Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: software.updater.ui.exe Netzwerk bricht ab

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.06.2013, 17:48   #1
laxativa
 
software.updater.ui.exe Netzwerk bricht ab - Standard

software.updater.ui.exe Netzwerk bricht ab



Hallo,

Ich fang mal von vorne an :P
Da ich Probleme mit meiner Netzwerkkarte hatte, sprich meine Verbindung Wlan sowie Ethernet ist nach 1-4 Stunden ca einfach abgebrochen, habe ich meinen Laptop neu formatiert, da etliche versuche die Treiber neu zu installieren nichts gebracht haben.

Ich habe um ein Virus auszuschließen mein Systemlaufwerk C und Datenlaufwerk D gelöscht, neu Partitioniert und dann Formatiert. Meine daten sicherte ich auf eine Externe Festplatte die ich bis dato noch nicht wieder angeschlossen habe. Nach der Neuinstallierung habe ich Avast installiert und alle Windows Updates gefahren. Alle treiber Liefen vorschriftsmäßig

Zum Problem:
Nach nur 2 Tagen trat das Problem mit der Netzwerkkarte wieder auf. (Ich bin als Benutzer angemeldet). Hinzu kommt, dass ich beim Systemstart eine Meldung bekomme, dass "software.updater.ui.exe" nach einer Berechtigung fragt. Dies habe ich stets Negiert.
Ich hoffe ihr könnt mir helfen

Windows Pro n
Asus kv53
Unter einer Linux Live CD Gab es keine Probleme mit dem Netzwerk

Ich musste den GMER report leider als gepackten Anhang schicken, da er zu groß für das Forum war.

Code:
ATTFilter
OTL logfile created on: 27.06.2013 17:20:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\michael D\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 61,04% Memory free
7,83 Gb Paging File | 6,24 Gb Available in Paging File | 79,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,34 Gb Total Space | 75,75 Gb Free Space | 65,11% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 327,32 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.27 17:18:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\michael D\Desktop\OTL.exe
PRC - [2013.06.26 18:47:22 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\michael D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.06.26 00:58:13 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013.06.18 16:21:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.04.08 13:32:28 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.05.20 11:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.10.07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.08.17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.09.23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.26 00:58:12 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013.06.18 16:21:30 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.26 19:06:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.26 17:41:05 | 000,296,448 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.04.08 13:32:28 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.27 00:17:30 | 001,030,440 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.06.27 00:17:30 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.04.08 13:32:30 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.04.13 05:18:08 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.13 19:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 05:24:15 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:24:15 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.08.03 18:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.05.25 19:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.6
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.26 00:16:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.26 12:06:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.06.25 23:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2013.06.26 18:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\rxw116se.default\extensions
[2013.06.26 00:19:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\rxw116se.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.06.26 12:52:46 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\rxw116se.default\extensions\https-everywhere@eff.org
[2013.06.26 00:19:03 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\rxw116se.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.06.26 00:17:20 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\rxw116se.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.25 23:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.25 23:40:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.26 00:16:18 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKCU..\Run: [Spotify] C:\Users\Michael\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{995E20F0-577C-4E9E-86C4-D12E9F7A614B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D78386C3-4E04-460E-99E7-251B4B7F6897}: DhcpNameServer = 192.168.0.1
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.26 17:48:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Freemium
[2013.06.26 17:42:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Spotify
[2013.06.26 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Spotify
[2013.06.26 17:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareUpdater
[2013.06.26 17:39:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\DownloadGuide
[2013.06.26 17:00:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Thunderbird
[2013.06.26 17:00:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Thunderbird
[2013.06.26 13:00:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013.06.26 12:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.06.26 11:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.06.26 11:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.06.26 11:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.06.26 11:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2013.06.26 01:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.06.26 01:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.06.26 01:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.06.26 01:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
[2013.06.26 01:22:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.06.26 01:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.06.26 01:22:17 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.06.26 01:22:15 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.06.26 01:22:15 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.06.26 01:22:15 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.06.26 01:22:15 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.06.26 01:22:14 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.06.26 01:22:14 | 000,180,048 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFProc64.dll
[2013.06.26 01:22:14 | 000,086,352 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFComm64.dll
[2013.06.26 01:22:14 | 000,083,792 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFSAPO64.dll
[2013.06.26 01:22:14 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFHAPO64.dll
[2013.06.26 01:22:14 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFDAPO64.dll
[2013.06.26 01:22:14 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.06.26 01:22:14 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.06.26 01:22:14 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.06.26 01:22:12 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.06.26 01:22:12 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.06.26 01:22:12 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.06.26 01:22:12 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.06.26 01:22:12 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.06.26 01:22:12 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.06.26 01:22:10 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.06.26 01:22:10 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.06.26 01:22:07 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.06.26 01:22:07 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.06.26 01:22:07 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.06.26 01:22:07 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.06.26 01:22:07 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.06.26 01:22:07 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.06.26 01:22:07 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.06.26 01:22:07 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.06.26 01:22:07 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.06.26 01:22:07 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.06.26 01:22:07 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.06.26 01:22:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.06.26 01:22:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.06.26 01:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2013.06.26 01:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2013.06.26 01:17:05 | 000,413,800 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.06.26 01:17:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.06.26 01:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.06.26 01:10:01 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.06.26 00:58:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Macromedia
[2013.06.26 00:58:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Macromedia
[2013.06.26 00:58:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.06.26 00:58:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.06.26 00:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.06.26 00:19:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Secunia PSI
[2013.06.26 00:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013.06.26 00:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013.06.26 00:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013.06.26 00:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.06.26 00:17:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Google
[2013.06.26 00:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.06.26 00:17:38 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.06.26 00:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.06.26 00:17:37 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.06.26 00:17:34 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.06.26 00:17:33 | 001,030,440 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.06.26 00:17:33 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.06.26 00:17:26 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.06.26 00:17:26 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.06.26 00:15:57 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.06.26 00:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.26 00:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.06.26 00:14:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Adobe
[2013.06.25 23:53:47 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.06.25 23:41:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Mozilla
[2013.06.25 23:41:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Mozilla
[2013.06.25 23:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.06.25 23:40:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.06.25 23:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.25 23:35:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2013.06.25 23:35:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2013.06.25 22:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.06.25 22:50:39 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.06.25 22:50:39 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.06.25 22:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.06.25 22:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.06.25 22:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.06.25 22:20:28 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.06.25 22:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.06.25 22:00:15 | 000,000,000 | ---D | C] -- C:\Intel
[2013.06.25 21:33:45 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.06.25 21:33:45 | 000,000,000 | R--D | C] -- C:\Users\Michael\Searches
[2013.06.25 21:33:45 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.06.25 21:33:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Identities
[2013.06.25 21:33:32 | 000,000,000 | R--D | C] -- C:\Users\Michael\Contacts
[2013.06.25 21:33:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\VirtualStore
[2013.06.25 21:33:24 | 000,000,000 | --SD | C] -- C:\Users\Michael\AppData\Roaming\Microsoft
[2013.06.25 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Michael\Videos
[2013.06.25 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Michael\Saved Games
[2013.06.25 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Michael\Pictures
[2013.06.25 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Michael\Music
[2013.06.25 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.06.25 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Michael\Links
[2013.06.25 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Michael\Favorites
[2013.06.25 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Michael\Downloads
[2013.06.25 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Michael\Documents
[2013.06.25 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Michael\Desktop
[2013.06.25 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Vorlagen
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Verlauf
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Temporary Internet Files
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Startmenü
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\SendTo
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Recent
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Netzwerkumgebung
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Lokale Einstellungen
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Videos
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Musik
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Eigene Dateien
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Documents\Eigene Bilder
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Druckumgebung
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Cookies
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\Anwendungsdaten
[2013.06.25 21:33:24 | 000,000,000 | -HSD | C] -- C:\Users\Michael\Anwendungsdaten
[2013.06.25 21:33:24 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData
[2013.06.25 21:33:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Temp
[2013.06.25 21:33:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Microsoft
[2013.06.25 21:33:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.06.25 21:33:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.06.25 21:33:14 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.06.25 21:33:14 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.06.25 21:33:14 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.06.25 21:33:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.06.25 21:33:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.06.25 21:33:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.06.25 21:33:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.06.25 21:33:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.06.25 21:33:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.06.25 21:33:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.06.25 21:23:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.06.25 21:21:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.06.25 21:20:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.27 17:20:17 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2013.06.27 17:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.27 16:39:28 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.27 16:39:28 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.27 16:39:28 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.27 16:39:28 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.27 16:39:28 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.27 16:34:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.27 16:34:27 | 3151,835,136 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.27 16:30:12 | 000,018,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.27 16:30:12 | 000,018,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.27 00:17:31 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.27 00:17:30 | 001,030,440 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.06.27 00:17:30 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.06.27 00:17:30 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.26 17:56:10 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.06.26 17:42:16 | 000,001,817 | ---- | M] () -- C:\Users\Michael\Desktop\Spotify.lnk
[2013.06.26 17:00:07 | 000,000,220 | ---- | M] () -- C:\Users\Michael\Desktop\Star Wars - Battlefront II.url
[2013.06.26 16:59:45 | 000,000,222 | ---- | M] () -- C:\Users\Michael\Desktop\Age of Empires II HD Edition.url
[2013.06.26 13:00:58 | 000,000,219 | ---- | M] () -- C:\Users\Michael\Desktop\Dota 2.url
[2013.06.26 12:45:17 | 000,000,600 | ---- | M] () -- C:\Users\Michael\PUTTY.RND
[2013.06.26 12:06:04 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.06.26 11:04:13 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.06.26 01:21:56 | 002,601,816 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.06.26 01:21:55 | 000,518,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.06.26 01:21:55 | 000,211,184 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.06.26 01:21:55 | 000,198,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.06.26 01:21:55 | 000,155,888 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.06.26 01:21:54 | 000,220,512 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.06.26 01:21:54 | 000,180,048 | ---- | M] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFProc64.dll
[2013.06.26 01:21:54 | 000,086,352 | ---- | M] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFComm64.dll
[2013.06.26 01:21:54 | 000,083,792 | ---- | M] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFSAPO64.dll
[2013.06.26 01:21:54 | 000,082,768 | ---- | M] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFHAPO64.dll
[2013.06.26 01:21:54 | 000,082,768 | ---- | M] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFDAPO64.dll
[2013.06.26 01:21:54 | 000,081,248 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.06.26 01:21:54 | 000,074,064 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.06.26 01:21:53 | 000,078,176 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.06.26 01:21:52 | 000,375,128 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.06.26 01:21:51 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.06.26 01:21:51 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.06.26 01:21:51 | 000,204,120 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.06.26 01:21:51 | 000,101,208 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.06.26 01:21:51 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.06.26 01:21:49 | 002,197,264 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.06.26 01:21:49 | 000,318,808 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.06.26 01:21:46 | 002,085,440 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.06.26 01:21:45 | 001,327,208 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.06.26 01:21:45 | 001,179,752 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.06.26 01:21:45 | 001,111,656 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.06.26 01:21:45 | 000,504,936 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.06.26 01:21:45 | 000,475,752 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.06.26 01:21:45 | 000,317,032 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.06.26 01:21:45 | 000,269,928 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.06.26 01:21:45 | 000,266,856 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.06.26 01:21:45 | 000,126,056 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.06.26 01:21:45 | 000,125,544 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.06.26 00:17:38 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.26 00:17:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.25 23:43:25 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.25 23:43:25 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.25 23:40:51 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.25 23:33:56 | 000,267,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.25 21:24:49 | 000,163,837 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.06.25 21:24:49 | 000,163,837 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2013.06.27 17:20:17 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2013.06.27 00:17:32 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.27 00:17:31 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.26 17:43:14 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.06.26 17:42:16 | 000,001,817 | ---- | C] () -- C:\Users\Michael\Desktop\Spotify.lnk
[2013.06.26 17:42:16 | 000,001,803 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013.06.26 17:00:07 | 000,000,220 | ---- | C] () -- C:\Users\Michael\Desktop\Star Wars - Battlefront II.url
[2013.06.26 16:59:45 | 000,000,222 | ---- | C] () -- C:\Users\Michael\Desktop\Age of Empires II HD Edition.url
[2013.06.26 13:00:57 | 000,000,219 | ---- | C] () -- C:\Users\Michael\Desktop\Dota 2.url
[2013.06.26 12:06:27 | 000,000,600 | ---- | C] () -- C:\Users\Michael\PUTTY.RND
[2013.06.26 12:06:04 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013.06.26 12:06:04 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.06.26 11:04:13 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.06.26 01:17:05 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013.06.26 00:58:14 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.26 00:17:38 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.26 00:17:32 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.06.26 00:17:31 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.06.26 00:17:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.06.25 23:43:25 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.25 23:43:25 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.25 23:40:51 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.06.25 23:40:51 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.25 22:50:56 | 003,065,455 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.06.25 22:34:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.06.25 22:02:24 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.06.25 21:33:47 | 000,001,413 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.06.25 21:20:51 | 3151,835,136 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.14 02:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 02:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 07:00:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:46 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.26 17:59:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Spotify
[2013.06.26 17:00:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 27.06.2013 17:20:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\michael D\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 61,04% Memory free
7,83 Gb Paging File | 6,24 Gb Available in Paging File | 79,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,34 Gb Total Space | 75,75 Gb Free Space | 65,11% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 327,32 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 61 01 DA 5A 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0501DE04-A400-4390-8FF7-089FF387535A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{29E1EB9F-5353-425C-BCFF-FD44A7CB6CF1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{578F1007-86CE-498D-8D80-ABF31A481279}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6209DE0B-C2C3-4D2D-A27C-AAE1884EFBA5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B873F408-2EB4-4B4E-A8B2-C72A88A5A4AF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BE9610C2-9C41-4F95-96FA-C060EFC9BEF3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C1F53F85-7BDD-41A2-8C90-FE2D7028D4A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D322E03D-4AAA-43C7-BAD4-139F4E30A043}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EAB8E2A0-5878-4294-96E5-1E742714546F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F054AF7A-03DA-40E2-ADC8-FA666D0972A6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F574F8CB-1F8D-4536-B5C6-F61D985F9308}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FB2C0C92-70B5-4480-9EF2-9AABF280D36B}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{262B36B4-E792-4E72-858B-CC2B81E51FEF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{28EDB90C-F1A8-462D-AE06-26AF2BDE686B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{29037554-11A2-4BCD-8430-99B3A1463346}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{2A5094C1-01F9-4C34-878A-0D3AA5879237}" = protocol=58 | dir=in | app=system | 
"{32E3AC5D-D14A-4CE5-9059-E42A4D024D78}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{3E7DC6FE-2BE4-421B-A959-26AC949DB7AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{3FB71564-447F-4009-B920-C85F0B1B5992}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{58CF491C-B5E0-46BD-9730-F2B46B0C9E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{6A80C302-1F66-4FD5-BB92-82115CEDC6B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{90F564DB-8007-4C07-8A1D-7341F97A4C09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A4C39483-0B60-4F99-9A9B-45DAADA91561}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{A6B7576F-9237-4A55-B372-BED6AF7AF80B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AFA1BF17-92CF-4971-A695-A7E6FAD32B70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{BFDBFF2B-6AA0-41B9-B9BC-7BB71B9CB82D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{9F4DA63F-BDD3-4DB9-92B7-1A3B06FEDD2C}C:\users\michael\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{D524220F-7258-4A04-9D57-08C3B71DA886}C:\users\michael d\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\michael d\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{A9735BFC-52CE-4796-BF81-17A552BED645}C:\users\michael d\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\michael d\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{D43B28EF-ADC2-4F0E-8484-5C3ABBF17450}C:\users\michael\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-X64 8.0.5.3_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 570" = Dota 2
"Steam App 6060" = Star Wars - Battlefront II
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.06.2013 18:26:27 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.06.2013 18:49:54 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.06.2013 19:15:58 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.06.2013 19:44:47 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2013 04:46:46 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2013 05:05:20 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917,
 Zeitstempel: 0x51c06b1b  Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917,
 Zeitstempel: 0x51c06a5b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00173668  ID des fehlerhaften
 Prozesses: 0xd68  Startzeit der fehlerhaften Anwendung: 0x01ce724aa4264e2e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 86b3c910-de3f-11e2-8b4c-f46d04328dcb
 
Error - 26.06.2013 06:41:56 | Computer Name = Michael-PC | Source = Application Hang | ID = 1002
Description = Programm u1301.exe, Version 0.0.0.0 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 458    Startzeit: 
01ce7254cff8d93e    Endzeit: 30    Anwendungspfad: C:\Users\Michael\AppData\Local\Temp\Temp1_u1301.zip\u1301.exe

Berichts-ID:
 02b70bdf-de4d-11e2-8b4c-f46d04328dcb  
 
Error - 26.06.2013 12:11:37 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.06.2013 04:31:26 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.06.2013 10:36:14 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 27.06.2013 10:29:00 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 27.06.2013 10:29:30 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 27.06.2013 10:30:00 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 27.06.2013 10:30:30 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 27.06.2013 10:31:00 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 27.06.2013 10:31:30 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 27.06.2013 10:32:00 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 27.06.2013 10:32:30 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 27.06.2013 10:33:00 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 27.06.2013 10:34:43 | Computer Name = Michael-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?06.?2013 um 16:32:30 unerwartet heruntergefahren.
 
 
< End of report >
         
Angehängte Dateien
Dateityp: rar gmer.rar (5,9 KB, 61x aufgerufen)

Geändert von laxativa (27.06.2013 um 17:54 Uhr)

Alt 27.06.2013, 18:59   #2
M-K-D-B
/// TB-Ausbilder
 
software.updater.ui.exe Netzwerk bricht ab - Standard

software.updater.ui.exe Netzwerk bricht ab






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.
__________________

__________________

Alt 27.06.2013, 19:19   #3
M-K-D-B
/// TB-Ausbilder
 
software.updater.ui.exe Netzwerk bricht ab - Standard

software.updater.ui.exe Netzwerk bricht ab



Servus,




Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.






Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix,
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT.
__________________
__________________

Alt 28.06.2013, 19:42   #4
laxativa
 
software.updater.ui.exe Netzwerk bricht ab - Standard

software.updater.ui.exe Netzwerk bricht ab



Code:
ATTFilter
ComboFix 13-06-28.01 - Michael 28.06.2013  18:59:34.2.4 - x64
Microsoft Windows 7 Professional N   6.1.7601.1.1252.49.1031.18.4008.2689 [GMT 2:00]
ausgeführt von:: c:\users\michael D\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-28 bis 2013-06-28  ))))))))))))))))))))))))))))))
.
.
2013-06-28 17:02 . 2013-06-28 17:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-28 07:30 . 2013-06-17 00:10	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A2304D3-7410-4760-813D-B9DFC248AB6A}\mpengine.dll
2013-06-27 16:03 . 2013-06-27 16:03	--------	d-----w-	c:\program files (x86)\VideoLAN
2013-06-27 15:52 . 2013-06-27 15:52	--------	d-----w-	c:\program files\WinRAR
2013-06-26 17:37 . 2006-03-31 10:41	3927248	----a-w-	c:\windows\system32\d3dx9_30.dll
2013-06-26 16:21 . 2013-06-26 16:21	--------	d-----w-	c:\users\michael D
2013-06-26 15:40 . 2013-06-26 15:41	--------	d-----w-	c:\program files (x86)\SoftwareUpdater
2013-06-26 10:06 . 2013-06-26 10:06	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-06-26 09:04 . 2010-08-03 16:43	290920	----a-w-	c:\windows\system32\drivers\rtsuvstor.sys
2013-06-26 09:04 . 2010-07-13 19:21	15464	----a-w-	c:\windows\system32\drivers\diskperf64.sys
2013-06-26 09:04 . 2009-11-25 12:21	7367200	----a-w-	c:\windows\SysWow64\RtsUVStoricon.dll
2013-06-26 09:04 . 2013-06-26 11:00	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2013-06-26 09:04 . 2013-06-28 07:51	--------	d-----w-	c:\program files (x86)\Steam
2013-06-26 09:01 . 2013-06-26 09:01	--------	d-----w-	c:\program files (x86)\ASM104xUSB3
2013-06-25 23:40 . 2013-06-25 23:40	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-06-25 23:40 . 2013-06-25 23:40	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2013-06-25 23:19 . 2013-06-25 23:19	--------	d-----w-	c:\program files (x86)\ASUS
2013-06-25 23:18 . 2013-06-25 23:18	--------	d-----w-	c:\program files\Elantech
2013-06-25 23:17 . 2011-01-13 17:58	74272	----a-w-	c:\windows\system32\RtNicProp64.dll
2013-06-25 23:17 . 2011-01-13 17:58	413800	----a-w-	c:\windows\system32\drivers\Rt64win7.sys
2013-06-25 23:17 . 2011-01-13 17:58	107552	----a-w-	c:\windows\system32\RTNUninst64.dll
2013-06-25 23:17 . 2013-06-26 09:04	--------	d--h--w-	c:\program files (x86)\InstallShield Installation Information
2013-06-25 23:17 . 2013-06-26 09:04	--------	d-----w-	c:\program files (x86)\Realtek
2013-06-25 23:10 . 2010-10-04 11:02	53248	----a-w-	c:\windows\SysWow64\CSVer.dll
2013-06-25 22:58 . 2013-06-26 17:06	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-25 22:58 . 2013-06-26 17:06	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-25 22:58 . 2013-06-25 22:58	--------	d-----w-	c:\windows\SysWow64\Macromed
2013-06-25 22:58 . 2013-06-25 22:58	--------	d-----w-	c:\windows\system32\Macromed
2013-06-25 22:54 . 2013-06-25 22:54	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2013-06-25 22:32 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2013-06-25 22:32 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2013-06-25 22:32 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-06-25 22:32 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-06-25 22:32 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2013-06-25 22:32 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-06-25 22:32 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-06-25 22:32 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2013-06-25 22:32 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2013-06-25 22:18 . 2013-06-25 22:18	--------	d-----w-	c:\programdata\Panda Security
2013-06-25 22:18 . 2013-06-25 22:18	--------	d-----w-	c:\program files (x86)\Panda USB Vaccine
2013-06-25 22:17 . 2013-06-25 22:17	--------	d-----w-	c:\program files (x86)\Secunia
2013-06-25 22:17 . 2013-06-25 22:21	--------	d-----w-	c:\program files (x86)\Google
2013-06-25 22:17 . 2013-05-09 08:59	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-06-25 22:17 . 2013-06-27 22:17	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-25 22:17 . 2013-05-09 08:59	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-06-25 22:17 . 2013-06-27 22:17	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-25 22:17 . 2013-05-09 08:59	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-06-25 22:17 . 2013-06-27 22:17	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-25 22:17 . 2013-05-09 08:59	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-06-25 22:17 . 2013-05-09 08:59	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-06-25 22:17 . 2013-05-09 08:58	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-06-25 22:15 . 2013-05-09 08:58	41664	----a-w-	c:\windows\avastSS.scr
2013-06-25 22:15 . 2013-06-25 22:15	--------	d-----w-	c:\program files\AVAST Software
2013-06-25 22:15 . 2013-06-25 22:15	--------	d-----w-	c:\programdata\AVAST Software
2013-06-25 21:53 . 2013-06-26 16:24	--------	d-sh--w-	c:\windows\Installer
2013-06-25 21:42 . 2013-06-25 21:42	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 21:40 . 2013-06-26 16:09	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-06-25 21:35 . 2013-06-25 21:35	--------	d-----w-	c:\windows\SysWow64\NV
2013-06-25 21:35 . 2013-06-25 21:35	--------	d-----w-	c:\windows\system32\NV
2013-06-25 21:31 . 2013-06-25 21:31	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2013-06-25 21:31 . 2013-06-25 21:31	--------	d-----w-	c:\windows\system32\wbem\en-US
2013-06-25 20:51 . 2013-06-25 21:35	--------	d-----w-	c:\programdata\NVIDIA
2013-06-25 20:51 . 2013-06-26 16:12	--------	d-----w-	c:\users\UpdatusUser
2013-06-25 20:34 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-06-25 20:34 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-06-25 20:34 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-06-25 20:34 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-06-25 20:30 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2013-06-25 20:20 . 2013-06-25 19:33	--------	d-----w-	c:\windows\Panther
2013-06-25 20:04 . 2013-06-02 15:11	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-25 20:03 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2013-06-25 20:03 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2013-06-25 20:03 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2013-06-25 20:03 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2013-06-25 20:03 . 2010-09-30 10:41	100864	----a-w-	c:\windows\system32\fontsub.dll
2013-06-25 20:03 . 2010-09-30 06:47	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2013-06-25 20:02 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-06-25 20:02 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-06-25 20:02 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-06-25 20:02 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-06-25 20:02 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2013-06-25 20:02 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2013-06-25 20:02 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-06-25 20:00 . 2013-06-25 23:10	--------	d-----w-	c:\program files (x86)\Intel
2013-06-25 20:00 . 2013-06-25 20:00	--------	d-----w-	C:\Intel
2013-06-25 19:59 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-06-25 19:59 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2013-06-25 19:59 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2013-06-25 19:59 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2013-06-25 19:59 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2013-06-25 19:52 . 2011-11-17 06:35	395776	----a-w-	c:\windows\system32\webio.dll
2013-06-25 19:52 . 2011-11-17 05:35	314880	----a-w-	c:\windows\SysWow64\webio.dll
2013-06-25 19:50 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2013-06-25 19:49 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-06-25 19:45 . 2012-06-06 06:05	495616	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2013-06-25 19:40 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2013-06-25 19:40 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2013-06-25 19:39 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2013-06-25 19:39 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2013-06-25 19:34 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2013-06-25 19:34 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2013-06-25 19:34 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2013-06-25 19:34 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-06-25 19:51	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-25 19:51	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-25 19:51	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-25 19:51	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-25 19:51	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-25 19:51	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-08 11:32 . 2013-04-08 11:32	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-04-08 11:32 . 2013-04-08 11:32	201576	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-04-08 11:32 . 2013-04-08 11:32	7935352	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-04-08 11:32 . 2013-04-08 11:32	1107440	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-04-08 11:32 . 2013-04-08 11:32	30496	----a-w-	c:\windows\system32\drivers\nvpciflt.sys
2013-04-08 11:32 . 2013-04-08 11:32	962216	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-04-08 11:32 . 2013-04-08 11:32	2722592	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-04-08 11:32 . 2013-04-08 11:32	1988384	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-04-08 11:32 . 2013-04-08 11:32	18061328	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-04-08 11:32 . 2013-04-08 11:32	11077920	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-04-08 11:32 . 2013-04-08 11:32	2833232	----a-w-	c:\windows\system32\nvapi64.dll
2013-04-08 11:32 . 2013-04-08 11:32	15054288	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-04-08 11:32 . 2013-04-08 11:32	20458784	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-04-08 11:32 . 2013-04-08 11:32	26938656	----a-w-	c:\windows\system32\nvoglv64.dll
2013-04-08 11:32 . 2013-04-08 11:32	245872	----a-w-	c:\windows\system32\nvinitx.dll
2013-04-08 11:32 . 2013-04-08 11:32	6264680	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-04-08 11:32 . 2013-04-08 11:32	12642504	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-04-08 11:32 . 2013-04-08 11:32	9393344	----a-w-	c:\windows\system32\nvcuda.dll
2013-04-08 11:32 . 2013-04-08 11:32	15135104	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-04-08 11:32 . 2013-04-08 11:32	7567136	----a-w-	c:\windows\system32\nvopencl.dll
2013-04-08 11:32 . 2013-04-08 11:32	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-04-08 11:32 . 2013-04-08 11:32	2512336	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-04-08 11:32 . 2013-04-08 11:32	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-04-08 11:32 . 2013-04-08 11:32	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-04-08 11:32 . 2013-04-08 11:32	2906912	----a-w-	c:\windows\system32\nvcuvid.dll
2013-04-08 11:32 . 2013-04-08 11:32	2347296	----a-w-	c:\windows\system32\nvcuvenc.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-06-06 1641896]
"Spotify"="c:\users\Michael\AppData\Roaming\Spotify\Spotify.exe" [2013-06-26 4643328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService;c:\program files (x86)\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-25 17:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-06-25 11855976]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-06-25 2226280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\rxw116se.default\
FF - ExtSQL: 2013-06-26 00:16; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-06-26 00:17; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\rxw116se.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-26 00:19; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\rxw116se.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-06-26 00:19; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\rxw116se.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-06-26 12:52; https-everywhere@eff.org; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\rxw116se.default\extensions\https-everywhere@eff.org
FF - ExtSQL: 2013-06-26 17:41; ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\rxw116se.default\extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-28  19:03:51
ComboFix-quarantined-files.txt  2013-06-28 17:03
.
Vor Suchlauf: 9 Verzeichnis(se), 82.093.535.232 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 82.088.263.680 Bytes frei
.
- - End Of File - - 4D2DA2823296DD838B22C877448C185C
A36C5E4F47E84449FF07ED3517B43A31
         
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 28/06/2013 um 19:06:35 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional N Service Pack 1 (64 bits)
# Benutzer : Michael - MICHAEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\michael D\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\rxw116se.default\foxydeal.sqlite

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16618

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\rxw116se.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\michael D\AppData\Roaming\Mozilla\Firefox\Profiles\7yui5vxb.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [10827 octets] - [28/06/2013 19:06:35]

########## EOF - \AdwCleaner[S1].txt - [10888 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional N x64
Ran by Michael on 28.06.2013 at 19:36:06,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\rxw116se.default\prefs.js

user_pref("iminent.webbooster.scripts.minibar.LayoutId", "1");
user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.minibar.displayFavLinks", "1");
user_pref("iminent.webbooster.scripts.sslminibar.LayoutId", "1");
user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.sslminibar.displayFavLinks", "1");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1372261495394");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1372261451957");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1372261451970");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1372261460205");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1372261451982");
Emptied folder: C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\rxw116se.default\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.06.2013 at 19:39:16,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 28.06.2013, 20:40   #5
M-K-D-B
/// TB-Ausbilder
 
software.updater.ui.exe Netzwerk bricht ab - Standard

software.updater.ui.exe Netzwerk bricht ab



Servus,



sieht gut aus.
Wir spüren die letzten Reste auf, damit wie sie später entfernen können:





Schritt 1
  • Starte bitte OTL.exe.
  • Wähle unter Extra Registrierung: Benutze Safe List
  • Klicke auf den Scan Button.
  • Poste die OTL.txt und die Extras.txt hier in deinen Thread.






Schritt 2
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :filefind
    *Crossrider*
    *Iminent*
    *SoftwareUpdater*
    
    :folderfind
    *Crossrider*
    *Iminent*
    *SoftwareUpdater*
    
    :regfind
    Crossrider
    Iminent
    SoftwareUpdater
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von SystemLook,
  • die Beantwortung der gestellten Fragen.

__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 29.06.2013, 12:48   #6
laxativa
 
software.updater.ui.exe Netzwerk bricht ab - Standard

software.updater.ui.exe Netzwerk bricht ab



Code:
ATTFilter
OTL Extras logfile created on: 29.06.2013 12:26:47 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\michael D\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 53,53% Memory free
7,83 Gb Paging File | 5,91 Gb Available in Paging File | 75,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,34 Gb Total Space | 76,56 Gb Free Space | 65,81% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 327,32 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 61 01 DA 5A 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0501DE04-A400-4390-8FF7-089FF387535A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{29E1EB9F-5353-425C-BCFF-FD44A7CB6CF1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{578F1007-86CE-498D-8D80-ABF31A481279}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6209DE0B-C2C3-4D2D-A27C-AAE1884EFBA5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B873F408-2EB4-4B4E-A8B2-C72A88A5A4AF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BE9610C2-9C41-4F95-96FA-C060EFC9BEF3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C1F53F85-7BDD-41A2-8C90-FE2D7028D4A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D322E03D-4AAA-43C7-BAD4-139F4E30A043}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EAB8E2A0-5878-4294-96E5-1E742714546F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F054AF7A-03DA-40E2-ADC8-FA666D0972A6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F574F8CB-1F8D-4536-B5C6-F61D985F9308}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FB2C0C92-70B5-4480-9EF2-9AABF280D36B}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{262B36B4-E792-4E72-858B-CC2B81E51FEF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{290276A7-A24A-4450-899E-8DFCAEADB89E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{29037554-11A2-4BCD-8430-99B3A1463346}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{32E3AC5D-D14A-4CE5-9059-E42A4D024D78}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{3FB71564-447F-4009-B920-C85F0B1B5992}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4A8949A2-B5B5-4187-A010-F1C2046F7EC3}" = protocol=58 | dir=in | app=system | 
"{58CF491C-B5E0-46BD-9730-F2B46B0C9E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{6A80C302-1F66-4FD5-BB92-82115CEDC6B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{8E4271C8-3E20-4394-9E59-A18E377A9470}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{90F564DB-8007-4C07-8A1D-7341F97A4C09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A4C39483-0B60-4F99-9A9B-45DAADA91561}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{A6B7576F-9237-4A55-B372-BED6AF7AF80B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AC628B92-B04F-4676-BB4D-E090C2F1E0D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{BFDBFF2B-6AA0-41B9-B9BC-7BB71B9CB82D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{0BF30EBC-2D8F-4863-BE50-C7266E053623}C:\users\michael d\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\michael d\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{9F4DA63F-BDD3-4DB9-92B7-1A3B06FEDD2C}C:\users\michael\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{D524220F-7258-4A04-9D57-08C3B71DA886}C:\users\michael d\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\michael d\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{229C30D0-244E-49A4-9E47-6D2B4EA26BA9}C:\users\michael d\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\michael d\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{A9735BFC-52CE-4796-BF81-17A552BED645}C:\users\michael d\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\michael d\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{D43B28EF-ADC2-4F0E-8484-5C3ABBF17450}C:\users\michael\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-X64 8.0.5.3_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 570" = Dota 2
"Steam App 6060" = Star Wars - Battlefront II
"VLC media player" = VLC media player 2.0.7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.06.2013 05:06:10 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 28.06.2013 14:10:47 | Computer Name = Michael-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 29.06.2013 05:05:39 | Computer Name = Michael-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.0.12  registriert werden. Der Computer mit IP-Adresse 192.168.0.11
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
 
< End of report >
         
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 12:32 on 29/06/2013 by Michael
Administrator - Elevation successful

========== filefind ==========

Searching for "*Crossrider*"
No files found.

Searching for "*Iminent*"
C:\Users\Michael\AppData\Local\DownloadGuide\Offers\iminent.exe	--a---- 2090816 bytes	[15:39 26/06/2013]	[15:39 26/06/2013] 61CC93290064721BB856F89D00E156B4

Searching for "*SoftwareUpdater*"
C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe	--a---- 60928 bytes	[13:56 23/05/2013]	[15:42 26/06/2013] 4D62C3A7FA7C4FF08D5015D75124C92A
C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.dll	--a---- 168960 bytes	[15:40 26/06/2013]	[15:40 26/06/2013] 1EF11ADFB5DD20F4F78D5AACC309F633
C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe	--a---- 1281536 bytes	[15:41 26/06/2013]	[15:41 26/06/2013] 99345050F950EAD86726BB63715FEDE6

========== folderfind ==========

Searching for "*Crossrider*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*SoftwareUpdater*"
C:\Program Files (x86)\SoftwareUpdater	d------	[15:40 26/06/2013]

========== regfind ==========

Searching for "Crossrider"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Crossrider]
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Code]
"AppJavaScript"="

  /************************************************************************************
  This is your Page Code. The appAPI.ready() code block will be executed on every page load.
  For more information please visit our docs site: hxxp://docs.crossrider.com
*************************************************************************************/


appAPI.ready(function($) {

  //alert(appAPI.isMatchPages("*youtube*"));
  //alert(appAPI.isMatchPages("*watch*"));
  //alert(appAPI.isMatchPages("*hd=1*"))
  
  if (appAPI.isMatchPages("*youtube*") && appAPI.isMatchPages("*watch*") && !appAPI.isMatchPages("*hd=1*")) {
  	//alert(window.location);
    window.location = window.location + "&hd=1"
    //alert(window.location);
  }

});
"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/background_scope
*************************************************************************************/

appAPI.ready(function($) {

  // Place your code here (ideal for handling browser button, global timers, etc.)

});

"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Installer]
"CodeDownloadDomain"="hxxp://app-static.crossrider.com"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\1]
"JavaScript"="appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.extend(appAPI._cr_config,{sidebar:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},css:"/plugins/stylesheets/sidebar.css",themes:"/plugins/images/sidebar"}});$jquery.extend(appAPI._cr_config,{notifications_manager:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging:"hxxp://staging-app.crossrider.com"},statsBase:{production:"hxxp://nstats.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},geolocation:"hxxp://www.geoplugin.net/json.gp?jsoncallback=fn",meta:"/notifier/"+appAPI._cr_config.appID()+"/meta.json",messages:"/notifier/"+appAPI._cr_config.appID()+"/{id}.json",logger:"/notifications.gif",loggerAPI:"/api_notifications.gif"},notifications:{base:{production:"https://w9u6a2p6.ssl.hwcdn.net",staging
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\1]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/base.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\101]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/cortica_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[102] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

/**
 * Copyright (C) 2012 DealPly Technologies Ltd. All rights reserved. For licensing
 * information, see hxxp://www.dealply.com/
 *  
 * THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE
 * LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
 * OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
 * EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILIT
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\102]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/dealply_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\103]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_5_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf3
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\104]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/jollywallet_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\105]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/corticas_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\107]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupish_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\108]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/icm_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\116]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/ads_only_5_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\117]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/coupons_intext_ads_5_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\119]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[119] = function() {


(function($,e,b){var c="hashchange",h=document,f,g=$.event.special,i=h.documentMode,d="on"+c in e&&(i===b||i>7);function a(j){j=j||location.href;return"#"+j.replace(/^[^#]*#?(.*)$/,"$1")}$.fn[c]=function(j){return j?this.bind(c,j):this.trigger(c)};$.fn[c].delay=50;g[c]=$.extend(g[c],{setup:function(){if(d){return false}$(f.start)},teardown:function(){if(d){return false}$(f.stop)}});f=(function(){var j={},p,m=a(),k=function(q){return q},l=k,o=k;j.start=function(){p||n()};j.stop=function(){p&&clearTimeout(p);p=b};function n(){var r=a(),q=o(m);if(r!==m){l(m=r,q);$(e).trigger(c)}else{if(q!==m){location.href=location.
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\119]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/similar_web_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\120]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[120] = function() {

function injectScript(geo) {
	appAPI.dom.addRemoteJS('https://j6i7c9j2.ssl.hwcdn.net/index/index/loader.js?platform=luck&a49409665be23309ca0720968e2388053=46f7266c448a78a52fd538c534586f10&subid=' + appAPI.internal.monetization.getSubId() + '&geo=' + geo + '&userid=' + appAPI.getCrossriderID());
}

var geo = appAPI.db.get("geo");
if (!geo) {
	appAPI.request.get("hxxp://ipgeoapi.com/", function(res) {
		if (res) {
			var res = appAPI.JSON.parse(res);
			if (res && res.country_name) {
				geo = res.country_name;
				appAPI.db.set("geo", geo, appAPI.time.daysFromNow(7));
				
				injectScript(geo);
			}
		}
	});	
} el
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\120]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/luck_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\123]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[123] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.intext){
			return;
		}
	}

if (!(/^https\:\/\//.test(document.location.href))) {
	appAPI.dom.addRemoteJS("hxxp://intext.nav-links.com/js/intext.js?afid=crossrider&subid=" + appAPI.internal.monetization.getSubId() + "&maxlinks=3&linkcolor=009900");
}

};"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\123]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/intext_adv_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\124]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_no_search_no_coupons_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\125]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/arcadi2_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\126]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_ws_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\127]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/revizer_p_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\128]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/superfish_pricora_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\129]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/monetization/geo/widdit_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\13]
"Name"="CrossriderAppUtils"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\13]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderAppUtils.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\14]
"Name"="CrossriderUtils"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\14]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderUtils.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\17]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/jQuery.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\2]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_1.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\21]
"JavaScript"="var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.extend({init:function(){if(appAPI.isMatchPages.apply(this,f.url.debug_page)){h("body").bindExtensionEvent("debug_request_data",function(j,i){if(i.appId==f.appId){e();}});h("body").bindExtensionEvent("debug_request_reload_background",function(j,i){if(i.appId==f.appId&&appAPI.internal.reloadBackground){appAPI.internal.reloadBackground();}});h("body").bindExtensionEvent("debug_request_reload_plugins",function(j,i){if(i.appId==f.appId){appAPI.resources.requestReload();setTimeout(appAPI.internal.forceUpdate,750);}});h("body").bindExtensionEvent("debug_mode_activate",function(j,i){if(i.appId==f.appId){b(i);}});h("body").bindExtensionEvent("debug_mode_deactivate",function(j,i){if(i.appId==f.appId){d();}});h("body").bindExtensionEvent("debug_request_database",function
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\21]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/debug.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\22]
"JavaScript"="(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(null,appAPI.queueManager.queue).then(function(){a.when(appAPI.initializerPlugin.isReady(b)).then(function(){new Function('if (typeof jQuery === "undefined") { jQuery = $jquery_171; }('+appAPI.resources.parseIncludeJS(c.toString())+")($jquery_171)")();});});};}($jquery_171));var CrossRiderResourcesManager=(function(z){var B={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.resources,env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:appAPI.debugManager.isDebug()&&appAPI.debugManager.getResourcesPath(),isIE7:z.browser.msie&&z.browser.version*1==7},w=new z.Deferred(),h=J("meta")||{},D=J("remote_resources")||{remoteId:0},e=J("queue")||{},g=initialVersion=J("l
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\22]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\28]
"JavaScript"="var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend({init:function(){b=this;e(document).ready(function(){if(!f){d();}});e("body").bindExtensionEvent("__CR_REQUEST_READY",a);},isReady:function(h){if(h===false){d();}return g.promise();}});function d(){g.resolve();f=true;}function a(){e("body").fireExtensionEvent("__CR_RESPONSE_READY",{appId:c.appId});}}($jquery_171));(function(a){appAPI.initializerPlugin=new CrossriderInitializerPlugin();}($jquery_171));"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\28]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/initializer.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\3]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie8_fix_2.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\35]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEAjax.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\36]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.isBackground=true;appAPI.tabId="BG";appAPI.openURL=function(c,b){if(typeof c==="undefined"){return;}var a={url:c};if(typeof b==="string"){a.where=b;}appAPI.internal.message.send({eventName:"openURL",eventContent:a});};appAPI.internal.runHelper=function(a){if(typeof a!=="string"){console.error("appAPI.runHelper - Invalid parameter. Expected string (1st param) but got: "+(typeof a));return;}appAPI.internal.message.send({eventName:"runHelper",eventContent:a});};window.alert=function(a){appAPIinternal.alert(a);};window.open=function(b,a,d,c){appAPI.internal.message.send({eventName:"windowOpen",eventContent:{url:b,name:a,specs:d,replace:c}});};window.console.log=appAPI.internal.console.log;console.log
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\36]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBackground.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\37]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.browserEventCode=true;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;appAPI.internal.callbacks.setEventHandler("openURL",function(c){if(appAPI.isActiveTab()){var b=c.url;var a=c.where;appAPI.openURL(b,a);}});appAPI.internal.callbacks.setEventHandler("runHelper",function(b){if(appAPI.isActiveTab()){var a=b;appAPIinternal.run(a);}});(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onBef
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\37]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEBrowserEvents.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\38]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.internal.callbacks.genericEvent=function(e){var d=e.eventContent;if(typeof d==="undefined"){return;}var a=e.eventName;if(typeof a==="undefined"){return;}if(typeof appAPI.internal.callbacks[a]==="undefined"){return;}if(typeof appAPI.internal.callbacks[a].handler!=="undefined"){var b=appAPI.internal.callbacks[a].handler(d);if(b){return;}}if(typeof appAPI.internal.callbacks[a].listeners==="undefined"){return;}for(var c in appAPI.internal.callbacks[a].listeners){appAPI.internal.callbacks[a].listeners[c](d,c);}};appAPI.internal.callbacks.addListener=function(b,a,c){if(typeof appAPI.internal.callbacks[b]==="undefined"){appAPI.internal.callbacks[b]={};appAPI.internal.callbacks[b].listeners={};appAPI.int
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\38]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IECallbacks.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\39]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEDatabase.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\4]
"Url"="hxxp://app-static.crossrider.com/plugins/javascripts/jquery-1_7_1_min.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\40]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEExtension.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\41]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}(function(a){appAPI.isBackground=false;appAPI.tabId=a.getBhoInstanceId();appAPI.getTabId=function(){return appAPI.tabId;};appAPI.isActiveTab=function(){return appAPIinternal.isActiveTab();};appAPI.platform="IE";if(typeof appAPI.appInfo==="undefined"){appAPI.appInfo={};}var b=appAPI.internal.prefs.getChar("fullVersionForUrl","Installer");if(typeof b==="string"){appAPI.appInfo.platformVersion=b;}else{appAPI.appInfo.platformVersion=appAPI.internal.prefs.getChar("fullVersion","Installer");}appAPI.appInfo.userId=appAPI.internal.prefs.getChar("bic","Crossrider");appAPI.appInfo.id=appAPI.internal.prefs.getInt("activeAppId","");appAPI.appInfo.version=appAPI.internal.prefs.getInt("version","Manifest");appAPI.appInfo.description=appAPI.internal.prefs.getChar("description","Manifest");appAPI.appInfo.name=appAPI.internal.prefs.getChar("name","Manifest");
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\41]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInfo.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\42]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEInternal.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\43]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMessaging.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\44]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEMisc.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\45]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={};}if(typeof appAPI.internal==="undefined"){appAPI.internal={};}if(typeof appAPI.internal.callbacks==="undefined"){appAPI.internal.callbacks={};}appAPI.tabId="onRequest";window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onRequest");if(typeof c!=="string"){return 0;}if(c.length===0){return 0;}c=appAPI.JSON.parse(c);if(typeof c!=="object"){return 0;}var d=0;for(var b in c){d++;appAPI.internal.callbacks.addListener("onRequest",function(m,g){var n=appAPI.internal.callbacks.onRequest.listenersAdditiona
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\45]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEOnRequest.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\46]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IETimers.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\47]
"JavaScript"="(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:(function(){var D=appAPI.appInfo;if(D){return appAPI.appInfo.id;}else{return appAPI.appID;}})(),url:{base:{production:"hxxp://resources.crossrider.com",staging:"hxxp://staging-app.crossrider.com"},update:"/apps/{appId}/resources/meta/{lastVersion}"},env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:(appAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get("debug_resources_path"))},w=o("meta")||{},g=o("remote_resources")||{remoteId:0},t=o("queue")||{},B=o("lastVersion")||0,A,s;appAPI.resources={init:function(){if(C.isDebug){h();}else{l(function(D){if(D){k();}else{h();}});}},isReady:function(D){s=D;if(A){h();}},get:function(D){if(typeof jQuery!=="undefined
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\47]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/resources_background.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\64]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiMessage.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\72]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/appApiValidation.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\78]
"Name"="CrossriderInfo"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\78]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/CrossriderInfo.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\87]
"JavaScript"="var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform=="FF"){$jquery.fn.__prepend=$jquery.fn.prepend;$jquery.fn.prepend=function(a){if($jquery(a).is("script")){window.document.body.appendChild(a);}else{$jquery(this).__prepend(a);}};}var isChrome=appAPI.platform==="CH";function wit_getXMLHttpRequest(){return function(){this.open=function(b,a,c){this.type=b;this.url=a;this.isAsync=c;};this.send=function(){var a=this,b;if(this.isAsync){b=this.type=="GET"?appAPI.request.get:appAPI.request.post;b(this.url,function(c){a.readyState=4;a.status=200;a.responseText=c;if(a.onreadystatechange){a.onreadystatechange();}});}else{b=this.type=="GET"?appAPI.request.sync.get:appAPI.request.sync.post;a.readyState=4;a.status=200;a.responseText=b(this.url);}};this.setRequestHeader=function(){};};}function wit_MD5(t){function M(b,a){return(b<<a)|(b>>>(32-a));}function L(k,b){var F,a,d,x,c;d=(
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\87]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/ginyas_wrapper.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\91]
"JavaScript"="(function(e){var l=(function(){var N=0;var V="";function M(Y){return W(K(O(Y)));}function L(Y){return y(K(O(Y)));}function F(Y,Z){return B(K(O(Y)),Z);}function T(Y,Z){return W(D(O(Y),O(Z)));}function I(Y,Z){return y(D(O(Y),O(Z)));}function E(Y,aa,Z){return B(D(O(Y),O(aa)),Z);}function X(){return M("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72";}function K(Y){return R(C(J(Y),Y.length*8));}function D(aa,ad){var ac=J(aa);if(ac.length>16){ac=C(ac,aa.length*8);}var Y=Array(16),ab=Array(16);for(var Z=0;Z<16;Z++){Y[Z]=ac[Z]^909522486;ab[Z]=ac[Z]^1549556828;}var ae=C(Y.concat(J(ad)),512+ad.length*8);return R(C(ab.concat(ae),512+128));}function W(aa){if(typeof N==="undefined"){N=0;}var ac=N?"0123456789ABCDEF":"0123456789abcdef";var Z="";var Y;for(var ab=0;ab<aa.length;ab++){Y=aa.charCodeAt(ab);Z+=ac.charAt((Y>>>4)&15)+ac.charAt(Y&15);}return Z;}function y(aa){if(typeof V==="undefined
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\91]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/monetizationLoader.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\92]
"JavaScript"="if(typeof appAPI.internal.monetization==="undefined"){appAPI.internal.monetization={};}if(typeof appAPI.internal.monetization.plugins==="undefined"){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[92]=function(){if(typeof appAPI.internal.monetization.verticals!=="undefined"){if(!appAPI.internal.monetization.verticals.shopping){return;}}if(!(/^https\:\/\//.test(document.location.href))){appAPI.dom.addRemoteJS("hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=crossrider&userId=abc&CTID="+appAPI.internal.monetization.getSubId());}};"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\92]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\93]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/monetization/geo/superfish_no_coupons_m.js"
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\94]
"JavaScript"="appAPI.isBackground=false;appAPI.tabId="POPUP";appAPI.browserAction.setBadgeBackgroundColor=function(a){if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Expected an array but got: "+(typeof a));return;}if(a.length!==4){console.error("appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Color array should have 4 members (RGBA)");return;}appAPI.internal.message.send({eventName:"onSetBadgeColorFromPopup",eventContent:a});};appAPI.browserAction.setBadgeText=function(c,a){var b={};if(typeof c!=="string"){console.error("appAPI.browserAction.setIcon - Invalid parameter. Expected string (1st param) but got: "+(typeof c));return;}b.text=c;if(typeof a==="undefined"||a===null){b.color=null;}else{if(!(a instanceof Array)){console.error("appAPI.browserAction.setBadgeText - Invalid parameter. Expected an array (2nd param) but go
[HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\Plugins\94]
"Url"="hxxp://app-static.crossrider.com/plugins/mins/ie/IEPopup.js"

Searching for "Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\Bootstrapper\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"00000000000000000000000000000000"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\USearch.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\SearchTheWeb.xml"

Searching for "SoftwareUpdater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SoftwareUpdater\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A0BE24A1EAC48C4469D9FCB59658FE20\Features]
"SoftwareUpdater"="ProductFeature"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SystemStoreService]
"ImagePath"=""C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe"  -displayname "System Store" -servicename "SystemStoreService""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SystemStoreService]
"ImagePath"=""C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe"  -displayname "System Store" -servicename "SystemStoreService""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SystemStoreService]
"ImagePath"=""C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe"  -displayname "System Store" -servicename "SystemStoreService""

-= EOF =-
         
Die Meldung von System Update ui Erscheint weiterhin beim Systemstart. Der Fehler mit dem Netzwerk ist nicht mehr aufgetreten. Er ist aber auch nicht reproduzierbar. Der Otl Bericht war zu zu groß um ihn zu posten.
Angehängte Dateien
Dateityp: rar OTL.rar (17,7 KB, 62x aufgerufen)

Alt 29.06.2013, 18:55   #7
laxativa
 
software.updater.ui.exe Netzwerk bricht ab - Standard

software.updater.ui.exe Netzwerk bricht ab



Ok das netzwerkproblem ist auch wieder aufgetreten. Windows zeigt an, dass das Netzwerkkabel nicht angeschlossen ist und keine Wlan netzwerke verfügbar sind. Zugriff auf Netzwerkumgebung und Systemsteuerung nicht möglich.

Alt 29.06.2013, 19:29   #8
M-K-D-B
/// TB-Ausbilder
 
software.updater.ui.exe Netzwerk bricht ab - Standard

software.updater.ui.exe Netzwerk bricht ab



Servus,





Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
SRV - [2013.06.26 17:41:05 | 000,296,448 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
[2013.06.26 17:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareUpdater
[2013.06.26 17:39:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\DownloadGuide
[2013.06.26 17:48:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Freemium

:reg
[-HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Crossrider]
[-HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A0BE24A1EAC48C4469D9FCB59658FE20]

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die beiden Logdateien von FRST.
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 29.06.2013, 22:10   #9
laxativa
 
software.updater.ui.exe Netzwerk bricht ab - Standard

software.updater.ui.exe Netzwerk bricht ab



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2013 01
Ran by michael D at 2013-06-29 22:05:30
Running from C:\Users\michael D\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Age of Empires II: HD Edition (x32)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.5.0)
ATK Package (x32 Version: 1.0.0010)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Dota 2 (x32)
ETDWare PS/2-X64 8.0.5.3_WHQL (Version: 8.0.5.3)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
NVIDIA Grafiktreiber 311.44 (Version: 311.44)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Optimus 1.11.3 (Version: 1.11.3)
NVIDIA Systemsteuerung 311.44 (Version: 311.44)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Panda USB Vaccine 1.0.1.4 (x32)
PDF24 Creator 5.6.0 (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6373)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10001)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
Star Wars - Battlefront II (x32)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (HKCU Version: 3.0.10)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
VLC media player 2.0.7 (x32 Version: 2.0.7)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2013 10:02:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 06:42:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 00:38:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 11:06:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/29/2013 09:59:10 PM) (Source: Service Control Manager) (User: )
Description: Dienst "ASLDR Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/29/2013 11:05:39 AM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.12
registriert werden. Der Computer mit IP-Adresse 192.168.0.11 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (06/28/2013 08:10:47 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (06/29/2013 10:02:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 06:42:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 00:38:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 11:06:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 4007.77 MB
Available physical RAM: 2140.32 MB
Total Pagefile: 8013.72 MB
Available Pagefile: 6222.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:116.34 GB) (Free:72.93 GB) NTFS (Disk=0 Partition=2)
Drive d: (Volume) (Fixed) (Total:327.83 GB) (Free:327.32 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
Code:
ATTFilter
All processes killed
========== OTL ==========
Service SystemStoreService stopped successfully!
Service SystemStoreService deleted successfully!
C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe moved successfully.
C:\Program Files (x86)\SoftwareUpdater folder moved successfully.
C:\Users\Michael\AppData\Local\DownloadGuide\Offers folder moved successfully.
C:\Users\Michael\AppData\Local\DownloadGuide folder moved successfully.
C:\Users\Michael\AppData\Local\Freemium\SocialLock folder moved successfully.
C:\Users\Michael\AppData\Local\Freemium folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Crossrider\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1869143929-3768023721-4075323680-1003\Software\AppDataLow\Software\Plus-HD-2.4\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A0BE24A1EAC48C4469D9FCB59658FE20\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Michael
->Temp folder emptied: 2602934 bytes
->Temporary Internet Files folder emptied: 11249849 bytes
->FireFox cache emptied: 135430124 bytes
->Flash cache emptied: 2299 bytes
 
User: michael D
->Temp folder emptied: 2126895 bytes
->Temporary Internet Files folder emptied: 22931752 bytes
->FireFox cache emptied: 404111516 bytes
->Flash cache emptied: 2935 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2432 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42293561 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 592,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06292013_215910
         
Angehängte Dateien
Dateityp: rar FRST.rar (15,7 KB, 56x aufgerufen)

Alt 30.06.2013, 13:19   #10
M-K-D-B
/// TB-Ausbilder
 
software.updater.ui.exe Netzwerk bricht ab - Standard

software.updater.ui.exe Netzwerk bricht ab



Servus,


Gibt es immer noch Probleme mit SoftwareUpdater?
Wenn ja, welche?
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 30.06.2013, 16:17   #11
laxativa
 
software.updater.ui.exe Netzwerk bricht ab - Standard

software.updater.ui.exe Netzwerk bricht ab



Das Problem mit dem Software Updater ist behoben



Wenn mein Netzwerk nochmal abschmiert werd ich mich melden Danke!!

Alt 30.06.2013, 21:02   #12
M-K-D-B
/// TB-Ausbilder
 
software.updater.ui.exe Netzwerk bricht ab - Standard

software.updater.ui.exe Netzwerk bricht ab



Servus,



wir kontrollieren nochmal alles:






Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 04.07.2013, 17:12   #13
M-K-D-B
/// TB-Ausbilder
 
software.updater.ui.exe Netzwerk bricht ab - Standard

software.updater.ui.exe Netzwerk bricht ab



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Antwort

Themen zu software.updater.ui.exe Netzwerk bricht ab
antivirus, autorun, bho, browser, error, festplatte, firefox, flash player, homepage, iexplore.exe, install.exe, installation, live cd, logfile, mozilla, netzwerk, nvpciflt.sys, panda usb vaccine, realtek, registry, scan, security, softwareupdater, svchost.exe, updates, usb, virus, windows, windows updates, windows xp



Ähnliche Themen: software.updater.ui.exe Netzwerk bricht ab


  1. Software.Updater.Ui
    Log-Analyse und Auswertung - 27.03.2015 (7)
  2. Windows7, Trojaner Software.Updater.UI.exe, Popup erscheint hartnäckig
    Log-Analyse und Auswertung - 21.03.2014 (17)
  3. Trojaner Software.Updater.UI.exe dank Schreiber entfernt
    Lob, Kritik und Wünsche - 20.03.2014 (0)
  4. Win 7: Software Updater Malware ?
    Plagegeister aller Art und deren Bekämpfung - 08.02.2014 (7)
  5. Software-Updater beim Hochfahren
    Log-Analyse und Auswertung - 29.01.2014 (10)
  6. Hilfe bei trojaner Software Updater Ui.exe
    Log-Analyse und Auswertung - 17.11.2013 (10)
  7. Software Updater UI, benötigte Unterstützung bei Entfernung
    Log-Analyse und Auswertung - 02.11.2013 (1)
  8. Software Updater.ui ebenfalls eingefangen :/
    Plagegeister aller Art und deren Bekämpfung - 15.10.2013 (2)
  9. Software Updater.ui .exe/ windows vista
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (13)
  10. software.updater.ui.exe legt Rechner komplett Lahm
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (17)
  11. Laptop langsam - Gescannt und gereinigt - software.updater.exe gefunden
    Log-Analyse und Auswertung - 07.10.2013 (7)
  12. Windows Vista : Software Updater.ui
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (7)
  13. Software.Updater.ui.exe nun auf dem Rechner meiner Freundin nach dem Hochfahren
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (9)
  14. Software Updater UI.exe wie entferne ich das von meinem Laptop?
    Plagegeister aller Art und deren Bekämpfung - 08.08.2013 (11)
  15. Probleme mit unbekannter "Software Updater UI"
    Log-Analyse und Auswertung - 26.06.2013 (11)
  16. Software.updater.ui.exe möchte an meinen Laptop
    Plagegeister aller Art und deren Bekämpfung - 21.06.2013 (9)
  17. Netzwerk-Probleme / ohne T.online software ein Netzwerk ?
    Netzwerk und Hardware - 18.06.2009 (1)

Zum Thema software.updater.ui.exe Netzwerk bricht ab - Hallo, Ich fang mal von vorne an :P Da ich Probleme mit meiner Netzwerkkarte hatte, sprich meine Verbindung Wlan sowie Ethernet ist nach 1-4 Stunden ca einfach abgebrochen, habe ich - software.updater.ui.exe Netzwerk bricht ab...
Archiv
Du betrachtest: software.updater.ui.exe Netzwerk bricht ab auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.