Danke, aber ich bin schon mal hier gewesen.
Also, ich habe nun einen anderen Account auf dem PC. Ich habe auch einen Scan mit Malwarebyte gemacht, hier der Log: Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.07.19.12
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
NIKITA :: NIKITA-PC [Administrator]
Schutz: Aktiviert
19.07.2012 21:05:37
mbam-log-2012-07-19 (21-11-10).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 215763
Laufzeit: 4 Minute(n), 42 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Users\NIKITA\AppData\Local\Temp\ICReinstall\FLVPlayerSetup.exe (Adware.Agent) -> Keine Aktion durchgeführt.
C:\Users\NIKITA\AppData\Local\Temp\10092937.Uninstall\Uninstall.exe (Adware.Agent) -> Keine Aktion durchgeführt.
(Ende) Die Dateien wurden danach in Quarantäne gestellt und gelöscht.
Hier sind außerdem, die Logfiles von OTL: Code:
OTL logfile created on: 19.07.2012 22:58:14 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ersatz\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 66,22% Memory free
4,00 Gb Paging File | 3,14 Gb Available in Paging File | 78,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,74 Gb Total Space | 15,87 Gb Free Space | 27,02% Space Free | Partition Type: NTFS
Drive D: | 5,89 Gb Total Space | 5,30 Gb Free Space | 89,91% Space Free | Partition Type: NTFS
Drive E: | 401,12 Gb Total Space | 135,96 Gb Free Space | 33,89% Space Free | Partition Type: NTFS
Computer Name: NIKITA-PC | User Name: NIKITA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ersatz\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10x_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120224.002\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120224.034\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120224.034\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys (Symantec Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VX3000) -- C:\Windows\System32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 3E 31 DE 4B 63 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {8704E8C4-9DB6-4A09-8617-C4957FB2BBF4}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searc}
IE - HKCU\..\SearchScopes\{8704E8C4-9DB6-4A09-8617-C4957FB2BBF4}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012.02.11 20:17:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_10_1 [2012.07.19 22:52:24 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WSDPrintProxy] C:\Users\NIKITA\AppData\Local\Microsoft\Windows\613\WSDPrintProxy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://86.56.142.34/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63D31F64-6C0D-4E45-9DDE-6659B683EB94}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.19 21:04:43 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\AppData\Roaming\Malwarebytes
[2012.07.19 21:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.19 21:04:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.19 21:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.19 21:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.19 17:42:05 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\AppData\Roaming\hellomoto
[2012.07.13 14:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Software Untergrund
[2012.07.13 14:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012.07.13 14:34:13 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\Documents\Leisure Media
[2012.07.13 14:33:56 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Leisure Media
[2012.07.13 14:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leisure Media
[2012.07.13 14:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Leisure Media
[2012.07.11 23:32:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.11 23:32:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.11 23:32:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.11 23:32:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.11 23:32:06 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.11 23:32:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.11 23:32:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 23:28:54 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 16:44:32 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 16:44:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.11 16:44:29 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.10 21:13:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012.07.01 17:52:18 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\Documents\Krippenstein-Dateien
[2012.06.29 14:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\ÖBB.S12
[2012.06.22 21:56:55 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\Documents\KOMPASS Digital Map
[2012.06.21 18:14:43 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 18:14:43 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 18:14:36 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 18:14:36 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 18:14:36 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 18:14:25 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 18:14:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.20 16:47:56 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\Documents\Hauptstädte-Dateien
[2012.06.20 15:56:00 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\Documents\1btf-Dateien
[1 C:\Users\NIKITA\AppData\Local\*.tmp files -> C:\Users\NIKITA\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.19 23:01:01 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 23:01:01 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 22:57:32 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.19 22:57:32 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.19 22:57:32 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.19 22:57:32 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.19 22:52:53 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.19 22:52:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.19 22:52:14 | 1610,113,024 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.19 22:29:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.19 21:04:41 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.19 17:56:03 | 000,003,344 | ---- | M] () -- C:\bootsqm.dat
[2012.07.18 19:41:42 | 000,044,501 | ---- | M] () -- C:\Users\NIKITA\.recently-used.xbel
[2012.07.15 11:49:13 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2012.07.13 14:36:11 | 000,001,397 | ---- | M] () -- C:\Users\NIKITA\Desktop\Digitaler Auto- und Motorradatlas.lnk
[2012.07.12 14:39:12 | 004,130,938 | ---- | M] () -- C:\Users\NIKITA\U-Bahn Wien - Gleisplan.png
[2012.07.12 07:18:19 | 000,298,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.01 19:13:31 | 000,092,968 | ---- | M] () -- C:\Users\NIKITA\Documents\Krippenstein.pbf
[2012.06.29 15:24:16 | 000,000,984 | ---- | M] () -- C:\Users\NIKITA\Desktop\KOMPASS Wanderkarte Österreich.lnk
[2012.06.29 14:34:45 | 000,000,974 | ---- | M] () -- C:\Users\NIKITA\Desktop\ÖBB Sommer 2012.lnk
[2012.06.27 14:07:36 | 000,069,841 | ---- | M] () -- C:\Users\NIKITA\Documents\1BTF.pbf
[2012.06.27 14:03:56 | 000,175,999 | ---- | M] () -- C:\Users\NIKITA\Documents\Hauptstädte.pbf
[2012.06.24 11:06:09 | 002,058,725 | ---- | M] () -- C:\Users\NIKITA\Documents\Reise Ö.odt
[1 C:\Users\NIKITA\AppData\Local\*.tmp files -> C:\Users\NIKITA\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.19 21:04:40 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.19 17:56:03 | 000,003,344 | ---- | C] () -- C:\bootsqm.dat
[2012.07.18 19:41:42 | 000,044,501 | ---- | C] () -- C:\Users\NIKITA\.recently-used.xbel
[2012.07.13 14:36:11 | 000,001,397 | ---- | C] () -- C:\Users\NIKITA\Desktop\Digitaler Auto- und Motorradatlas.lnk
[2012.07.12 22:22:43 | 004,130,938 | ---- | C] () -- C:\Users\NIKITA\U-Bahn Wien - Gleisplan.png
[2012.07.01 17:52:36 | 000,092,968 | ---- | C] () -- C:\Users\NIKITA\Documents\Krippenstein.pbf
[2012.06.29 15:24:30 | 000,000,984 | ---- | C] () -- C:\Users\NIKITA\Desktop\KOMPASS Wanderkarte Österreich.lnk
[2012.06.29 14:34:44 | 000,000,974 | ---- | C] () -- C:\Users\NIKITA\Desktop\ÖBB Sommer 2012.lnk
[2012.06.26 13:39:47 | 000,069,841 | ---- | C] () -- C:\Users\NIKITA\Documents\1BTF.pbf
[2012.06.20 16:47:56 | 000,175,999 | ---- | C] () -- C:\Users\NIKITA\Documents\Hauptstädte.pbf
[2012.06.07 20:49:18 | 002,324,069 | ---- | C] () -- C:\Users\NIKITA\IMGP1647.JPG
[2012.06.07 20:49:18 | 002,287,564 | ---- | C] () -- C:\Users\NIKITA\IMGP1691.JPG
[2012.06.07 20:49:18 | 002,271,650 | ---- | C] () -- C:\Users\NIKITA\IMGP1646.JPG
[2012.06.07 20:49:18 | 001,754,010 | ---- | C] () -- C:\Users\NIKITA\IMGP1689.JPG
[2012.06.07 20:49:18 | 001,726,246 | ---- | C] () -- C:\Users\NIKITA\IMGP1688.JPG
[2012.06.07 20:49:18 | 001,333,141 | ---- | C] () -- C:\Users\NIKITA\IMGP1690.JPG
[2012.05.01 15:45:45 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.01.25 20:36:18 | 000,000,000 | ---- | C] () -- C:\Users\NIKITA\AppData\Local\{629EC0AE-5B76-4CAE-973E-C4681283AECA}
[2011.11.22 20:22:03 | 000,000,000 | ---- | C] () -- C:\Users\NIKITA\AppData\Local\{A196D9B3-CBDB-4913-8864-011930318694}
[2011.11.05 20:57:44 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini
[2011.10.05 22:23:06 | 000,000,000 | ---- | C] () -- C:\Users\NIKITA\AppData\Local\{348CEF5A-EE55-4F4A-8459-78D7CA394AAE}
[2011.08.31 09:22:57 | 002,084,012 | ---- | C] () -- C:\Users\NIKITA\AppData\Roaming\mdbu.bin
[2011.04.12 03:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
< End of report > Code:
OTL Extras logfile created on: 19.07.2012 22:58:14 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ersatz\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 66,22% Memory free
4,00 Gb Paging File | 3,14 Gb Available in Paging File | 78,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,74 Gb Total Space | 15,87 Gb Free Space | 27,02% Space Free | Partition Type: NTFS
Drive D: | 5,89 Gb Total Space | 5,30 Gb Free Space | 89,91% Space Free | Partition Type: NTFS
Drive E: | 401,12 Gb Total Space | 135,96 Gb Free Space | 33,89% Space Free | Partition Type: NTFS
Computer Name: NIKITA-PC | User Name: NIKITA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AB8945-19AC-4598-8FF3-DA4C347B354C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{00E25246-DD50-4300-AB8A-AE4340DE5C59}" = rport=139 | protocol=6 | dir=out | app=system |
"{084717B8-B882-4D35-90D5-22843EB442FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0EEB23F4-C88E-4BA9-BA28-38C230057858}" = lport=138 | protocol=17 | dir=in | app=system |
"{2FE788F6-6E4B-46A8-B506-64C4B0F7A59A}" = lport=137 | protocol=17 | dir=in | app=system |
"{340CB0DC-5F7D-4608-B4AC-C25B4574D091}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{46F07003-C8F1-4533-BE80-726ABF258EB3}" = lport=139 | protocol=6 | dir=in | app=system |
"{5F768391-980B-4677-BA1C-E493C9287977}" = lport=445 | protocol=6 | dir=in | app=system |
"{6CBFF7D2-05C0-4D6E-AC3D-D12C1F8A673E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73CA5781-C113-4076-A98E-760AD25B7B2D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B18DB62-358F-48DD-8D94-A22DC10CA4AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C6AE1FE-F98C-46FE-A047-43AC3AA866C5}" = rport=138 | protocol=17 | dir=out | app=system |
"{9592ADAC-C456-43E2-8D2D-0819F265F03E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9FAE3D60-6F3D-4498-B1B9-63A10AB97DE8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3B33FF8-63FC-4E54-B9DB-1420B1ADACD1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A904E24F-F252-44CC-8C84-3857819345D2}" = rport=445 | protocol=6 | dir=out | app=system |
"{B38124CE-140A-40C4-ACFB-6286B0DC484A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B4CC21E5-11A5-4D4F-84C8-935C4E5FCC7D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BD110367-E96B-4B26-A4B1-DCE275288B35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C2D924FD-5B2A-4456-8331-E463C36B2534}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C99062D8-8629-40E7-8E4D-05E2753B93A6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D7D518E8-FC98-42DB-8972-8DF7D4A37ED5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F39266CC-3D02-4409-B826-C521461C2746}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F76F05DE-8818-4366-BAF7-6A69FE5E5270}" = rport=137 | protocol=17 | dir=out | app=system |
"{FA3BFD45-19B2-442B-AADD-5212508FC7E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08805679-8097-44B9-80F7-45A33611D629}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{09FA399F-DD3E-4A56-B899-A1555A113D6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D60C853-B01E-4371-9A8D-6151F7AC340A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{0FDB6EA4-7ABA-4A35-B1F3-13CDC5C4D1D2}" = protocol=6 | dir=out | app=system |
"{1F0C2D52-83B9-42FF-ABE2-E0371C6DEA9C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{2662B2FD-3F5B-423A-973B-B79415794A63}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C1443F3-19E0-4C58-95CA-23C19156919D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{3088DAE7-A9EC-48D5-BA33-F17ABE8379E1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{3B4F3688-857B-4B40-A00F-9EE8D40444D5}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{5C335B53-6993-45D6-B038-75EAD8D98A6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64A616D4-7CC9-4209-A166-F54DC5912562}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D0B0416-428A-4393-8927-6B6F6AD0A68F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{78FDA72E-CE27-4812-AE38-52E198BDC6D1}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{7B1A9191-F7A7-4B4B-90DE-C8BA8E2A061A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C3D6CBB-C5A8-4BB5-B8AD-BCCD8532F6C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DF5757A-D9C7-4204-9F0F-C90C3B85C7DE}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{811C5299-86CE-4380-93B1-3C801366AE89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{874AD796-D9C1-4F73-844B-38D899D3DC06}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{8C1CA94F-D673-4DD4-81A4-1C2408523D29}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{9651F312-1B8F-4555-97C0-941F1EBABDF7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{9C2E8F02-7F9A-4ADA-B74D-0EAED54D9E31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADF21795-967F-44CC-81C3-326733D9CB9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B3B9A2A9-F22B-45A8-94A9-1A1CD223A602}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{B6011D57-1BD2-496F-9007-90CF5002D164}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C2AB5DD3-9960-448D-833B-39FD4E222774}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{C523959F-957D-4857-B50E-EE65C10253BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CE81654B-1030-4D01-B587-A5378B22C54A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D39B9351-C9CE-407E-AD13-5AF3DFF093BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4751822-DA67-451B-B74D-8F32D0A95A8B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{DA59BADE-4FA7-4F57-91B2-DB2DCF86A94E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{E0ED0461-C1DC-4956-9EBB-22D8FFA9EF08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E7F34DE7-7985-48F1-9DB7-D42338AAA752}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F0754E37-7781-4EEF-BD4E-CE34912B1D4E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{FE8E2663-C30C-4A08-88F3-F98A91E77B7E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"TCP Query User{3FA28567-428C-436D-930B-0C7252F0CAF1}C:\users\nikita\flat out 2\flatout2.exe" = protocol=6 | dir=in | app=c:\users\nikita\flat out 2\flatout2.exe |
"TCP Query User{430F99D9-BA6F-4694-8008-C55BA1904B28}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{4D6E0DAD-FCC1-4A4D-8306-39E9A9F5D94D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9FAE281D-FF4D-4827-9F07-1E15DF7B8870}C:\users\nikita\flat out 2\flatout2.exe" = protocol=6 | dir=in | app=c:\users\nikita\flat out 2\flatout2.exe |
"UDP Query User{206D4BCE-E867-41CE-935D-4AF01B154210}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3387D3EF-B3DB-4989-B26A-A0A07B5AF355}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{9914BC1F-72EE-40E4-ABB2-02AD22807EDF}C:\users\nikita\flat out 2\flatout2.exe" = protocol=17 | dir=in | app=c:\users\nikita\flat out 2\flatout2.exe |
"UDP Query User{DADD3352-AD39-4D40-9471-D16F941A1E9D}C:\users\nikita\flat out 2\flatout2.exe" = protocol=17 | dir=in | app=c:\users\nikita\flat out 2\flatout2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Bus-Simulator 2009_is1" = Bus-Simulator 2009
"Digitaler Auto- und Motorradatlas" = Digitaler Auto- und Motorradatlas
"FormatFactory" = FormatFactory 2.90
"HappyFoto-Designer_is1" = HappyFoto-Designer 2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ÖBB Sommer 2012" = ÖBB Sommer 2012
"Picasa 3" = Picasa 3
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"wintrack10demo_is1" = WinTrack Demo Version 10.0 3D
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.07.2012 04:13:59 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2012 13:29:27 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2012 14:38:20 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2012 15:59:26 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 05:45:19 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 07:16:28 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 14:03:31 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 14:21:56 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 14:34:28 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 15:20:11 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 26.02.2012 09:19:15 | Computer Name = NIKITA-PC | Source = MCUpdate | ID = 0
Description = 14:19:15 - Fehler beim Herstellen der Internetverbindung. 14:19:15
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2012 09:19:25 | Computer Name = NIKITA-PC | Source = MCUpdate | ID = 0
Description = 14:19:21 - Fehler beim Herstellen der Internetverbindung. 14:19:21
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2012 10:22:07 | Computer Name = NIKITA-PC | Source = MCUpdate | ID = 0
Description = 15:22:07 - Fehler beim Herstellen der Internetverbindung. 15:22:07
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2012 10:22:19 | Computer Name = NIKITA-PC | Source = MCUpdate | ID = 0
Description = 15:22:12 - Fehler beim Herstellen der Internetverbindung. 15:22:12
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2012 14:11:53 | Computer Name = NIKITA-PC | Source = MCUpdate | ID = 0
Description = 19:11:53 - Fehler beim Herstellen der Internetverbindung. 19:11:53
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2012 14:12:02 | Computer Name = NIKITA-PC | Source = MCUpdate | ID = 0
Description = 19:11:58 - Fehler beim Herstellen der Internetverbindung. 19:11:58
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 19.07.2012 14:54:12 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 14:54:13 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 14:54:13 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 14:54:13 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 14:54:13 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 14:54:13 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 14:54:13 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 14:55:12 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 14:57:21 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2012 14:58:56 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report > |