplytech Ltd.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR Extension: (Flagfox) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid\4.2.781_0
CHR Extension: () - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggagllhehfjjfgnfnfkjedjlmbchamf\1.0.0.5
CHR HKLM\...\Chrome\Extension: [cfdfamfnacokbbbnmpdfmhonipnhmbid] - C:\Users\Andreas\AppData\LocalLow\Flagfox\CHROME\Flagfox.crx
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx
CHR HKLM\...\Chrome\Extension: [djbdlklldbflagkkpaljamjfbpefcbpf] - C:\Program Files\HomeTab\chrome\HomeTab.crx
CHR HKLM\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files\Complitly\chrome\ComplitlyChrome.crx
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx

========================== Services (Whitelisted) =================

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] ()
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-20] (Kaspersky Lab ZAO)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [278016 2013-07-08] ()

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2012-03-07] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-03-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-03-06] (LG Electronics Inc.)
R0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [28048 2010-02-05] (CSR, plc)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29832 2008-10-22] ()
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [48000 2007-04-11] (JMicron Technology Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-10-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [574560 2013-10-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-20] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-20] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-20] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145120 2013-06-06] (Kaspersky Lab ZAO)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-15] (ATK0100)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1743232 2007-05-25] ()
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2008-10-20] ()
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-10-10] (AnchorFree Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-01-20] (Anchorfree Inc.)
S3 BT; system32\DRIVERS\btnetdrv.sys [x]
S3 Btcsrusb; System32\Drivers\btcusb.sys [x]
S0 BtHidBus; System32\Drivers\BtHidBus.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 IvtBtBUs; System32\Drivers\IvtBtBus.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SipIMNDI; system32\DRIVERS\SipIMNDI.sys [x]
S3 VComm; system32\DRIVERS\VComm.sys [x]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-21 17:17 - 2013-10-21 17:17 - 01087515 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2013-10-21 17:17 - 2013-10-21 17:17 - 00000000 ____D C:\FRST
2013-10-20 22:31 - 2013-10-20 22:31 - 11261784 _____ (Microsoft Corporation) C:\Users\Andreas\Downloads\mseinstall.exe
2013-10-20 17:54 - 2013-10-20 17:54 - 00002078 _____ C:\Users\Andreas\Desktop\Sicherer Zahlungsverkehr.lnk
2013-10-20 17:52 - 2013-10-20 17:52 - 00000968 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-10-20 17:47 - 2013-10-21 17:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-20 17:47 - 2013-10-20 18:05 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-10-20 17:47 - 2013-10-20 17:47 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-10-20 17:47 - 2013-06-08 20:18 - 00094304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-10-16 21:16 - 2013-10-16 21:18 - 161321561 _____ C:\Users\Andreas\Downloads\VA - 25 JAHRE KUSCHELROCK - PLATIN EDITION.part4.rar
2013-10-16 20:57 - 2013-10-16 21:01 - 260000000 _____ C:\Users\Andreas\Downloads\VA - 25 JAHRE KUSCHELROCK - PLATIN EDITION.part3.rar
2013-10-16 20:52 - 2013-10-16 20:56 - 260000000 _____ C:\Users\Andreas\Downloads\VA - 25 JAHRE KUSCHELROCK - PLATIN EDITION.part2.rar
2013-10-16 20:38 - 2013-10-16 20:52 - 260000000 _____ C:\Users\Andreas\Downloads\VA - 25 JAHRE KUSCHELROCK - PLATIN EDITION.part1.rar
2013-10-16 16:23 - 2013-10-16 16:31 - 369920108 _____ C:\Users\Andreas\Downloads\VA-More_Fitness-3CD-2013-pLAN9.rar
2013-10-15 21:29 - 2013-10-20 17:39 - 00000000 ____D C:\ProgramData\Avira
2013-10-15 18:01 - 2013-10-15 18:01 - 00001631 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-15 18:00 - 2013-10-15 18:01 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-15 18:00 - 2013-10-15 18:01 - 00000000 ____D C:\Program Files\iTunes
2013-10-15 18:00 - 2013-10-15 18:00 - 00000000 ____D C:\Program Files\iPod
2013-10-13 14:38 - 2013-10-13 14:42 - 70979509 _____ C:\Users\Andreas\Downloads\VA_-_Beat_Hits_Vol.51-2CD-Bootleg-2011-SYNDIKAT-CannaPower.part2.rar
2013-10-13 14:31 - 2013-10-15 21:48 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Okev
2013-10-13 14:31 - 2013-10-14 16:02 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Octi
2013-10-13 14:31 - 2013-10-13 14:31 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Wyere
2013-10-13 14:30 - 2013-10-13 14:37 - 156237824 _____ C:\Users\Andreas\Downloads\VA_-_Beat_Hits_Vol.51-2CD-Bootleg-2011-SYNDIKAT-CannaPower.part1.rar
2013-10-13 09:11 - 2013-10-13 09:12 - 84960945 _____ C:\Users\Andreas\Downloads\Beat Hits Vol. 50 2CD (2010).Canna-Powerrar.part2.rar
2013-10-13 09:07 - 2013-10-13 09:10 - 238798720 _____ C:\Users\Andreas\Downloads\Beat Hits Vol. 50 2CD (2010).Canna-Powerrar.part1.rar
2013-10-12 07:53 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 07:53 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 07:53 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 07:53 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-12 07:53 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 07:53 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 07:53 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-12 07:53 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 07:53 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-12 07:53 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 07:53 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-12 07:53 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 07:53 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 07:53 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 07:53 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-12 07:53 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 17:47 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 17:47 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-11 17:47 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-11 17:47 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-11 17:47 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-11 17:47 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-11 17:47 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-11 17:47 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-11 17:47 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-11 17:47 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-11 17:47 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 17:47 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-11 17:47 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 17:43 - 2013-08-29 09:56 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2013-10-11 17:42 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-11 17:42 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-11 17:42 - 2013-06-29 04:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-11 17:42 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-11 17:42 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-11 17:42 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-11 17:41 - 2013-07-12 11:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 17:41 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 17:40 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 17:40 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 17:39 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 17:39 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-08 20:49 - 2013-10-11 17:22 - 00000000 ____D C:\Program Files\iPod(9)
2013-10-08 20:49 - 2013-10-08 20:50 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1(13)
2013-10-08 20:49 - 2013-10-08 20:50 - 00000000 ____D C:\Program Files\iTunes(10)
2013-10-06 08:43 - 2013-10-11 20:26 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Azeg
2013-10-06 08:43 - 2013-10-09 16:15 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Apida
2013-10-06 08:43 - 2013-10-06 08:43 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Yvof
2013-10-03 14:48 - 2013-10-03 14:58 - 222653292 _____ C:\Users\Andreas\Downloads\VA-House_Extended_DJ_Versions_Vol._2-_ZYX82673-2_-3CD-2013-MTC.r00
2013-10-03 10:46 - 2013-10-03 10:52 - 286099050 _____ C:\Users\Andreas\Downloads\VA-Mega_Dance_Top_50_Autumn_2013-2CD-2013-wAx.rar
2013-10-02 22:59 - 2013-10-02 23:04 - 225443840 _____ C:\Users\Andreas\Downloads\VA-House_Extended_DJ_Versions_Vol._2-_ZYX82673-2_-3CD-2013-MTC (1).rar
2013-10-02 18:29 - 2013-10-02 18:34 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Mega
2013-10-02 18:29 - 2013-10-02 18:30 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Ytub
2013-10-02 18:29 - 2013-10-02 18:29 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Feisu
2013-10-02 17:39 - 2013-10-02 17:39 - 00000000 ____D C:\Users\Andreas\Downloads\VA_-_Techno4ever.FM_Sensation_Dance_Vol.2-WEB-2013-CENSORED
2013-09-29 10:55 - 2013-09-30 16:01 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Laciho
2013-09-29 10:55 - 2013-09-29 10:55 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Xarylu
2013-09-29 10:55 - 2013-09-29 10:55 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Daybw
2013-09-28 19:06 - 2013-09-28 19:20 - 262086269 _____ C:\Users\Andreas\Downloads\VA_-_Megahits_2013-_534_563-4_-2CD-2013-ZzZz.rar
2013-09-28 09:06 - 2013-09-28 09:09 - 204062661 _____ C:\Users\Andreas\Downloads\VA-For_Djs_Only_2013-05_Club_Selection-_5344107_-2CD-2013-iHF.rar
2013-09-26 12:04 - 2013-09-26 12:11 - 259794176 _____ C:\Users\Andreas\Downloads\VA-Party_Shakerz-2CD-2013-COS.rar

==================== One Month Modified Files and Folders =======

2013-10-21 17:19 - 2008-08-25 08:18 - 01470688 _____ C:\Windows\WindowsUpdate.log
2013-10-21 17:18 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-10-21 17:17 - 2013-10-21 17:17 - 01087515 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2013-10-21 17:17 - 2013-10-21 17:17 - 00000000 ____D C:\FRST
2013-10-21 17:16 - 2009-09-21 14:36 - 00000424 ____H C:\Windows\Tasks\User_Feed_Synchronization-{3E55EFE6-6600-4A31-BBE9-DF7A90B239F6}.job
2013-10-21 17:14 - 2013-10-20 17:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-21 17:14 - 2012-05-01 08:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-21 17:11 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-21 17:11 - 2006-11-02 14:47 - 00003744 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-21 17:11 - 2006-11-02 14:47 - 00003744 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-20 22:31 - 2013-10-20 22:31 - 11261784 _____ (Microsoft Corporation) C:\Users\Andreas\Downloads\mseinstall.exe
2013-10-20 22:31 - 2008-12-04 09:31 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-10-20 22:31 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-20 22:03 - 2006-11-02 12:33 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-20 21:55 - 2013-05-26 06:46 - 00102590 _____ C:\Windows\PFRO.log
2013-10-20 21:48 - 2009-04-18 13:12 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\AIMP
2013-10-20 18:05 - 2013-10-20 17:47 - 00574560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-10-20 18:05 - 2013-06-10 12:27 - 00025696 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2013-10-20 18:05 - 2013-05-06 09:22 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-10-20 18:05 - 2013-05-05 22:42 - 00025696 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2013-10-20 18:05 - 2013-05-05 22:42 - 00025696 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2013-10-20 17:57 - 2009-08-31 19:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-20 17:57 - 2009-08-31 19:46 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-20 17:54 - 2013-10-20 17:54 - 00002078 _____ C:\Users\Andreas\Desktop\Sicherer Zahlungsverkehr.lnk
2013-10-20 17:52 - 2013-10-20 17:52 - 00000968 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-10-20 17:52 - 2008-10-03 02:53 - 00000000 ____D C:\Users\Andreas
2013-10-20 17:47 - 2013-10-20 17:47 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-10-20 17:39 - 2013-10-15 21:29 - 00000000 ____D C:\ProgramData\Avira
2013-10-20 17:34 - 2008-10-04 15:15 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\vlc
2013-10-20 13:18 - 2008-08-25 09:40 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-10-20 11:12 - 2012-04-30 19:34 - 00000000 ____D C:\Users\Andreas\Spinnig CD
2013-10-18 17:20 - 2008-10-03 16:56 - 00000408 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2013-10-17 16:06 - 2013-09-13 09:14 - 00000000 ____D C:\Users\Andreas\AppData\Local\CrashDumps
2013-10-16 21:18 - 2013-10-16 21:16 - 161321561 _____ C:\Users\Andreas\Downloads\VA - 25 JAHRE KUSCHELROCK - PLATIN EDITION.part4.rar
2013-10-16 21:01 - 2013-10-16 20:57 - 260000000 _____ C:\Users\Andreas\Downloads\VA - 25 JAHRE KUSCHELROCK - PLATIN EDITION.part3.rar
2013-10-16 20:56 - 2013-10-16 20:52 - 260000000 _____ C:\Users\Andreas\Downloads\VA - 25 JAHRE KUSCHELROCK - PLATIN EDITION.part2.rar
2013-10-16 20:52 - 2013-10-16 20:38 - 260000000 _____ C:\Users\Andreas\Downloads\VA - 25 JAHRE KUSCHELROCK - PLATIN EDITION.part1.rar
2013-10-16 16:31 - 2013-10-16 16:23 - 369920108 _____ C:\Users\Andreas\Downloads\VA-More_Fitness-3CD-2013-pLAN9.rar
2013-10-16 16:12 - 2011-12-02 19:08 - 00000000 ____D C:\ProgramData\AVG2012
2013-10-15 21:48 - 2013-10-13 14:31 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Okev
2013-10-15 18:23 - 2011-12-02 19:06 - 00000000 ____D C:\ProgramData\MFAData
2013-10-15 18:21 - 2012-08-24 15:58 - 00000000 ___HD C:\$AVG
2013-10-15 18:20 - 2013-01-20 20:18 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2013-10-15 18:19 - 2008-10-03 16:56 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\TuneUp Software
2013-10-15 18:01 - 2013-10-15 18:01 - 00001631 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-15 18:01 - 2013-10-15 18:00 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-15 18:01 - 2013-10-15 18:00 - 00000000 ____D C:\Program Files\iTunes
2013-10-15 18:00 - 2013-10-15 18:00 - 00000000 ____D C:\Program Files\iPod
2013-10-15 18:00 - 2008-10-04 15:43 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-14 16:02 - 2013-10-13 14:31 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Octi
2013-10-13 14:42 - 2013-10-13 14:38 - 70979509 _____ C:\Users\Andreas\Downloads\VA_-_Beat_Hits_Vol.51-2CD-Bootleg-2011-SYNDIKAT-CannaPower.part2.rar
2013-10-13 14:37 - 2013-10-13 14:30 - 156237824 _____ C:\Users\Andreas\Downloads\VA_-_Beat_Hits_Vol.51-2CD-Bootleg-2011-SYNDIKAT-CannaPower.part1.rar
2013-10-13 14:31 - 2013-10-13 14:31 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Wyere
2013-10-13 09:12 - 2013-10-13 09:11 - 84960945 _____ C:\Users\Andreas\Downloads\Beat Hits Vol. 50 2CD (2010).Canna-Powerrar.part2.rar
2013-10-13 09:10 - 2013-10-13 09:07 - 238798720 _____ C:\Users\Andreas\Downloads\Beat Hits Vol. 50 2CD (2010).Canna-Powerrar.part1.rar
2013-10-12 08:47 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-12 08:37 - 2006-11-02 14:47 - 00515336 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 07:59 - 2013-08-15 16:24 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 07:55 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-11 20:26 - 2013-10-06 08:43 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Azeg
2013-10-11 20:26 - 2013-08-10 09:53 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Ykogdy
2013-10-11 19:14 - 2012-05-01 08:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-11 19:14 - 2011-06-06 16:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-11 17:22 - 2013-10-08 20:49 - 00000000 ____D C:\Program Files\iPod(9)
2013-10-11 17:22 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-10-11 17:21 - 2006-11-02 12:22 - 54001664 _____ C:\Windows\system32\config\software_previous
2013-10-11 17:21 - 2006-11-02 12:22 - 45875200 _____ C:\Windows\system32\config\components_previous
2013-10-11 17:21 - 2006-11-02 12:22 - 27262976 _____ C:\Windows\system32\config\system_previous
2013-10-11 17:21 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-10-11 17:21 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-10-11 17:21 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\default_previous
2013-10-11 17:20 - 2008-08-25 09:31 - 00000000 ____D C:\ProgramData\P4G
2013-10-11 17:20 - 2006-11-02 13:18 - 00000000 __RSD C:\Windows\Media
2013-10-11 17:20 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2013-10-11 17:19 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2013-10-10 20:03 - 2013-01-02 22:04 - 00142848 _____ C:\Users\Andreas\Downloads\Kalender 2013.xls
2013-10-09 16:15 - 2013-10-06 08:43 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Apida
2013-10-08 20:50 - 2013-10-08 20:49 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1(13)
2013-10-08 20:50 - 2013-10-08 20:49 - 00000000 ____D C:\Program Files\iTunes(10)
2013-10-06 13:30 - 2013-06-18 16:32 - 00004022 _____ C:\Windows\setupact.log
2013-10-06 08:43 - 2013-10-06 08:43 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Yvof
2013-10-03 19:59 - 2013-05-25 10:37 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Audacity
2013-10-03 14:58 - 2013-10-03 14:48 - 222653292 _____ C:\Users\Andreas\Downloads\VA-House_Extended_DJ_Versions_Vol._2-_ZYX82673-2_-3CD-2013-MTC.r00
2013-10-03 10:52 - 2013-10-03 10:46 - 286099050 _____ C:\Users\Andreas\Downloads\VA-Mega_Dance_Top_50_Autumn_2013-2CD-2013-wAx.rar
2013-10-02 23:04 - 2013-10-02 22:59 - 225443840 _____ C:\Users\Andreas\Downloads\VA-House_Extended_DJ_Versions_Vol._2-_ZYX82673-2_-3CD-2013-MTC (1).rar
2013-10-02 18:34 - 2013-10-02 18:29 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Mega
2013-10-02 18:30 - 2013-10-02 18:29 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Ytub
2013-10-02 18:29 - 2013-10-02 18:29 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Feisu
2013-10-02 17:39 - 2013-10-02 17:39 - 00000000 ____D C:\Users\Andreas\Downloads\VA_-_Techno4ever.FM_Sensation_Dance_Vol.2-WEB-2013-CENSORED
2013-09-30 16:01 - 2013-09-29 10:55 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Laciho
2013-09-29 10:55 - 2013-09-29 10:55 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Xarylu
2013-09-29 10:55 - 2013-09-29 10:55 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Daybw
2013-09-28 19:20 - 2013-09-28 19:06 - 262086269 _____ C:\Users\Andreas\Downloads\VA_-_Megahits_2013-_534_563-4_-2CD-2013-ZzZz.rar
2013-09-28 09:09 - 2013-09-28 09:06 - 204062661 _____ C:\Users\Andreas\Downloads\VA-For_Djs_Only_2013-05_Club_Selection-_5344107_-2CD-2013-iHF.rar
2013-09-26 12:11 - 2013-09-26 12:04 - 259794176 _____ C:\Users\Andreas\Downloads\VA-Party_Shakerz-2CD-2013-COS.rar
2013-09-22 12:29 - 2013-10-12 07:53 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 12:22 - 2013-10-12 07:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 12:22 - 2013-10-12 07:53 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 12:14 - 2013-10-12 07:53 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-22 12:13 - 2013-10-12 07:53 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 12:13 - 2013-10-12 07:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 12:12 - 2013-10-12 07:53 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-22 12:09 - 2013-10-12 07:53 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 12:08 - 2013-10-12 07:53 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-22 12:07 - 2013-10-12 07:53 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 12:06 - 2013-10-12 07:53 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-22 12:05 - 2013-10-12 07:53 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 12:03 - 2013-10-12 07:53 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-22 12:03 - 2013-10-12 07:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 12:03 - 2013-10-12 07:53 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-22 11:59 - 2013-10-12 07:53 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

Files to move or delete:
====================
C:\Users\Andreas\AppData\Roaming\desktop.ini
C:\ProgramData\hpeF8C4.dll


Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 17:18

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2013
Ran by Andreas at 2013-10-21 17:19:54
Running from C:\Users\Andreas\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 3.4.0.2540)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Dreamweaver CS3 (Version: 9.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Help Viewer CS3 (Version: 1)
Adobe PDF Library Files (Version: 8.0)
Adobe Reader 8.3.0 - Deutsch (Version: 8.3.0)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
AIMP2
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ASUS Data Security Manager (Version: 1.00.0006)
ASUS Live Update (Version: 2.5.4)
ASUS Splendid Video Enhancement Technology (Version: 1.02.18)
Asus_Camera_ScreenSaver (Version: 2.0.0006)
ATI Catalyst Install Manager (Version: 3.0.642.0)
ATK Generic Function Service (Version: 1.00.0008)
ATK Hotkey (Version: 1.00.0020)
ATKOSD2 (Version: 6.64.1.4)
Audacity 2.0.3 (Version: 2.0.3)
Avanquest update (Version: 1.29)
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 5
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
Biet-O-Matic v2.14.12 (Version: 2.14.12)
Bonjour (Version: 3.0.0.10)
Browser Updater 1.1
Camtasia Studio 8 (Version: 8.0.1.903)
Catalyst Control Center Core Implementation (Version: 2007.0920.2342.40548)
Catalyst Control Center Graphics Full Existing (Version: 2007.0920.2342.40548)
Catalyst Control Center Graphics Full New (Version: 2007.0920.2342.40548)
Catalyst Control Center Graphics Light (Version: 2007.0920.2342.40548)
Catalyst Control Center Graphics Previews Common (Version: 2007.0920.2342.40548)
Catalyst Control Center Graphics Previews Vista (Version: 2007.0920.2342.40548)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0920.2342.40548)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0920.2342.40548)
Catalyst Control Center Localization Dutch (Version: 2007.0920.2342.40548)
Catalyst Control Center Localization French (Version: 2007.0920.2342.40548)
Catalyst Control Center Localization German (Version: 2007.0920.2342.40548)
Catalyst Control Center Localization Italian (Version: 2007.0920.2342.40548)
Catalyst Control Center Localization Japanese (Version: 2007.0920.2342.40548)
Catalyst Control Center Localization Korean (Version: 2007.0920.2342.40548)
Catalyst Control Center Localization Portuguese (Version: 2007.0920.2342.40548)
Catalyst Control Center Localization Spanish (Version: 2007.0920.2342.40548)
Catalyst Control Center Localization Swedish (Version: 2007.0920.2342.40548)
CCC Help Chinese Standard (Version: 2007.0920.2341.40548)
CCC Help Chinese Traditional (Version: 2007.0920.2341.40548)
CCC Help Dutch (Version: 2007.0920.2341.40548)
CCC Help English (Version: 2007.0920.2341.40548)
CCC Help French (Version: 2007.0920.2341.40548)
CCC Help German (Version: 2007.0920.2341.40548)
CCC Help Italian (Version: 2007.0920.2341.40548)
CCC Help Japanese (Version: 2007.0920.2341.40548)
CCC Help Korean (Version: 2007.0920.2341.40548)
CCC Help Portuguese (Version: 2007.0920.2341.40548)
CCC Help Spanish (Version: 2007.0920.2341.40548)
CCC Help Swedish (Version: 2007.0920.2341.40548)
ccc-Branding (Version: 1.00.0000)
ccc-core-static (Version: 2007.0920.2342.40548)
ccc-utility (Version: 2007.0920.2342.40548)
CDBurnerXP (Version: 4.5.1.3868)
Complitly
CyberLink LabelPrint (Version: 2.0.2908)
CyberLink Power2Go (Version: 6.0.1924)
Firebird SQL Server - MAGIX Edition (Version: 2.1.23.0)
Fliqlo Bildschirmschoner
FOCUS-Online-Screensaver-MAIN Screensaver
Free HD Converter V 1.2 (Version: 1.2.0.0)
Free System Utilities (Version: 1.0.0.28)
Free SystemUtilities (Version: 1.0.0.28)
GEAR 32bit Driver Installer (Version: 2.005.1)
HomeTab 3.2 (Version: 3.2)
iCloud (Version: 2.1.2.8)
InstallIQ Updater (Version: 1.4.3.0)
iTunes (Version: 11.1.1.11)
Java Auto Updater (Version: 2.0.3.1)
Java(TM) 6 Update 24 (Version: 6.0.240)
JMB36X Raid Configurer (Version: 1.00.0000)
Kaspersky Internet Security (Version: 14.0.0.4651)
LG PC Suite (Version: 5.1.18.20120509)
LG United Mobile Drivers (Version: 3.7.1.0)
LifeFrame3 (Version: 3.0.2)
LightScribe System Software  1.14.17.1 (Version: 1.14.17.1)
MAGIX Foto Manager 8 6.0.1.457 (D) (Version: 6.0.1.457)
MAGIX Fotobuch 3.6 (Version: 3.6)
MAGIX Online Druck Service 3.4.3.0 (D) (Version: 3.4.3.0)
MAGIX Screenshare 4.3.6.1987 (D) (Version: 4.3.6.1987)
MAGIX Video easy 1.0.2.1 (D) (Version: 1.0.2.1)
Medieval CUE Splitter (Version: 1.2.0)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft PowerPoint Viewer 97
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works 7.0  (Version: 07.02.0702)
Motorola SM56 Speakerphone Modem
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
PHOTOfunSTUDIO HD Edition (Version: 3.00.126)
PlayStation(R)Network Downloader (Version: 2.00.00005)
PlayStation(R)Store (Version: 2.7.6.06777)
Power4Gear eXtreme (Version: 1.00.0014)
Protected Search 1.1
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5443)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (Version: 3.51.01)
Samsung Kies (Version: 2.5.3.13052_10)
Samsung Mobile phone USB driver Software
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0)
simfy (Version: 1.7.1)
Skins (Version: 2007.0920.2342.40548)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
StarMoney (Version: 1.0)
StarMoney (Version: 2.0)
Synaptics Pointing Device Driver (Version: 9.1.19.0)
TeamViewer 6 (Version: 6.0.10194)
Total Video Converter 3.02
TrueCrypt (Version: 6.0a)
TuneUp Utilities 2007 (Version: 6.0.1255)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
USB 2.0 1.3M UVC WebCam
VLC media player 2.0.6 (Version: 2.0.6)
WinFlash
WinMail Backup (Testversion) (Version: 4)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Wireless Console 2 (Version: 2.0.8)
YTD Video Downloader 4.0 (Version: 4.0)

==================== Restore Points  =========================

16-10-2013 14:59:15 Geplanter Prüfpunkt
17-10-2013 14:32:27 Geplanter Prüfpunkt
18-10-2013 15:55:20 Geplanter Prüfpunkt
19-10-2013 11:02:11 Geplanter Prüfpunkt
20-10-2013 10:44:35 Geplanter Prüfpunkt
20-10-2013 15:49:13 Gerätetreiber-Paketinstallation: Kaspersky Lab Netzwerkdienst

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {51818118-BCA0-4909-A55D-FA9F404D60A9} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: {5F5459D4-0E46-48BE-931C-38D2CE1C9B4F} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-07-06] ()
Task: {67E4834A-25A8-4D0F-B992-9B09B911EEDB} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27] (TuneUp Software GmbH)
Task: {7E0E8C02-20E9-4DB5-AADB-3021B471653C} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-08-02] ()
Task: {815AE6CF-04CF-4BF8-AFF2-8A56F116D69C} - System32\Tasks\{A3472B17-59B9-414A-9D91-F3E1B62F0882} => C:\Program Files\Skype\Phone\Skype.exe
Task: {9B6826C1-C305-48DB-930F-70BC4E5393CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A774A9C0-1234-4862-9CAD-350BC0010B44} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files\Browser Updater\TBUpdater.dll [2013-03-19] (Simplytech Ltd.)
Task: {A9D7296A-D513-4138-87D4-B9FA7697466D} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {B1A59BEA-3975-4FBB-BE67-DE7B9854D4B6} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\Protected Search\ProtectedSearch.exe [2013-03-19] (Simplygen)
Task: {CCE84A7B-6D36-4728-94A7-4A837F388255} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-07-08] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EA3E704B-A970-47C5-801C-8A6692E83817} - System32\Tasks\Freemium1ClickMaint => C:\Program Files\Covus Freemium\Free System Utilities\1Click.exe [2013-04-11] ()
Task: {FCC3C04A-6E4A-4D36-A0D2-1827F308FCDD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{3E55EFE6-6600-4A31-BBE9-DF7A90B239F6}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-08-25 09:20 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-08-25 09:20 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2007-09-20 18:43 - 2007-09-20 18:43 - 00159744 ____N () C:\Windows\system32\atitmmxx.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Andreas\Documents\Backups:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\Bilder Franzi:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\CUTEFTP:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\DVDVideoSoft:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\Flash Gordon Remix.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\Hammer and Saw.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\Heart_Of_Asia.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\MAGIX Downloads:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\MAGIX-Fotobuch:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\MAGIX_Foto_Manager_8:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\MAGIX_Online_Druck_Service:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\MAGIX_Screenshare:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\MAGIX_Video_easy:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\Media Go:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\Nokia Sicherung Dagmar:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\Queen _ Flash _ Arquest Ringtone Mix.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\Andreas\Documents\Wecker_handycomedy.mp3:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2013 05:12:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 09:56:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 09:54:30 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (10/20/2013 01:22:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 01:18:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 08:37:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 06:03:16 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (10/19/2013 00:32:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2013 05:13:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2013 10:11:07 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (10/21/2013 05:14:59 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (10/21/2013 05:12:59 PM) (Source: Service Control Manager) (User: )
Description: BtHidBus

Error: (10/20/2013 10:31:32 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (10/20/2013 09:59:18 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (10/20/2013 09:56:29 PM) (Source: Service Control Manager) (User: )
Description: BtHidBus

Error: (10/20/2013 09:54:29 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (10/20/2013 06:05:38 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (10/20/2013 01:26:02 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (10/20/2013 01:23:33 PM) (Source: Service Control Manager) (User: )
Description: BtHidBus

Error: (10/20/2013 01:20:45 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (10/21/2013 05:12:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 09:56:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 09:54:30 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (10/20/2013 01:22:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 01:18:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 08:37:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 06:03:16 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (10/19/2013 00:32:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2013 05:13:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2013 10:11:07 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


CodeIntegrity Errors:
===================================
  Date: 2013-10-21 17:19:43.123
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-21 17:19:42.764
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-21 17:19:42.405
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-21 17:19:42.046
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-21 17:19:17.176
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-21 17:19:16.833
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-21 17:19:16.458
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-21 17:19:16.022
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 17:52:07.218
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Andreas\{0f4b68c8-61e2-4067-80ef-a5610317aa23}\klim6.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 17:52:06.204
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Andreas\{0f4b68c8-61e2-4067-80ef-a5610317aa23}\klim6.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 64%
Total physical RAM: 3070.29 MB
Available physical RAM: 1085.72 MB
Total Pagefile: 2972.54 MB
Available Pagefile: 1105.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.11 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:149.04 GB) (Free:55.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:139.28 GB) (Free:77.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 8D1C393D)
Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=139 GB) - (Type=OF Extended)

==================== End Of Log ============================
--- --- ---
__________________
Alt 22.10.2013, 07:54   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Softwareupdater.UI.exe eingefangen - Standard

Softwareupdater.UI.exe eingefangen


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Softwareupdater.UI.exe eingefangen
eingefangen, fehler, gefangen, gen, hoffe, softwareupdater.ui.exe


« GVU Trojaner - abgesicherter Modus nicht möglich | Spybot findet "mysearchdial" kann es aber nicht entfernen »


Ähnliche Themen: Softwareupdater.UI.exe eingefangen


  1. SoftwareUpdater.UI.exe
    Log-Analyse und Auswertung - 17.11.2014 (7)
  2. SoftwareUpdater.Ui.exe
    Log-Analyse und Auswertung - 04.11.2014 (13)
  3. SoftwareUpdater.ui
    Plagegeister aller Art und deren Bekämpfung - 09.05.2014 (13)
  4. Windows 7: Auf Festplattenpartition für Daten befindet sich ein Ordner "SoftwareUpdater" mit einer Datei "SoftwareUpdater.Bootstrapper"
    Plagegeister aller Art und deren Bekämpfung - 10.02.2014 (13)
  5. SoftwareUpdater.Ui.exe
    Plagegeister aller Art und deren Bekämpfung - 31.01.2014 (32)
  6. Windows 7: SoftwareUpdater eingefangen
    Log-Analyse und Auswertung - 18.01.2014 (8)
  7. SoftwareUpdater eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (13)
  8. SoftwareUpdater.Ui.exe
    Log-Analyse und Auswertung - 19.12.2013 (5)
  9. Softwareupdater.UI.exe eingefangen
    Plagegeister aller Art und deren Bekämpfung - 23.11.2013 (9)
  10. Softwareupdater.Ui.exe
    Log-Analyse und Auswertung - 29.10.2013 (3)
  11. Softwareupdater.ui.exe auf Windows Vista (SP2) eingefangen
    Log-Analyse und Auswertung - 27.09.2013 (10)
  12. C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper nicht zu löschen
    Log-Analyse und Auswertung - 05.09.2013 (7)
  13. Softwareupdater.ui.exe eingefangen und möchte bei jedem Neustart zustimmung für update
    Log-Analyse und Auswertung - 28.08.2013 (4)
  14. SoftwareUpdater.ui.exe
    Plagegeister aller Art und deren Bekämpfung - 14.07.2013 (19)
  15. c:\program files (x86)\softwareupdater\softwareupdater.bootstrapper.exe
    Plagegeister aller Art und deren Bekämpfung - 12.07.2013 (14)
  16. softwareupdater.bootstrapper.exe "c:\program files (x86)\softwareupdater\softwareupdater.bootstrapper.exe"
    Log-Analyse und Auswertung - 08.07.2013 (14)
  17. SoftwareUpdater.UI.exe
    Plagegeister aller Art und deren Bekämpfung - 02.07.2013 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Softwareupdater.UI.exe eingefangen - Ich habe mir den Softwareupdater.UI.exe Fehler eingefangen und weiß nicht wie ich den wieder los werden kann.Ich hoffe es kann mir jemand helfen. - Softwareupdater.UI.exe eingefangen...
Archiv
Du betrachtest: Softwareupdater.UI.exe eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131