|
Plagegeister aller Art und deren Bekämpfung: Ruckeln bei DownloadWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.04.2012, 23:19 | #1 |
| Ruckeln bei Download Hi, seit kurzem beobachte ich dass mein Laptop bei Downloads anfängt ziemlich zu ruckeln, vor allem erkennbar daran, dass ich Soundcrackles kriege. Ich hatte das ganze zuerst auf den Flashplayer geschoben weil es vor allem bei YouTube-Videos aufgefallen ist, das scheint aber doch nicht so zu sein. Ich hab schon alles versucht rauszufinden woran das liegen könnte, aber jetzt bin ich mit meinem Latein am Ende. Ich gehe nicht davon aus, dass es sich um Virus oä handelt, daher der Post in diesem Subforum. Aufgefallen ist es mir seit ich Speccy (hxxp://www.piriform.com/speccy) installiert hatte, allerdings hat die Deinstallation nichts genützt. Das ganze wird stärker je höher die Downloadgeschwindigkeit ist (zB bei 360p nur leichtes ruckeln, bei 720p teilweise extrem) Windows 7 Professional SP1 x64 Intel Core i7-2670QM nVidia Geforce GT 540M 8GB DDR3-RAM Bisher hab ich folgendes versucht: - Neustart - Flash Player update - Windows update - Flash Player neuinstalliert - Avast und Malwarebytes Scan (kein Fund) - während eines Downloads mit dem Process Explorer gecheckt ob ein Prozess mehr CPU verbraucht (kein Fund, es bleibt bei ca. 5% Grundlast) Meine letzte Idee wäre, dass es mit der VPN-Verbindung zusammenhängt, die ich nutzen muss (Studentenwohnheim). Ich werde so bald wie möglich checken, ob das auch woanders vorkommt. Hier noch ein OTL-Log: OTL.txt Code:
ATTFilter OTL logfile created on: 14.04.2012 23:18:21 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Nico\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,51 Gb Available Physical Memory | 69,61% Memory free 15,83 Gb Paging File | 12,86 Gb Available in Paging File | 81,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 364,00 Gb Total Space | 185,34 Gb Free Space | 50,92% Space Free | Partition Type: NTFS Drive D: | 524,31 Gb Total Space | 511,56 Gb Free Space | 97,57% Space Free | Partition Type: NTFS Drive E: | 19,52 Gb Total Space | 19,52 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive G: | 931,28 Gb Total Space | 45,23 Gb Free Space | 4,86% Space Free | Partition Type: FAT32 Computer Name: NICO-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nico\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Users\Nico\AppData\Roaming\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Users\Nico\AppData\Roaming\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (NitroDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe (Nitro PDF Software) SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ZeroConfigService) Intel(R) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV - (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (YMIDUSBW) Yamaha USB-MIDI Driver (WDM) -- C:\Windows\SysNative\drivers\ymidusbx64.sys (Yamaha Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (SynasUSB) -- C:\Windows\SysNative\drivers\synUSB64.sys (SIA Syncrosoft) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.14 14:45:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.04 01:20:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.02.13 19:54:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.04 01:20:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.04 01:20:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.04 01:20:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.04 01:20:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.04 01:20:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.04 01:20:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.04 01:20:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.04 01:20:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4:64bit: - HKLM..\RunOnce: [*Restore] C:\Windows\SysNative\rstrui.exe (Microsoft Corporation) O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [aswasOutExt64.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe (AVAST Software) O4 - HKLM..\RunOnce: [aswaswOtl.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [aswaswOtl64.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe (AVAST Software) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.130 192.168.1.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{011D491A-8DFC-4B83-B54C-2EE3BFC57F8F}: NameServer = 192.168.1.10 192.168.1.130 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33BAB6F9-805F-4153-8E28-9FF6B8E8CBE3}: DhcpNameServer = 192.168.1.130 192.168.1.10 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.13 12:44:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Recover [2012.04.13 12:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software [2012.04.13 12:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software [2012.04.13 11:59:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avira UnErase Personal [2012.04.13 11:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira UnErase Personal [2012.04.13 11:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.04.12 13:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg [2012.04.12 13:39:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apulSoft [2012.04.12 13:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\apulSoft [2012.04.12 13:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\apulSoft [2012.04.12 08:09:34 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.04.12 08:09:33 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.04.12 08:09:32 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.04.12 08:09:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.04.12 08:09:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.04.12 08:09:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.04.12 08:09:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.04.12 08:09:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.04.12 08:09:29 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.04.12 08:09:29 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.04.12 08:09:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.04.12 08:09:15 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.04.12 08:09:14 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.04.12 08:09:13 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.04.12 03:00:45 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012.04.12 03:00:44 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012.04.12 03:00:42 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.04.11 18:48:05 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.04.11 18:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.04.10 02:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client [2012.04.10 02:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks [2012.04.10 02:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems [2012.04.09 15:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012.04.09 15:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2012.04.09 15:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2012.04.04 23:59:04 | 000,069,640 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\NLSSRV32.EXE [2012.04.04 16:38:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ElcomSoft [2012.04.04 16:38:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElcomSoft [2012.04.03 19:14:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Dropbox [2012.04.03 10:36:50 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.04.02 00:45:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Nitro PDF [2012.03.30 00:52:14 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll [2012.03.30 00:52:14 | 000,017,928 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll [2012.03.30 00:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF [2012.03.30 00:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF [2012.03.30 00:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF [2012.03.30 00:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF [2012.03.28 00:14:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2012.03.28 00:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.28 00:14:05 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.28 00:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.27 23:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{13A9B825-42CB-4973-913D-2194B5A4CF94} [2012.03.27 23:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\~0 [2012.03.27 23:26:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Native Instruments [2012.03.27 23:26:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments [2012.03.27 23:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments [2012.03.27 23:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments [2012.03.27 23:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments [2012.03.24 22:52:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.03.21 01:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.03.21 01:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012.03.21 01:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story [2012.03.21 01:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.03.21 01:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.03.21 01:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012.03.21 01:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.03.21 01:18:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Adobe [2012.03.20 05:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2012.03.19 18:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AraldFX [2012.03.19 04:52:55 | 000,078,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll [2012.03.19 04:52:55 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll [2012.03.19 04:52:43 | 000,111,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll [2012.03.19 04:52:43 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll [2012.03.19 04:51:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx [2012.03.19 04:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0 [2012.03.19 04:50:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033 [2012.03.19 04:50:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033 [2012.03.19 04:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012.03.19 04:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 [2012.03.19 04:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2012.03.19 04:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2012.03.19 04:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework [2012.03.19 04:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2012.03.19 04:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2012.03.19 04:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2012.03.19 04:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012.03.19 04:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions [2012.03.19 04:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK - Deutsch [2012.03.19 04:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET [2012.03.19 04:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\IIS [2012.03.19 04:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS [2012.03.19 04:34:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Visual Studio 2008 [2012.03.19 04:33:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Visual Studio 2010 [2012.03.19 04:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer [2012.03.19 04:29:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1031 [2012.03.19 04:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 [2012.03.19 04:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2012.03.19 04:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F# [2012.03.19 04:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules [2012.03.19 04:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop [2012.03.19 04:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0 [2012.03.19 04:26:43 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2012.03.19 04:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0 [2012.03.19 04:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2012.03.19 04:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [2012.03.19 04:26:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1031 [2012.03.19 04:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.03.19 04:17:03 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.03.19 04:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012.03.19 04:16:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2012.03.19 04:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.03.19 03:13:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\TechSmith [2012.03.19 03:12:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Camtasia Studio [2012.03.19 02:23:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime [2012.03.19 02:23:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Flash [2012.03.19 02:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7 [2012.03.19 02:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.03.19 02:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared [2012.03.19 02:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2012.03.19 02:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith ========== Files - Modified Within 30 Days ========== [2012.04.14 22:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.14 20:24:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.13 23:48:14 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.04.13 23:48:14 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.04.13 23:48:05 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.04.13 03:10:49 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.13 03:10:49 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.13 03:02:04 | 2078,502,911 | -HS- | M] () -- C:\hiberfil.sys [2012.04.12 10:12:45 | 001,850,930 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.04.12 10:12:45 | 000,773,722 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.04.12 10:12:45 | 000,727,300 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.04.12 10:12:45 | 000,178,372 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.04.12 10:12:45 | 000,150,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.10 02:04:46 | 000,001,593 | ---- | M] () -- C:\Windows\VPNInstall.MIF [2012.04.10 02:03:58 | 000,002,653 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2012.04.09 03:58:11 | 000,002,059 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 7.lnk [2012.04.04 23:59:04 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\NLSSRV32.EXE [2012.04.04 23:58:26 | 000,017,928 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll [2012.04.02 06:31:14 | 004,921,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.28 00:14:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.28 00:08:38 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.03.28 00:08:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.03.25 19:58:56 | 000,029,712 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll [2012.03.23 17:20:14 | 000,004,608 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.21 04:05:59 | 001,806,768 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.20 05:19:06 | 000,002,041 | ---- | M] () -- C:\Users\Admin\Desktop\JDownloader.lnk [2012.03.19 04:17:45 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.03.19 04:17:03 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.03.19 02:23:31 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\CamtasiaStudio7.lnk ========== Files Created - No Company Name ========== [2012.04.11 18:06:02 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.10 02:03:58 | 000,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2012.04.10 02:03:49 | 000,001,593 | ---- | C] () -- C:\Windows\VPNInstall.MIF [2012.04.09 03:58:11 | 000,002,059 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Pro 7.lnk [2012.04.09 03:58:10 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 7.lnk [2012.03.30 00:52:10 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk [2012.03.28 00:14:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.24 22:58:55 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk [2012.03.24 22:58:09 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk [2012.03.24 22:57:26 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk [2012.03.24 22:56:46 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk [2012.03.24 22:53:43 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012.03.24 22:53:34 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012.03.21 01:40:55 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS5.5.lnk [2012.03.21 01:40:14 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk [2012.03.21 01:40:01 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.5.lnk [2012.03.21 01:39:21 | 000,001,282 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk [2012.03.21 01:39:08 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.6.lnk [2012.03.21 01:37:05 | 000,001,383 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk [2012.03.21 01:36:57 | 000,001,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk [2012.03.21 01:36:23 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.03.21 01:18:22 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012.03.20 05:19:06 | 000,002,041 | ---- | C] () -- C:\Users\Admin\Desktop\JDownloader.lnk [2012.03.20 05:19:02 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.03.20 05:19:02 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.03.20 05:19:02 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.03.19 04:17:45 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.03.19 03:16:08 | 000,004,608 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.19 02:23:31 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\CamtasiaStudio7.lnk [2012.03.05 01:56:59 | 000,197,014 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MAnalyzerpresets.xml [2012.03.05 01:56:59 | 000,013,964 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MFlangerpresets.xml [2012.03.05 01:56:59 | 000,013,158 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MOscillatorpresets.xml [2012.03.05 01:56:59 | 000,009,119 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MFreqShifterpresets.xml [2012.03.05 01:56:59 | 000,007,130 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MEqualizerpresets.xml [2012.03.05 01:56:59 | 000,006,687 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\menvelopepresets.xml [2012.03.05 01:56:59 | 000,006,444 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MCompressorpresets.xml [2012.03.05 01:56:59 | 000,005,622 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MNoiseGeneratorpresets.xml [2012.03.05 01:56:59 | 000,005,138 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MWaveShaperpresets.xml [2012.03.05 01:56:59 | 000,004,362 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MPhaserpresets.xml [2012.03.05 01:56:59 | 000,003,771 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MRingModulatorpresets.xml [2012.03.05 01:56:59 | 000,002,820 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MEqualizerAreasEditorpresets.xml [2012.03.05 01:56:59 | 000,002,775 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MStereoExpanderpresets.xml [2012.03.05 01:56:59 | 000,002,666 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MVibratopresets.xml [2012.03.05 01:56:59 | 000,002,492 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MSpectralAnalyzerPrefilterpresets.xml [2012.03.05 01:56:59 | 000,002,366 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MTremolopresets.xml [2012.03.05 01:56:59 | 000,001,907 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MAutopanpresets.xml [2012.03.05 01:56:59 | 000,001,381 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MLimiterpresets.xml [2012.03.05 01:56:59 | 000,001,235 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\mbasestyleconfigurationpresets.xml [2012.03.05 01:56:59 | 000,001,011 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MValueToColor5presets.xml [2012.02.15 22:05:35 | 001,806,768 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.15 22:04:13 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.02.15 22:04:11 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.02.15 22:04:11 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.07.26 17:20:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.07.26 17:20:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.07.26 17:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.07.26 17:14:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.07.26 16:50:58 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.04.2012 23:18:21 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Nico\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,51 Gb Available Physical Memory | 69,61% Memory free 15,83 Gb Paging File | 12,86 Gb Available in Paging File | 81,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 364,00 Gb Total Space | 185,34 Gb Free Space | 50,92% Space Free | Partition Type: NTFS Drive D: | 524,31 Gb Total Space | 511,56 Gb Free Space | 97,57% Space Free | Partition Type: NTFS Drive E: | 19,52 Gb Total Space | 19,52 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive G: | 931,28 Gb Total Space | 45,23 Gb Free Space | 4,86% Space Free | Partition Type: FAT32 Computer Name: NICO-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files "{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{18369253-E53F-4A47-818E-082DFB950872}" = Yamaha USB-MIDI Driver "{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64) "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit) "{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer "{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed "{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program "{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files "{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440 "{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver "{7F9809C0-0356-4709-A915-D591DAB885AE}" = Nitro Pro 7 "{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client "{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64) "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 "{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.72 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.72 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BD19E69F-0F87-46CD-AD8D-7A93903B01AC}" = O&O UnErase "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi-Software "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64) "{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU "{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de "{F2D07826-C7FD-4371-85CC-4923E13F26B8}" = Nitro Reader 2 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Elantech" = ETDWare PS/2-X64 10.7.6.2_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit) "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit) "Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU "ProInst" = Intel PROSet Wireless "WinGimp-2.0_is1" = GIMP 2.6.8 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1D106581-6726-4D1B-ABEC-0CA02410F24F}" = Adobe Photoshop CS6 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{2991DD80-25AE-471E-9981-D572CA0887EE}" = Flux_StereoTool "{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools "{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU "{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser "{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project "{5776E400-655A-44E0-B67C-A236E498AB26}" = Flux_BitterSweetII "{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types "{5D9EB565-39CB-4C8E-BF3B-CB8880A61404}" = Intel(R) C++ Redistributables on Intel(R) 64 "{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime "{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch "{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service "{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework "{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CB04D8E1-7B9C-4F35-B2E2-E87CBE520805}" = Adobe After Effects CS5.5 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU "{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F570A3D8-BC0D-408E-BBE3-57E6DEEE5AAA}" = ROOT "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "apQualizr" = apQualizr 1.4.0 "ASIO4ALL" = ASIO4ALL "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode) "avast" = avast! Free Antivirus "Avira UnErase Personal" = Avira UnErase Personal "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "CVPiano-Modeled" = CVPiano-Modeled "DAEMON Tools Lite" = DAEMON Tools Lite "DC++" = DC++ 0.791 "Dune BE (Beat Edition)_is1" = Dune BE (Beat Edition) "FileZilla Client" = FileZilla Client 3.5.3 "FL Studio 10" = FL Studio 10 "IL Download Manager" = IL Download Manager "InstallShield_{18369253-E53F-4A47-818E-082DFB950872}" = Yamaha USB-MIDI Driver "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.18 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "MediaMonkey_is1" = MediaMonkey 4.0 "MeldaProduction MFreeEffectsBundle64 6" = MeldaProduction MFreeEffectsBundle64 6 "Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack "Minecraft Texturepack Editor" = Minecraft Texturepack Editor "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de) "Native Instruments Massive" = Native Instruments Massive "PunkBusterSvc" = PunkBuster Services "Rob Papen RP-Delay_is1" = Rob Papen RP-Delay 64Bits 1.0.1 "Security Task Manager" = Security Task Manager 1.8d "StormGate1 1.0c_is1" = StormGate1 1.0c "VLC media player" = VLC media player 2.0.0 "WinLiveSuite" = Windows Live Essentials "Wubi" = Ubuntu ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Advanced Archive Password Recovery" = Advanced Archive Password Recovery ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.04.2012 17:19:28 | Computer Name = Nico-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.04.2012 17:19:28 | Computer Name = Nico-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.04.2012 17:19:28 | Computer Name = Nico-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.04.2012 17:19:28 | Computer Name = Nico-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.04.2012 17:19:28 | Computer Name = Nico-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.04.2012 17:19:28 | Computer Name = Nico-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.04.2012 17:19:28 | Computer Name = Nico-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.04.2012 17:19:28 | Computer Name = Nico-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.04.2012 17:19:28 | Computer Name = Nico-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.04.2012 17:19:28 | Computer Name = Nico-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . [ System Events ] Error - 14.04.2012 15:22:54 | Computer Name = Nico-PC | Source = bowser | ID = 8003 Description = Error - 14.04.2012 15:39:35 | Computer Name = Nico-PC | Source = bowser | ID = 8003 Description = Error - 14.04.2012 15:51:36 | Computer Name = Nico-PC | Source = bowser | ID = 8003 Description = Error - 14.04.2012 16:03:35 | Computer Name = Nico-PC | Source = bowser | ID = 8003 Description = Error - 14.04.2012 16:15:33 | Computer Name = Nico-PC | Source = bowser | ID = 8003 Description = Error - 14.04.2012 16:27:31 | Computer Name = Nico-PC | Source = bowser | ID = 8003 Description = Error - 14.04.2012 16:39:29 | Computer Name = Nico-PC | Source = bowser | ID = 8003 Description = Error - 14.04.2012 16:51:29 | Computer Name = Nico-PC | Source = bowser | ID = 8003 Description = Error - 14.04.2012 17:03:27 | Computer Name = Nico-PC | Source = bowser | ID = 8003 Description = Error - 14.04.2012 17:15:29 | Computer Name = Nico-PC | Source = bowser | ID = 8003 Description = < End of report > Geändert von v1xt3 (14.04.2012 um 23:24 Uhr) |
15.04.2012, 19:40 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ruckeln bei DownloadZitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
15.04.2012, 22:06 | #3 |
| Ruckeln bei Download MBAM Log:
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.14.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Nico :: NICO-PC [limited] Protection: Enabled 15.04.2012 21:02:53 mbam-log-2012-04-15 (21-02-53).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 503666 Time elapsed: 2 hour(s), 1 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Avast Log: Code:
ATTFilter * * avast! Bericht * Diese Berichtdatei wurde automatisch erstellt * * Prüfungsname: Normal * Start: Montag, 16. April 2012 10:47:27 * VPS: 120415-2, 15.04.2012 * C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\bgBody.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\bgBodyOpenX.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\bgButton.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\bgButtonFinished.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\bgCheckbox.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\bgCloseProgram.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\bgDownloadBarEmpty.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\bgDownloadBarError.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\bgDownloadBarFull.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\bgHeaderError.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\bgRadioButtonDefault.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\bgRadioButtonHover.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\bgRadioButtonSelected.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\bgRadioButtonSelectedHover.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\buttonCenter.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\buttonCenterFinished.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\buttonLeft.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\buttonLeftFinished.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\buttonRight.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\buttonRightFinished.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\iconBlank.gif [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\iconComplete.gif [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\iconError.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\iconHeader.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>images\stencil.png [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_css\default.css [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_css\openx.css [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_host\app.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_host\bundleloader.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_host\host.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_host\httpdownload.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_host\interop.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_host\jshelper.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_host\json2.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_host\skinwindow.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_host\skinwindowprompt.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actionactionlist.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actionairappexists.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actionairappinstall.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actionairruntimeexists.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actioncheckuninstall.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actiondownload.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actiondownloadadobe.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actiongccheck.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actiongtbcheck.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actionlaunch.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actionlaunchadobe.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actionlaunchchrome.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actionlaunchflashplayer.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actionlist.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actionregistrykeypathcheck.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\actionregistryvaluecheck.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\adobe.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\custom-form-elements.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\index.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-cs.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-da.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-de.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-en-gb.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-es.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-fi.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-fr.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-it.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-ja.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-ko.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-nl.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-no.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-pl.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-pt.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-ru.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-sv.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-tr.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-zh-cn.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language-zh-tw.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\language.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>_js\ping.js [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>app.config.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>bundles.json [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>download.solidconfig [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>downloader.bundle [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>index.html [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-cs.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-da.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-de.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-es.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-fi.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-fr.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-it.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-ja.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-ko.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-nl.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-no.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-pl.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-pt.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-ru.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-sv.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-tr.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-zh-cn.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language-zh-tw.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>language.xml [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>launcher.bundle [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>logo.ico [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>openx.html [E] Archiv ist kennwortgeschützt. (42056) C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe|>window.config.xml [E] Archiv ist kennwortgeschützt. (42056) Infizierte Dateien: 0 Dateien gesamt: 351870 Ordner gesamt: 64169 Gesamtgröße: 235,6 GB * * Prüfung beendet: Montag, 16. April 2012 11:52:56 * Laufzeit war 1 Stunde(n), 5 Minute(n), 29 Sekunde(n) * |
16.04.2012, 11:33 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ruckeln bei Download Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
17.04.2012, 21:22 | #5 |
| Ruckeln bei DownloadCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=e583eabc6862db4192d6496fcfb3ef5b # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-04-17 05:16:51 # local_time=2012-04-17 07:16:51 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 0 86298682 0 0 # compatibility_mode=8192 67108863 100 0 239 239 0 0 # scanned=397397 # found=2 # cleaned=0 # scan_time=14179 C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCQXPO5A\JDownloaderSetup_3IC[1].exe a variant of Win32/InstallCore.H application (unable to clean) 00000000000000000000000000000000 I C:\Users\Admin\AppData\Local\Temp\is1070216317\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I |
18.04.2012, 12:19 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ruckeln bei DownloadZitat:
__________________ --> Ruckeln bei Download |
18.04.2012, 19:06 | #7 |
| Ruckeln bei Download Ich werde mal nachhaken, ob das evtl. daran liegen könnte, hab es bisher auch nicht mehr beobachten können, dass da der komplette Laptop so eingebrochen ist hat mich halt sehr stutzig gemacht. Ich melde mich, falls es noch was gibt. |
Themen zu Ruckeln bei Download |
.dll, 7-zip, adobe after effects, antivirus, audacity, autorun, avast, avira, bho, cpu, downloadgeschwindigkeit, error, explorer, fehler, firefox, flash player, format, hängt, install.exe, kein fund, logfile, mozilla, mozilla thunderbird, nvidia update, nvpciflt.sys, photoshop, pixel, plug-in, prozess, realtek, registry, rundll, scan, searchscopes, software, texturepack, version=1.0, virus, visual studio |