| |
| |||||||
Log-Analyse und Auswertung: Computer Infiziert?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.02.2011, 21:20
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Computer Infiziert? Da ist doch ein Screenshot in der Anleitung...ist das sooo unklar  
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.02.2011, 21:27
| #17 |
 | Computer Infiziert? Sorry hab ich übersehen raufzuklicken
__________________ OTL Logfile:Code:
ATTFilter OTL Extras logfile created on: 28.02.2011 21:22:08 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Emre\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 599,24 Gb Free Space | 65,74% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,80 Gb Free Space | 49,04% Space Free | Partition Type: FAT32
Computer Name: EMRE-PC | User Name: Emre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F22075-3278-47FD-934B-A9DFC9B1686B}" = lport=8304 | protocol=17 | dir=in | name=moon |
"{08A4A875-8633-4EF9-97E5-4D0908200C28}" = lport=8303 | protocol=17 | dir=in | name=teeworlds |
"{0D8F72DB-7034-4043-930E-AAC0BDFA6F88}" = lport=6971 | protocol=17 | dir=in | name=league of legends launcher |
"{1A642C6A-F7AD-4A0A-B0E1-CCAC02842F50}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2065AF49-8546-4907-95F1-6D04FC0C18F7}" = lport=6912 | protocol=6 | dir=in | name=league of legends launcher |
"{2EE30678-C158-4EB1-B540-58084EC3590A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{304D1812-D317-4E6E-A7A4-091C7A40EEB7}" = lport=6911 | protocol=17 | dir=in | name=league of legends launcher |
"{318DC72E-0C1F-4CD5-AFC9-8E5783F1C81A}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{3BFCF98E-F594-4DC5-BA82-64CAD86C9A39}" = lport=8304 | protocol=17 | dir=in | name=emre |
"{3CC2A49F-77BD-4112-8053-8B28D84F4F68}" = lport=6974 | protocol=6 | dir=in | name=league of legends launcher |
"{416333B8-B1B2-44CF-9743-76D5548D309E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{42B80740-BF50-4FF8-9187-B0B4510DDA33}" = lport=6905 | protocol=17 | dir=in | name=league of legends launcher |
"{448BBFE1-83F7-466C-A885-89D462525594}" = lport=6886 | protocol=6 | dir=in | name=league of legends launcher |
"{45DEC221-AA8C-4A84-AE58-309E782D62E8}" = lport=6901 | protocol=6 | dir=in | name=league of legends launcher |
"{47C5BE74-F32A-4197-8826-F7BB0ADE25A7}" = lport=6910 | protocol=17 | dir=in | name=league of legends launcher |
"{4A56F495-8985-411C-8E91-85703C872E0E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4B07626A-C7F0-434A-B8FA-4155B2A878E4}" = lport=6943 | protocol=17 | dir=in | name=league of legends launcher |
"{4C3B1741-DBE0-47DD-BEC7-7FF16383047A}" = lport=6939 | protocol=17 | dir=in | name=league of legends launcher |
"{4E1F578C-F179-4225-BD03-B3190B319A7C}" = lport=6943 | protocol=6 | dir=in | name=league of legends launcher |
"{4EF2EF85-F80A-4329-9005-A36B1B088BF9}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher |
"{51D7E321-8FAC-418A-BF1E-7EDFEBFA2231}" = lport=6886 | protocol=17 | dir=in | name=league of legends launcher |
"{5586F745-30D5-45C8-B98E-7535707C281E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5A69385B-338D-49E7-BBFD-99BC21D611EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{624B7328-06E4-47E1-BE4C-6C4979411EA1}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher |
"{64439552-2139-4BDC-978B-6FF1741DA2DB}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{6459D3EC-7FAF-4999-B25E-6033FCC1A870}" = lport=6911 | protocol=6 | dir=in | name=league of legends launcher |
"{648E89F2-70D0-4C06-ACC7-597EC5BBA6DB}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{6527AA69-8924-41DE-A121-14046973864F}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher |
"{657F6A06-B2D8-432E-A301-596D3E66E924}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher |
"{71F6BAC3-98E9-496B-852B-CA9DA624931E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73801E96-7465-4F10-B0DC-7AC313A10AB2}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher |
"{76384E23-8A42-48F5-B025-5C2306483F54}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{764309ED-42B6-45C2-909A-ED212474B3AF}" = lport=6944 | protocol=6 | dir=in | name=league of legends launcher |
"{774BA864-BB0E-4318-A06C-ED26185CD319}" = lport=6901 | protocol=17 | dir=in | name=league of legends launcher |
"{7D6C80AA-DF03-4F2C-AC02-8962A22A531E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85ACF7CD-F9F1-4C95-8CBF-D765477B3C83}" = lport=6991 | protocol=17 | dir=in | name=league of legends launcher |
"{895CDD56-80A7-44CF-B983-D5277EF897A0}" = lport=6974 | protocol=17 | dir=in | name=league of legends launcher |
"{8FB034FA-4D15-45FB-9B09-8B032427F247}" = lport=6898 | protocol=17 | dir=in | name=league of legends launcher |
"{954F5BA2-1DB9-46A6-B3EA-4C34BC3310A8}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{973E0FC0-90C3-40A2-84F2-F5184BDE1AE2}" = lport=8304 | protocol=6 | dir=in | name=emre2 |
"{97FD16C8-A0F9-4E43-8D0E-B2B731C43D3C}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{9F892019-9726-422E-B9A3-CEA766FB9122}" = lport=6910 | protocol=6 | dir=in | name=league of legends launcher |
"{A1CD65E4-6B6E-4FD9-88A9-B145673C31F4}" = lport=6905 | protocol=6 | dir=in | name=league of legends launcher |
"{A22E79EC-44E8-40CB-B391-70A1158E0574}" = lport=6939 | protocol=6 | dir=in | name=league of legends launcher |
"{A374AD17-89E4-4A3F-9D8E-7DDDE6B5E77F}" = lport=6971 | protocol=6 | dir=in | name=league of legends launcher |
"{A48129C8-82EC-46FE-94B9-8957190B73A8}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher |
"{A67A94AB-4372-40FA-9C74-04C85A4DFD1C}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{A6896A87-FC15-41FF-AB53-57768ED207FA}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{A98FE933-7173-4DE6-9A77-4FE7FA96B8D4}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher |
"{AD18E4BE-B588-41FE-8F4E-B589A4A9C97D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B208C7BD-20C9-454D-9747-3A4D2C289EC5}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher |
"{C781E243-6C2B-4CB4-B34A-95F47876B105}" = lport=6944 | protocol=17 | dir=in | name=league of legends launcher |
"{CC6A7119-A1AD-4546-B568-9DA95601C7BC}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{D333D88C-488F-4128-A7B7-46734ADB2F6B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D355AC3E-9A5D-4495-9AE2-4906FD8492F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D7148D0D-8BCD-4A8F-B952-5C3A66990A9D}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{D98054C0-C13F-4381-B56A-8A5D98B8B8AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DEC46373-2F29-4A1F-A1B9-067884A398DC}" = lport=6991 | protocol=6 | dir=in | name=league of legends launcher |
"{DF9C2773-A001-4F50-BEDA-52387ECBC441}" = lport=6912 | protocol=17 | dir=in | name=league of legends launcher |
"{E5CFDC9D-1F53-4716-B725-6912E454E32A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E90DF6DA-509D-41C8-8ED4-CE3BB73BF816}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{F051D31D-E7D8-45C1-9208-938CE284A53B}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |
"{F2989585-C1D3-4F75-919C-ED1F22CBF27D}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher |
"{F5588D4B-D06F-4973-9367-D76502C34081}" = lport=6898 | protocol=6 | dir=in | name=league of legends launcher |
"{F8104352-0FFA-4655-93FA-4E2FA5B9D8E7}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{FBA902DB-5B33-47C5-9ED0-F5BFE49A5FD2}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031461AC-C491-4958-A2F3-A6B7EC35C959}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{044461E3-EC88-4A43-A136-046B2CFF80F5}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{056B5762-B96A-4180-BEA6-0165473847F8}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{05CC675B-D2BC-4687-8F9B-BFE9DE27953A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{06C467C4-1E5A-4B07-80C6-47AC69002881}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{1248C22B-9650-46E9-8D55-E9749B1C5994}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{16D71CB9-9331-4657-B598-0DC98094586E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{18C00437-03D6-4034-B7CA-75473C1D8C33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{196BF418-EC72-4845-A016-F7DBB88B153B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{19DB3DAF-7628-4EE1-927A-054F9E66B09A}" = protocol=17 | dir=in | app=c:\program files\warcraft iii\frozen throne.exe |
"{1AD2536A-6C90-4EB6-83B5-87D26C827F1C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{1C81D48B-E19E-4601-BF54-00BF86292959}" = protocol=6 | dir=in | app=c:\users\emre\desktop\l4d\l4d\oburis launcher.exe |
"{1CB79998-F609-448C-8931-2CC998B76D37}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{1E207146-F4FC-466E-957F-708410DDC04B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{1F52F5CF-E8C6-4DDF-BAA2-8029F33BC403}" = protocol=6 | dir=in | app=c:\program files\eidos interactive\frontline attack\fa.exe |
"{29BF73FD-B907-4027-88FE-7C51CA7BF75C}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{2B51998C-5840-4498-BC0B-4D6E17A74B04}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloorbeta\system\ucc.exe |
"{3101DDFA-BB16-4FA9-BEED-F0FFA1950C2F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{3499A51F-7FE9-4625-B95A-FBFB95A8A14D}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{353015E8-9627-45EF-AC9E-1CC192920A78}" = protocol=6 | dir=in | app=c:\program files\warcraft iii\frozen throne.exe |
"{3567DAFE-AA64-4293-8E15-A8D8DDA78A6B}" = protocol=6 | dir=in | app=c:\program files\diablo ii\diablo ii.exe |
"{3A2D6DFA-F8CF-4EE8-A494-245C8D3067A8}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{3CF9DD17-9C5D-4113-BA4E-A7DB098B8E71}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{3F4FC4BC-46A7-4A4D-B57D-964E59DF207D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{3F96FCED-99BF-4C25-8A75-80B844E2776B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{4A0C0263-4708-468D-A0A4-055DDDB31B3E}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{4CF558EF-8AD1-4B62-87BE-8FC9A19F0211}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{51203D94-3C16-4F3D-8922-BC41B9F0EC49}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{54971FAD-415D-42E4-802B-39AE80C594C5}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{58B2C680-DC7C-4F03-A05E-D9170E71D834}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\grim_reaper1810\dedicated server\hlds.exe |
"{58EE3F7E-1F07-4E42-890B-1241DB00EFCA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{5F938815-C94E-46A5-BB8A-57FE2EE23906}" = protocol=17 | dir=in | app=c:\program files\diablo ii\diablo ii.exe |
"{630FD276-4B0B-4125-A11C-AA8347E9D8BC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{65DD71C0-A67E-4DC3-8288-65053662A724}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{67EFEE44-8EF1-499F-8321-BB0DA692E236}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6EE1BE12-D53A-491C-970F-7D071B4AF2FA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\kfed.exe |
"{71FADE23-5E59-4798-955E-6578821B2421}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{7539E11F-889B-4E86-BC00-5CCC3F15EBA2}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{767C2A98-24E1-47D0-A8EF-311A01C3DD34}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7790F524-1E5F-4E56-B9DC-0E95540480D4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{7B9CC091-AE30-4345-86E4-46E4B01337DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F7ACF90-46E8-4CD0-A431-D351BFEDD8D5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{81CBD2B0-BBEC-4B14-879B-9A4E0998A31E}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{83F7F806-9B03-4A0E-BF8E-8C54B1242061}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{8C6E0736-5B62-4CDE-AA63-60D4DB55B719}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{90733DAC-406A-440C-8FFF-B99F33E76728}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{90A166A2-3DFC-4A3A-A1E2-8A7DB17D2602}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{90A97B94-2C19-4BBA-9E97-EF36BD296CF5}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{924AC97B-BE54-4147-BBA9-C88C9D7F6801}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{92536C95-F501-4284-9574-E3270A753D72}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{92D437F8-89B3-451C-84FC-C1F70ABED918}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{97480666-F709-408C-B68D-74364585F0B0}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{9B4CA228-492C-4AAB-B629-436967C06910}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{9E85AC7E-6654-42D9-8D19-8E4980F2137A}" = protocol=17 | dir=in | app=c:\users\emre\desktop\l4d\l4d\oburis launcher.exe |
"{9EEA93BA-79FD-4E8A-933C-451057593069}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{A0E2CB15-AA5A-4791-AF4B-23D895EB6E9D}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{A1BAC31E-2E7C-4159-B4D9-877DCE5CC39C}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{A42E993B-4DFC-4265-B9B7-25881C5C545E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{A5514620-C58A-4A1D-9F1C-DBC95AE575FF}" = protocol=17 | dir=in | app=c:\program files\eidos interactive\frontline attack\fa.exe |
"{A778D287-3527-4556-B07A-E7DCE9BACD8B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE05EFAF-8C88-41DC-AAF5-2F3054E7A8F9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AF3EE6CB-FB81-4AD6-A529-E61CDE67FE6C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B127DB9E-EF22-4BB3-8285-6443FD83E239}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B5D1C0C3-7F47-4386-AB55-AE87251FEC41}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B82660AC-44F2-42AE-85DD-DB9A80B33310}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BAE021F3-2703-4930-917D-3F8878AAF1CE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BCD25CDD-2ED3-4D12-9959-84AFF75BC08D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{BD190AA2-5CF1-4139-ACC9-5CD4AA8200F0}" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{BD31194C-6200-4105-978A-6F8D19502F47}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloorbeta\system\ucc.exe |
"{C109C170-B616-4F38-9DAA-8FA53C20DBAA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C25909FD-7823-4F4D-B126-F684AA0D7389}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\grim_reaper1810\dedicated server\hlds.exe |
"{CA2534B8-F8F0-4819-AD95-D475D01E340E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{CAD9FA56-8B99-4C63-BA05-9A2350A355F3}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"{D5708924-D6B5-4F21-A36D-10E6F69F5E02}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\kfed.exe |
"{D63C4C15-B866-4044-9C47-9D678BBF21AE}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{D8165E46-90FD-412D-8487-BFF614A225DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E26374C9-DB30-4152-8FD4-561516CE73B0}" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{E9E10DFB-CE19-4208-8690-3437D78DD7FF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{EC54A344-D396-4B09-BB63-53C742AE912C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{ECAD26C4-E15B-4078-9CF1-0B42BD991F23}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F322D628-2DB9-4E37-899D-D7BF4590503E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{F43D9620-E37E-49C2-97F8-C85F7FF26A02}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{F6EC8A5B-997E-4A3F-8A70-67B658B2EFEB}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |
"{F8D70598-B24B-409F-A995-2526A1B9D8D6}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{FCC130B4-5018-4D05-8019-7AAAD0B22056}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |
"{FF85FBA6-9790-40DF-850F-E04228B08647}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"TCP Query User{01BC267D-F70E-4520-A933-4CC99DD8F6F9}C:\program files\microsoft games\mechwarrior vengeance\mw4.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\mechwarrior vengeance\mw4.icd |
"TCP Query User{01F7EC1F-80A4-40D1-9386-72081FF0E890}C:\program files\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\program files\urbanterror\iourbanterror.exe |
"TCP Query User{049D65AA-3A07-4E30-8DCE-1795909808C3}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe |
"TCP Query User{053E38B0-375D-41F3-9F9B-6BCF975926B9}C:\program files\steam\steamapps\grim_reaper1810\dedicated server\hlds.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\grim_reaper1810\dedicated server\hlds.exe |
"TCP Query User{0A8BED1C-C635-4BB1-A34A-79282FD77A2B}C:\program files\sudden strike - release 1.0\suddenstrike.exe" = protocol=6 | dir=in | app=c:\program files\sudden strike - release 1.0\suddenstrike.exe |
"TCP Query User{0B9E14A5-18E3-45EE-A843-18140717F908}C:\users\emre\desktop\games\cs\cs 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\cs\cs 1.6\hl.exe |
"TCP Query User{0BD3CA9F-00A9-4DE7-82D9-373D2CD87595}C:\sierra\ee-zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe |
"TCP Query User{0EDFD629-B463-4B09-A6E8-457236576DA4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{1B436C26-C1B9-4BDB-ACEC-7B92C69D6043}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe |
"TCP Query User{1BF545A7-5AE8-4957-8FD4-F2296ECE9DE3}C:\program files\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\program files\urbanterror\iourbanterror.exe |
"TCP Query User{2415DEBA-38EE-4066-B403-5598B1E3323A}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"TCP Query User{243B5F96-0C94-43A9-90A5-B9E71B34E8E6}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{27B3F39D-506D-425C-AF9B-80FA914C49EF}C:\users\emre\desktop\games\wc3\war3.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\wc3\war3.exe |
"TCP Query User{283468E0-AF6C-447D-87CF-E70F27914463}C:\users\emre\desktop\games\wc3\war3.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\wc3\war3.exe |
"TCP Query User{2ED8C533-4BB2-4830-B57F-68B4E0962618}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"TCP Query User{35876C8A-5D90-43F7-80EF-852C6BF573A4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{3D22C753-976A-4D51-AC5D-E973C21E2243}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin |
"TCP Query User{40385FB8-5C59-49F3-847E-E1F984CCB8AF}C:\program files\firefly studios\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"TCP Query User{41709B0F-2280-461C-B292-9EB945E45075}C:\games\dune 2000\dune2000.dat" = protocol=6 | dir=in | app=c:\games\dune 2000\dune2000.dat |
"TCP Query User{44B30AD7-49DE-4DBA-8D74-550B04F41280}C:\users\emre\appdata\local\temp\173c6dce5da34a3799a1616fe642eba1\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\emre\appdata\local\temp\173c6dce5da34a3799a1616fe642eba1\relicdownloader.exe |
"TCP Query User{45D21392-3020-4408-B151-AD9C9B9E75F2}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"TCP Query User{4AB392F7-E4DB-448A-A0D5-746F33A37475}C:\program files\half-life-counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\half-life-counter-strike\hl.exe |
"TCP Query User{4AB49CF4-3213-447B-972B-58B5FCD23ED2}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{4C9E094B-C7A2-4D8D-9D49-25ED30A700FE}C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe |
"TCP Query User{56FE968D-66F8-4553-AFBD-E75FE5DC1D21}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"TCP Query User{6065C319-251D-437E-AF18-C079F363086F}C:\program files\eidos interactive\pyro studios\praetorians\praetorians.exe" = protocol=6 | dir=in | app=c:\program files\eidos interactive\pyro studios\praetorians\praetorians.exe |
"TCP Query User{65A6C593-15C2-49FD-9506-199240D1DF2F}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"TCP Query User{682AAF55-2F1E-450B-BB84-7DBA87C1D55D}C:\users\emre\appdata\local\temp\rar$ex06.709\wodn2 client\wodn2.exe" = protocol=6 | dir=in | app=c:\users\emre\appdata\local\temp\rar$ex06.709\wodn2 client\wodn2.exe |
"TCP Query User{68793119-0F64-48AB-8EDD-307C0C56C14D}C:\program files\microsoft games\impossible creatures\ic.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\impossible creatures\ic.exe |
"TCP Query User{6B1F5CF7-61F7-4E4D-BB87-D82661258EB4}C:\program files\cossacks - the art of war\dmcr.exe" = protocol=6 | dir=in | app=c:\program files\cossacks - the art of war\dmcr.exe |
"TCP Query User{6FF26AD3-635B-4515-9A6F-8459C431862C}C:\games\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\games\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{705ED2AD-C5FC-4A65-B231-68555E9892B5}C:\users\emre\desktop\l4d\l4d\hl2.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\l4d\l4d\hl2.exe |
"TCP Query User{7AFD1083-979A-4145-8E73-8D80DBA0FE9C}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe |
"TCP Query User{7B902AC9-D17B-48D5-B5B3-EC830E7BDE0A}C:\program files\microsoft games\mechwarrior vengeance\mw4.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\mechwarrior vengeance\mw4.icd |
"TCP Query User{7E7BDA59-F089-4CD4-87FA-20401CDEFC58}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{7EB715B0-416B-4979-98B6-436EC1D9C5CB}C:\program files\urbanterror\iourtded.exe" = protocol=6 | dir=in | app=c:\program files\urbanterror\iourtded.exe |
"TCP Query User{7F2D296D-0637-4F7F-A660-5B913FECA304}C:\users\emre\desktop\wodn2 client\wodn2.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\wodn2 client\wodn2.exe |
"TCP Query User{7F68F025-8A9B-4583-AD5E-7357825EC163}C:\program files\counter strike source 2.5 full türkçe\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter strike source 2.5 full türkçe\hl2.exe |
"TCP Query User{835FFD92-89B2-40DA-8292-9960294FFEBE}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{843B0868-F28C-4240-B2FA-0F060BE41E9B}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{867220C9-7C64-4BB6-ADB1-B35975214FCF}C:\users\emre\desktop\wodn2 client\wodn2.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\wodn2 client\wodn2.exe |
"TCP Query User{8A9B4487-D5FB-4361-8716-E4B159F688E8}C:\users\emre\downloads\lobbyclient.exe" = protocol=6 | dir=in | app=c:\users\emre\downloads\lobbyclient.exe |
"TCP Query User{8C89A1F7-9AC2-45D5-AFDF-16BC1DA4C53E}C:\program files\rockstar games\gta san andreas\samp-server.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta san andreas\samp-server.exe |
"TCP Query User{8FE64573-CEC2-4268-BEB9-3A51A075CA1A}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{904037DC-CE85-488D-8621-B1E76D6EBABE}C:\users\emre\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\emre\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{93AD18CC-1E06-47B0-BF6A-B0F761BE868F}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{93EB9039-9090-4A0B-A9F8-B5330D753C50}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"TCP Query User{95486F58-4C08-4DE9-8795-17E6D3CB8315}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe |
"TCP Query User{9B595F1B-54E9-406E-90FB-B76F6AF47C63}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"TCP Query User{A1A72A76-6307-4E1F-B2B5-A6E0DD4D00E5}C:\program files\sudden strike - resource war\run\code\release\game_exe.exe" = protocol=6 | dir=in | app=c:\program files\sudden strike - resource war\run\code\release\game_exe.exe |
"TCP Query User{A6727C83-9EA4-4242-8726-3B8DE54FA277}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{AB8D4706-F07F-40F7-8CFE-8500F2F2DDDB}C:\program files\firefly studios\stronghold legends\strongholdlegends.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"TCP Query User{BCED3515-20E3-48AC-AD48-3331D7ECE400}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{BD5D29FC-00AF-45FF-A77E-4CECB216E411}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{D07FAAB3-C17C-4B06-AA8F-883AB89DC20B}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{D295CE14-8208-4FBD-ACFC-FA0138FCC65F}C:\program files\cossacks - the art of war\dmcr.exe" = protocol=6 | dir=in | app=c:\program files\cossacks - the art of war\dmcr.exe |
"TCP Query User{D96EADEE-CCB7-4217-B642-835A18B481E3}C:\users\emre\desktop\games\sonstiges\teeworlds-0.4.3-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\sonstiges\teeworlds-0.4.3-win32\teeworlds_srv.exe |
"TCP Query User{DA288875-60B7-4819-BBDF-D590410328A7}C:\games\dune 2000\dune2000.dat" = protocol=6 | dir=in | app=c:\games\dune 2000\dune2000.dat |
"TCP Query User{DC9EAC18-2398-484B-93D0-0A8B7F6DB4BE}C:\users\emre\desktop\games\cs\cs 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\cs\cs 1.6\hl.exe |
"TCP Query User{E060818F-43D6-454F-BA60-8BE5D407EB3D}C:\sierra\ee-zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe |
"TCP Query User{E15B302A-67EB-494E-A366-374282955DD9}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{E1B85E9F-AB68-48C0-9517-5F8BE525E088}C:\users\emre\desktop\wodn2 client\mc.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\wodn2 client\mc.exe |
"TCP Query User{E268D22C-A1F0-4DD3-B033-27D7F96EA4AB}C:\program files\eidos interactive\frontline attack\fa.ex2" = protocol=6 | dir=in | app=c:\program files\eidos interactive\frontline attack\fa.ex2 |
"TCP Query User{E4331875-CA3B-4E4D-86A6-118D485A7EDB}C:\games\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\games\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{E7F65E17-87EF-4104-929B-483C68737FE6}C:\program files\counter strike source 2.5 full türkçe\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter strike source 2.5 full türkçe\hl2.exe |
"TCP Query User{E80D138A-60E6-4DB6-9E8F-D21CBE169555}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{EA730568-3C71-429B-81A7-D14365DB023C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{EC7A5556-5EB5-4785-8E35-742738BF5C05}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe |
"TCP Query User{EF81ED5E-D99C-4F8B-BAEF-D4DEB76C7006}C:\program files\counter strike source tr\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter strike source tr\hl2.exe |
"TCP Query User{EFBB8894-F66F-4ECA-8145-977DC32C15EF}C:\program files\rockstar games\gta san andreas\samp-server.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta san andreas\samp-server.exe |
"TCP Query User{F106033A-681D-462F-8335-BA0A63FBBDDC}C:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"UDP Query User{026BBC2A-0A24-46A8-8EF3-7DD2EAE2506F}C:\program files\microsoft games\mechwarrior vengeance\mw4.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\mechwarrior vengeance\mw4.icd |
"UDP Query User{03A6B0C2-E4DD-4A9A-B8A0-4C935605D7B7}C:\games\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\games\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{07017987-A129-43C0-AE51-1A610D8F2C35}C:\program files\microsoft games\mechwarrior vengeance\mw4.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\mechwarrior vengeance\mw4.icd |
"UDP Query User{0C9250AD-EF8C-4F34-84F1-2555874327D4}C:\program files\sudden strike - release 1.0\suddenstrike.exe" = protocol=17 | dir=in | app=c:\program files\sudden strike - release 1.0\suddenstrike.exe |
"UDP Query User{0DF00EBD-5E5F-4DFE-8A35-F6EE77983D2F}C:\games\dune 2000\dune2000.dat" = protocol=17 | dir=in | app=c:\games\dune 2000\dune2000.dat |
"UDP Query User{0FDBDA33-0D99-4F2E-8BDB-753F6B0F3B61}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{1035E140-54AD-4D73-AD33-7785241741D1}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{16A38AB0-9B49-48E1-B060-84961ECE0557}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{18C0AEFE-8331-4DA1-BC86-9F8FC0F7C57D}C:\users\emre\desktop\games\wc3\war3.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\wc3\war3.exe |
"UDP Query User{1A239B34-E9E1-455D-BB8D-4DB76962D4F3}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{2002B4E7-6AB9-46C4-AF66-8C4CE6D9800A}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{23B0FA9D-6E7E-42E2-9ABC-FB9708645CAD}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"UDP Query User{2535BCB6-C644-4FE6-BC5B-36F211B7FB42}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"UDP Query User{27A48F73-817E-4253-AA3C-9A902B26CA77}C:\program files\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\program files\urbanterror\iourbanterror.exe |
"UDP Query User{2A9F3643-F678-473D-BC88-7BEA68B082F5}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{2BECDE0C-A54A-4BAB-B7CB-4A455598660D}C:\sierra\ee-zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe |
"UDP Query User{2EA3A88D-66B1-4DCA-8F3E-FDC2E23C2C58}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{3192FE2A-A06E-4EE7-8BEE-A94C05F71F6E}C:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"UDP Query User{416E88F4-0D25-4FF7-B5F0-4ED90D0357AE}C:\program files\rockstar games\gta san andreas\samp-server.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta san andreas\samp-server.exe |
"UDP Query User{43D106F9-6D5F-456F-8EE9-E5A7C7A0A580}C:\program files\counter strike source tr\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter strike source tr\hl2.exe |
"UDP Query User{45665697-DBF6-4F2A-8BC5-8BCDEBEE3E49}C:\program files\cossacks - the art of war\dmcr.exe" = protocol=17 | dir=in | app=c:\program files\cossacks - the art of war\dmcr.exe |
"UDP Query User{466CCB66-26C5-427F-9A79-E9D8405CCDAA}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe |
"UDP Query User{46FFF757-75AA-4146-95A6-E05D64F70D5C}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{470E3364-CFE2-4DC4-AFAB-A0FFF013A1F9}C:\program files\sudden strike - resource war\run\code\release\game_exe.exe" = protocol=17 | dir=in | app=c:\program files\sudden strike - resource war\run\code\release\game_exe.exe |
"UDP Query User{474D66DD-2EA1-47F5-8241-9562F25685F9}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{479CD5DC-60B2-4A97-8453-7E2A40B2E2EB}C:\program files\half-life-counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\half-life-counter-strike\hl.exe |
"UDP Query User{5308253F-D489-4F6F-8DA0-15073D883E0A}C:\users\emre\desktop\l4d\l4d\hl2.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\l4d\l4d\hl2.exe |
"UDP Query User{531F6E24-896C-4892-8A12-3F9FDDD2D335}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{558B09BB-FA13-413E-B0BB-49A8A70A6978}C:\users\emre\desktop\games\cs\cs 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\cs\cs 1.6\hl.exe |
"UDP Query User{56F0C0C9-40EF-47C3-8019-A3AE0162FF64}C:\program files\eidos interactive\pyro studios\praetorians\praetorians.exe" = protocol=17 | dir=in | app=c:\program files\eidos interactive\pyro studios\praetorians\praetorians.exe |
"UDP Query User{5A30A3A4-E16F-4AE6-81CE-627602D2C037}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe |
"UDP Query User{6279D6FE-6255-4C03-BF60-2324F4F497BD}C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe |
"UDP Query User{63021A5F-2A38-4193-9E64-8B452FE639C3}C:\users\emre\desktop\games\wc3\war3.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\wc3\war3.exe |
"UDP Query User{6BE4368A-AAF2-43F4-9E7D-EF6F3563EF9A}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{6C3BDBBE-D3E6-4E68-959E-D1D6FBB7D613}C:\games\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\games\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{70FA3CCD-BF22-48F7-A464-A97A2F7E30FC}C:\program files\cossacks - the art of war\dmcr.exe" = protocol=17 | dir=in | app=c:\program files\cossacks - the art of war\dmcr.exe |
"UDP Query User{73658D4D-D91F-4760-AE73-9B51F33700D9}C:\program files\urbanterror\iourtded.exe" = protocol=17 | dir=in | app=c:\program files\urbanterror\iourtded.exe |
"UDP Query User{76FB7AC8-B13F-4220-8E00-550C58148465}C:\program files\steam\steamapps\grim_reaper1810\dedicated server\hlds.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\grim_reaper1810\dedicated server\hlds.exe |
"UDP Query User{7C780340-1FDD-49A0-952D-60ECFF3F307B}C:\program files\eidos interactive\frontline attack\fa.ex2" = protocol=17 | dir=in | app=c:\program files\eidos interactive\frontline attack\fa.ex2 |
"UDP Query User{8365B082-248D-4926-96DE-C3C15325EC48}C:\users\emre\desktop\games\cs\cs 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\cs\cs 1.6\hl.exe |
"UDP Query User{89BC73F4-D443-4536-BFE6-6B2ED25A451F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{8A88120F-71DE-4EDC-B03C-D9CD973D81BA}C:\users\emre\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\emre\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{8EEB5FBB-FF0A-424A-A7C7-F35568C4D0F6}C:\program files\firefly studios\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"UDP Query User{92AA4F21-3D11-42C0-AE5C-76C5B1C2E474}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{94D295BB-12FF-4B9A-B4F5-3EC22BC87301}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{97EEC7AC-7BF3-41CB-8577-CA14FA2836A6}C:\program files\counter strike source 2.5 full türkçe\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter strike source 2.5 full türkçe\hl2.exe |
"UDP Query User{9A3C22E7-6451-4214-B61C-5374378B4815}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe |
"UDP Query User{9DC6A63D-8538-4AED-B8E0-3B3AF094F066}C:\users\emre\downloads\lobbyclient.exe" = protocol=17 | dir=in | app=c:\users\emre\downloads\lobbyclient.exe |
"UDP Query User{A23412AE-47B6-4B5C-B8F8-309F94CD545B}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{A9A72F9B-23F5-418B-9C82-3E44B95AF38D}C:\program files\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\program files\urbanterror\iourbanterror.exe |
"UDP Query User{B412D482-67DD-489C-AAF6-F27475D0D56B}C:\program files\microsoft games\impossible creatures\ic.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\impossible creatures\ic.exe |
"UDP Query User{B795D091-5632-4935-9B4E-8ABFC1BFD853}C:\games\dune 2000\dune2000.dat" = protocol=17 | dir=in | app=c:\games\dune 2000\dune2000.dat |
"UDP Query User{B8538426-448C-4F6B-8479-220C205C9519}C:\program files\firefly studios\stronghold legends\strongholdlegends.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe |
"UDP Query User{B9F223B4-116D-4B63-A1E9-D82ECC06FA03}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{BEDA26D1-0FEA-429E-92C6-BDD0357E505E}C:\sierra\ee-zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe |
"UDP Query User{C005542C-2F9A-4CD9-80A9-81374738C609}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{C281776B-9E83-4878-8AA1-84C0AFE654B9}C:\program files\rockstar games\gta san andreas\samp-server.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta san andreas\samp-server.exe |
"UDP Query User{C4C25BAD-7A09-404F-93AF-EE07B78DC1CF}C:\users\emre\appdata\local\temp\rar$ex06.709\wodn2 client\wodn2.exe" = protocol=17 | dir=in | app=c:\users\emre\appdata\local\temp\rar$ex06.709\wodn2 client\wodn2.exe |
"UDP Query User{C8930CCA-1454-4089-8F07-F15C99463261}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"UDP Query User{CC3CED14-41EE-41F1-A607-780D4B02EF15}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{D13B634F-1F3F-478E-A7AF-76874A848BE2}C:\users\emre\desktop\wodn2 client\wodn2.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\wodn2 client\wodn2.exe |
"UDP Query User{D1D6C8B5-1CC2-4CEA-847C-DDFD0FD21A21}C:\users\emre\desktop\wodn2 client\wodn2.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\wodn2 client\wodn2.exe |
"UDP Query User{D3D2C01C-79D8-443F-A86C-AAB9C61DD918}C:\program files\counter strike source 2.5 full türkçe\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter strike source 2.5 full türkçe\hl2.exe |
"UDP Query User{D7E985E3-14A8-4F64-917A-90721FE27D8E}C:\users\emre\appdata\local\temp\173c6dce5da34a3799a1616fe642eba1\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\emre\appdata\local\temp\173c6dce5da34a3799a1616fe642eba1\relicdownloader.exe |
"UDP Query User{E5AE7F75-72D6-480C-A7F9-1A059593B479}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{EEF62281-40E2-4DF4-9AE2-A7DD71168222}C:\users\emre\desktop\games\sonstiges\teeworlds-0.4.3-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\sonstiges\teeworlds-0.4.3-win32\teeworlds_srv.exe |
"UDP Query User{F0365B6D-7203-4F31-B048-7CA5580D035E}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe |
"UDP Query User{F17D9BDF-9B4F-4A0A-A1E4-AC1E8D133C1E}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe |
"UDP Query User{F52722F9-4003-41A9-AE6B-5B0940E46FC3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{FBFBA27D-FEF7-47AD-9882-F739DCFA4305}C:\users\emre\desktop\wodn2 client\mc.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\wodn2 client\mc.exe |
"UDP Query User{FD7FEFD0-08FB-43F3-B58B-861FB8D61EE9}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"12345_is1" = WeGame Client Beta 2.1.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutoHotkey" = AutoHotkey 1.0.48.05
"AutoItv3" = AutoIt v3.3.6.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CABAL Online_is1" = CABAL Online
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Counter Strike Source TR_is1" = Counter Strike Source TR
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Devil May Cry 4 *Full-Rip* [Team JPN]_is1" = Devil May Cry 4
"Google Chrome" = Google Chrome
"Half-Life-Counter-Strike 1.5 Full" = Half-Life-Counter-Strike 1.5 Full
"League of Legends_is1" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MechWarrior Vengeance" = MechWarrior Vengeance
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SpeedSim" = SpeedSim
"Steam App 1250" = Killing Floor
"Steam App 1260" = Killing Floor SDK
"Steam App 1273" = Killing Floor Beta Dedicated Server
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 630" = Alien Swarm
"Urban Terror_is1" = Urban Terror 4.1
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.03.2010 05:58:33 | Computer Name = Emre-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.03.2010 05:59:30 | Computer Name = Emre-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
0x47c6bd1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x12271227, Prozess-ID 0x698, Anwendungsstartzeit
01cac293bec4040f.
Error - 14.03.2010 07:54:55 | Computer Name = Emre-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul NVSVC.DLL, Version 7.15.11.8120, Zeitstempel 0x4954aa31,
Ausnahmecode 0xc0000005, Fehleroffset 0x00002c6b, Prozess-ID 0x6d0, Anwendungsstartzeit
01cac36d0f255aed.
Error - 14.03.2010 07:55:03 | Computer Name = Emre-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.03.2010 10:59:11 | Computer Name = Emre-PC | Source = Application Hang | ID = 1002
Description = Programm Empire Earth.exe, Version 0.0.0.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 540 Anfangszeit: 01cac386d2407e28 Zeitpunkt
der Beendigung: 31
Error - 15.03.2010 09:45:35 | Computer Name = Emre-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul NVSVC.DLL, Version 7.15.11.8120, Zeitstempel 0x4954aa31,
Ausnahmecode 0xc0000005, Fehleroffset 0x00002c6b, Prozess-ID 0x6d8, Anwendungsstartzeit
01cac445b597f14f.
Error - 15.03.2010 09:45:42 | Computer Name = Emre-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.03.2010 14:17:09 | Computer Name = Emre-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.03.2010 08:26:41 | Computer Name = Emre-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.03.2010 11:30:23 | Computer Name = Emre-PC | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: d28 Anfangszeit: 01cac51b74ac92cc Zeitpunkt der Beendigung:
238
[ OSession Events ]
Error - 18.11.2010 12:44:22 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.11.2010 11:43:19 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.11.2010 12:18:30 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.11.2010 12:20:47 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.12.2010 13:07:24 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.12.2010 10:47:07 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 29.12.2010 08:58:54 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.01.2011 07:02:08 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.01.2011 15:26:59 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.02.2011 06:04:32 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 27.02.2011 05:52:40 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 27.02.2011 05:52:51 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 27.02.2011 13:47:03 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 27.02.2011 13:48:06 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 27.02.2011 13:49:07 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 28.02.2011 11:26:47 | Computer Name = Emre-PC | Source = BROWSER | ID = 8032
Description =
Error - 28.02.2011 14:42:34 | Computer Name = Emre-PC | Source = BROWSER | ID = 8032
Description =
Error - 28.02.2011 15:48:05 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 28.02.2011 15:48:58 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 28.02.2011 15:49:29 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.02.2011 21:22:08 - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Emre\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,51 Gb Total Space | 599,24 Gb Free Space | 65,74% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 9,80 Gb Free Space | 49,04% Space Free | Partition Type: FAT32 Computer Name: EMRE-PC | User Name: Emre | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) PRC - C:\Programme\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\VM303_STI.EXE (Vimicro) PRC - C:\Programme\Saitek\Software\SaiMfd.exe (Saitek) PRC - C:\Programme\Saitek\Software\ProfilerU.exe (Saitek) ========== Modules (SafeList) ========== MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (PCToolsSSDMonitorSvc) -- C:\Programme\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia) DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia) DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia) DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek) DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek) DRV - (SaiH5F0D) -- C:\Windows\System32\drivers\SaiH5F0D.sys (Saitek) DRV - (SaiU5F0D) -- C:\Windows\System32\drivers\SaiU5F0D.sys (Saitek) DRV - (ZSMC303) VIMICRO USB PC Camera (VC0303) -- C:\Windows\System32\drivers\usbVM303.sys (Vimicro Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{8723FF7F-63AE-4FAB-8D0F-EAFC9B444A18} IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.live.com/1rewlive4startup/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - prefs.js..browser.search.order.1: "iMesh Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.03.26 18:06:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.25 13:01:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.11 13:53:05 | 000,000,000 | ---D | M] [2010.02.21 12:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emre\AppData\Roaming\Mozilla\Extensions [2011.02.28 16:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions [2009.06.28 11:30:08 | 000,000,000 | ---D | M] ("Microsoft .NET Framework Assistant") -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.24 12:13:22 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2011.01.17 21:25:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.04.10 21:07:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.11.27 16:52:57 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.06.30 09:24:44 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions\DTToolbar@toolbarnet.com [2010.06.24 12:13:20 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions\finder@meingutscheincode.de [2010.06.02 19:30:25 | 000,002,331 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\bigseekpro.xml [2011.01.24 21:23:28 | 000,001,832 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\bing.xml [2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\conduit.xml [2010.06.30 09:24:31 | 000,002,059 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\daemon-search.xml [2011.02.21 20:56:56 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-1.xml [2010.06.28 10:22:17 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-2.xml [2010.07.01 09:33:26 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-3.xml [2010.08.06 12:51:47 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-4.xml [2010.09.18 18:45:56 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-5.xml [2010.10.24 18:50:13 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-6.xml [2010.10.29 21:28:17 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-7.xml [2010.12.15 15:20:19 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-8.xml [2010.04.10 21:07:48 | 000,000,168 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin.gif [2010.04.10 21:07:48 | 000,000,618 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin.src [2010.04.30 20:11:24 | 000,000,947 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin.xml [2010.03.24 10:34:04 | 000,002,456 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\iMeshWebSearch.xml [2011.01.17 21:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.03.26 18:06:46 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.07.02 19:22:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.10.17 17:43:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.01.17 21:24:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2009.07.03 18:14:23 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Programme\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [2010.10.17 17:43:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.01.17 21:24:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.06 12:50:30 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.06 12:50:30 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.24 10:34:04 | 000,002,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\iMeshWebSearch.xml [2010.08.06 12:50:30 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.06 12:50:31 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.06 12:50:31 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [4StoryPrePatch] C:\Programme\Gameforge4D\4Story\PrePatch.exe (Zamiinc) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BigDog303] C:\Windows\VM303_STI.EXE (Vimicro) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [Profiler] C:\Programme\Saitek\Software\ProfilerU.exe (Saitek) O4 - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\Software\SaiMfd.exe (Saitek) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snpstd] File not found O4 - HKLM..\Run: [SSDMonitor] C:\Programme\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools ) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\Emre\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies) O4 - Startup: C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - File not found O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Emre\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Emre\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{90894d42-f21d-11de-852e-002421062aa0}\Shell - "" = AutoRun O33 - MountPoints2\{90894d42-f21d-11de-852e-002421062aa0}\Shell\AutoRun\command - "" = I:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.28 21:12:24 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Emre\Desktop\OTL.exe [2011.02.27 18:44:45 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{04A85D4A-A66A-473A-8856-24EE22CD7A82} [2011.02.27 16:35:54 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\Malwarebytes [2011.02.27 16:35:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.27 16:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.27 16:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.27 16:35:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.27 16:35:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.02.27 10:50:53 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{55053A25-183D-40A3-BE32-66DB21C08FAC} [2011.02.26 09:42:03 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{DB7C8116-0BA3-44E9-88DE-AAD5EAF71D37} [2011.02.24 18:38:05 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{ECEF8982-C900-4852-AA3D-5284F7D30CB2} [2011.02.24 11:42:34 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{EB212CD6-4053-440C-99B4-587969D4C9A4} [2011.02.23 13:07:23 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{BE911923-C770-4D3E-984C-B32014E6814A} [2011.02.22 13:53:02 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{DBF4F4DF-ABAE-4596-A97F-C0B2F78079CA} [2011.02.21 19:25:32 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{1FC15DCA-3AE3-45E9-B864-D5870F017CB9} [2011.02.21 14:33:27 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{EA566E1F-332E-46D3-BE2D-8D03638E59FD} [2011.02.19 17:45:00 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{7D63A2C8-48E3-4223-B7B6-9368A8B564E4} [2011.02.19 10:27:50 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{BFF1B6FD-ADDE-4E3C-B010-2CDB0EE020D1} [2011.02.17 12:46:54 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{0C9EFDF1-3DD0-4E66-8F1B-1B4D30AB81B7} [2011.02.16 13:29:35 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{33B5AE32-7362-4C63-B27B-A68C12F4CCF6} [2011.02.15 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{F44443C8-E261-4ADC-BD55-304F36EBB056} [2011.02.14 20:21:27 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{2AB75A0E-C704-47C8-B5B5-8A72874FD727} [2011.02.13 10:15:11 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{DE88001B-8708-4D80-88F9-90C20C3AD4D9} [2011.02.12 11:35:38 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{A199E499-D9AE-41C6-813F-273E3569EB9B} [2011.02.11 13:48:59 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{9344DA23-B657-4583-AEC1-2DA8B8CD2BB6} [2011.02.09 13:04:54 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{F149E82E-1519-49D7-966D-9CD8FFDE77A2} [2011.02.08 20:38:05 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.02.08 20:38:05 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.02.08 20:38:05 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.02.08 20:38:05 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.02.08 20:38:05 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.02.08 20:38:05 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.02.08 20:38:05 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.02.08 20:38:05 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.02.08 20:38:05 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.02.08 20:38:05 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.02.08 20:38:04 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.02.08 20:38:04 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.02.08 20:38:04 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.02.08 20:38:04 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.02.08 20:38:03 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.02.08 20:38:03 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.02.08 20:38:03 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.02.08 20:38:03 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.02.08 20:38:03 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.02.08 20:38:03 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.02.08 20:38:03 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.02.08 20:37:59 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.02.08 20:37:59 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.02.08 20:37:57 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.02.08 20:37:44 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.08 20:37:40 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.08 20:37:40 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.08 20:32:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.08 20:32:45 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.08 20:32:44 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.08 20:32:44 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.08 20:32:44 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.08 20:32:44 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.08 20:32:44 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.08 20:32:44 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.08 20:32:44 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.08 20:32:44 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.08 20:32:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.08 20:32:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.08 20:32:44 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.08 20:32:44 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.08 20:32:44 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.08 20:32:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.08 20:32:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.08 20:32:38 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.08 20:32:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.08 15:22:23 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{AAF7286E-566A-4140-88D2-2A609419A119} [2011.02.07 17:21:25 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\Windows Live Writer [2011.02.07 17:21:25 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\Windows Live Writer [2011.02.07 13:53:50 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{3C98C603-A439-4F78-8FCB-2C1788FB5E0E} [2011.02.06 10:57:08 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{F48CCE7E-ED1D-48DA-9769-883E6EDBC90C} [2011.02.05 09:17:27 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{F5D38BDD-CBF8-4114-A60D-27AFF68D4804} [2011.02.04 22:13:19 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\GameRanger [2011.02.03 16:42:58 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{35DAC40E-9CDD-4BF5-AFCD-E13137C41EFF} [2011.02.02 20:27:36 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2011.02.02 20:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.02.01 10:43:49 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{0C795070-0DB4-45B5-A585-148D317DF9EC} [2011.01.31 20:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey [2011.01.31 20:13:20 | 000,000,000 | ---D | C] -- C:\Programme\AutoHotkey [2011.01.31 15:40:46 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\Save-EE [2011.01.31 15:36:55 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\Save-EE [2011.01.31 12:03:21 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{ADB800A0-89EC-45A5-A176-EAA68A2D3D94} [2011.01.30 11:11:17 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{D280B5AF-EDEE-4FE5-B143-A2477A9A39EA} [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.28 21:25:05 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2011.02.28 21:21:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.28 21:21:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.28 21:12:26 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Emre\Desktop\OTL.exe [2011.02.28 21:11:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.28 13:52:10 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.02.28 13:38:41 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8579ADB6-98F4-4D4B-AFA5-D2FFFA62F856}.job [2011.02.28 13:21:57 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.28 13:21:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.28 13:21:09 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys [2011.02.27 16:35:45 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.27 14:28:16 | 000,006,442 | ---- | M] () -- C:\Users\Emre\.recently-used.xbel [2011.02.24 15:52:00 | 000,000,680 | ---- | M] () -- C:\Users\Emre\AppData\Local\d3d9caps.dat [2011.02.21 21:04:45 | 000,000,209 | ---- | M] () -- C:\Users\Emre\Desktop\Killing Floor Beta Dedicated Server.url [2011.02.21 19:55:41 | 000,043,520 | ---- | M] () -- C:\Users\Emre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.15 21:10:16 | 000,000,214 | ---- | M] () -- C:\Users\Emre\Desktop\Killing Floor SDK.url [2011.02.14 20:15:31 | 000,000,800 | ---- | M] () -- C:\Users\Emre\Desktop\Steam.lnk [2011.02.14 20:08:26 | 000,000,215 | ---- | M] () -- C:\Users\Emre\Desktop\Defence Alliance 2.url [2011.02.14 19:22:19 | 000,000,214 | ---- | M] () -- C:\Users\Emre\Desktop\Killing Floor.url [2011.02.09 13:10:05 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.09 13:10:05 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.09 13:10:05 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.09 13:10:05 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.09 13:02:41 | 000,332,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.05 23:39:52 | 000,000,361 | ---- | M] () -- C:\Users\Emre\SciTE.session [2011.02.05 19:04:56 | 000,000,023 | ---- | M] () -- C:\Users\Emre\Desktop\Klick.ahk [2011.02.04 22:13:30 | 000,000,993 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2011.02.04 22:13:30 | 000,000,979 | ---- | M] () -- C:\Users\Emre\Desktop\GameRanger.lnk [2011.02.04 16:33:00 | 000,000,564 | ---- | M] () -- C:\Users\Emre\Desktop\Spam.ahk [2011.02.02 20:27:36 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.02.02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011.01.31 22:53:37 | 000,000,697 | ---- | M] () -- C:\Users\Emre\Desktop\Samp.ahk [2011.01.31 22:13:09 | 000,000,198 | ---- | M] () -- C:\Users\Emre\Desktop\Bla.ahk [2011.01.31 20:32:00 | 000,000,850 | ---- | M] () -- C:\Users\Emre\Desktop\AutoHotkey.lnk [2011.01.31 20:13:44 | 000,001,352 | ---- | M] () -- C:\Users\Emre\Documents\AutoHotkey.ahk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.27 16:35:45 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.27 14:28:16 | 000,006,442 | ---- | C] () -- C:\Users\Emre\.recently-used.xbel [2011.02.21 21:04:45 | 000,000,209 | ---- | C] () -- C:\Users\Emre\Desktop\Killing Floor Beta Dedicated Server.url [2011.02.15 21:10:16 | 000,000,214 | ---- | C] () -- C:\Users\Emre\Desktop\Killing Floor SDK.url [2011.02.14 20:15:31 | 000,000,800 | ---- | C] () -- C:\Users\Emre\Desktop\Steam.lnk [2011.02.14 20:08:26 | 000,000,215 | ---- | C] () -- C:\Users\Emre\Desktop\Defence Alliance 2.url [2011.02.14 19:22:19 | 000,000,214 | ---- | C] () -- C:\Users\Emre\Desktop\Killing Floor.url [2011.02.05 18:40:44 | 000,000,023 | ---- | C] () -- C:\Users\Emre\Desktop\Klick.ahk [2011.02.04 22:13:30 | 000,000,993 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2011.02.04 22:13:30 | 000,000,979 | ---- | C] () -- C:\Users\Emre\Desktop\GameRanger.lnk [2011.02.04 22:13:30 | 000,000,965 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk [2011.02.04 16:31:02 | 000,000,564 | ---- | C] () -- C:\Users\Emre\Desktop\Spam.ahk [2011.01.31 22:09:51 | 000,000,198 | ---- | C] () -- C:\Users\Emre\Desktop\Bla.ahk [2011.01.31 20:33:13 | 000,000,697 | ---- | C] () -- C:\Users\Emre\Desktop\Samp.ahk [2011.01.31 20:32:00 | 000,000,850 | ---- | C] () -- C:\Users\Emre\Desktop\AutoHotkey.lnk [2011.01.31 20:13:44 | 000,001,352 | ---- | C] () -- C:\Users\Emre\Documents\AutoHotkey.ahk [2010.11.07 11:01:39 | 000,110,788 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.10.06 14:59:28 | 000,000,604 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\wklnhst.dat [2010.08.30 19:55:18 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2009.12.13 12:01:14 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2009.11.14 19:52:34 | 000,000,067 | ---- | C] () -- C:\Windows\SpeedGear.INI [2009.07.24 20:02:55 | 000,155,648 | ---- | C] () -- C:\Windows\System32\nY.exe [2009.07.14 19:31:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.14 19:31:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.14 08:14:25 | 000,089,430 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2009.07.14 08:14:25 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2009.07.14 08:14:25 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2009.07.14 08:14:25 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2009.07.14 08:14:25 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2009.07.14 08:14:25 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2009.07.14 08:14:25 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2009.07.14 08:14:25 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2009.07.14 08:14:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2009.07.14 08:14:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2009.07.14 08:14:25 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2009.07.14 08:14:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2009.07.14 08:14:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2009.07.14 08:14:25 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2009.07.14 08:14:25 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2009.07.14 08:14:25 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2009.07.14 08:14:25 | 000,000,099 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009.07.14 08:04:38 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX4200EFGIPSD.ini [2009.07.14 08:00:49 | 000,000,680 | ---- | C] () -- C:\Users\Emre\AppData\Local\d3d9caps.dat [2009.06.24 21:55:56 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin [2009.06.15 14:19:43 | 000,017,089 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\UserTile.png [2009.05.31 14:36:33 | 000,000,807 | ---- | C] () -- C:\Windows\Ssc.INI [2009.05.29 14:44:52 | 000,108,068 | ---- | C] () -- C:\Windows\War3Unin.dat [2009.04.26 12:44:10 | 000,037,416 | ---- | C] () -- C:\Windows\DIIUnin.dat [2009.04.07 12:26:44 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.04.07 12:26:44 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.04.07 12:26:44 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.03.27 19:58:30 | 000,043,520 | ---- | C] () -- C:\Users\Emre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.26 20:19:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.03.26 18:38:35 | 000,000,403 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.03.26 18:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.03.26 18:06:24 | 000,003,942 | ---- | C] () -- C:\Windows\mozver.dat [2009.02.26 14:50:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.01.22 12:33:38 | 000,000,030 | ---- | C] () -- C:\Windows\System32\drivers\version.dat [2009.01.20 23:18:53 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.01.20 23:18:53 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.01.20 23:18:53 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.01.20 23:18:53 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.01.20 14:50:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.22 04:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2007.03.29 22:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,332,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.02.25 05:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL ========== LOP Check ========== [2009.06.24 21:31:30 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\BitDefender [2009.12.26 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\DAEMON Tools Lite [2010.11.27 17:14:23 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Dev-Cpp [2011.02.04 22:13:29 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\GameRanger [2011.01.30 16:23:38 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\gtk-2.0 [2011.02.27 21:46:33 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\ICQ [2010.06.30 17:15:43 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\LolClient [2010.01.27 12:41:32 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Mumble [2009.08.10 18:50:39 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Nokia [2010.03.13 13:16:11 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Nokia Multimedia Player [2010.10.17 17:47:26 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\OpenOffice.org [2009.07.27 19:04:56 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\PC Suite [2009.06.15 14:19:42 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\PeerNetworking [2009.03.28 14:58:12 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Petroglyph [2011.02.01 20:38:13 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Save-EE [2010.10.01 16:55:04 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Soldat [2010.10.19 18:26:14 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Sony [2010.06.13 17:27:21 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\SpeedSim [2010.10.23 17:07:50 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\TeamViewer [2009.09.22 18:45:25 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Teeworlds [2010.10.06 14:59:30 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Template [2010.05.30 16:50:00 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\TS3Client [2009.12.26 14:09:56 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Ubisoft [2011.02.07 17:21:25 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Windows Live Writer [2011.02.27 22:57:15 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.02.28 13:38:41 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8579ADB6-98F4-4D4B-AFA5-D2FFFA62F856}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > |
|
01.03.2011, 09:58
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer Infiziert? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{90894d42-f21d-11de-852e-002421062aa0}\Shell - "" = AutoRun
O33 - MountPoints2\{90894d42-f21d-11de-852e-002421062aa0}\Shell\AutoRun\command - "" = I:\Autorun.exe
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ |
|
01.03.2011, 14:32
| #19 |
| | Computer Infiziert? All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90894d42-f21d-11de-852e-002421062aa0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90894d42-f21d-11de-852e-002421062aa0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90894d42-f21d-11de-852e-002421062aa0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90894d42-f21d-11de-852e-002421062aa0}\ not found. File I:\Autorun.exe not found. ADS C:\ProgramData\TEMP  1B5B4F1 deleted successfully.========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56545 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Benutzer* ->Temp folder emptied: 4034097 bytes ->Temporary Internet Files folder emptied: 3341626 bytes ->Java cache emptied: 3302713 bytes ->FireFox cache emptied: 121075630 bytes ->Google Chrome cache emptied: 13492669 bytes ->Flash cache emptied: 188351 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 155648 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4231155132 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4.174,00 mb OTL by OldTimer - Version 3.2.22.2 log created on 03012011_142521 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Frage: Was hab ich da eigendlich gemacht?? Bzw gelöscht? MfG Doom |
|
01.03.2011, 15:27
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer Infiziert? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.03.2011, 18:03
| #21 |
| | Computer Infiziert? Combofix Logfile: Code:
ATTFilter ComboFix 11-02-28.07 - Emre 01.03.2011 17:48:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.1659 [GMT 1:00]
ausgeführt von:: c:\users\Emre\Desktop\Cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
c:\windows\system32\winio.vxd
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-01 bis 2011-03-01 ))))))))))))))))))))))))))))))
.
2011-03-01 16:38 . 2011-03-01 16:38 -------- d-----w- c:\program files\CCleaner
2011-03-01 13:25 . 2011-03-01 13:25 -------- d-----w- C:\_OTL
2011-02-27 17:44 . 2011-02-27 17:44 -------- d-----w- c:\users\Emre\AppData\Local\{04A85D4A-A66A-473A-8856-24EE22CD7A82}
2011-02-27 15:35 . 2011-02-27 15:35 -------- d-----w- c:\users\Emre\AppData\Roaming\Malwarebytes
2011-02-27 15:35 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 15:35 . 2011-02-27 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-27 15:35 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-27 09:50 . 2011-02-27 09:50 -------- d-----w- c:\users\Emre\AppData\Local\{55053A25-183D-40A3-BE32-66DB21C08FAC}
2011-02-26 08:42 . 2011-02-26 08:42 -------- d-----w- c:\users\Emre\AppData\Local\{DB7C8116-0BA3-44E9-88DE-AAD5EAF71D37}
2011-02-24 17:38 . 2011-02-24 17:38 -------- d-----w- c:\users\Emre\AppData\Local\{ECEF8982-C900-4852-AA3D-5284F7D30CB2}
2011-02-24 10:42 . 2011-02-24 10:42 -------- d-----w- c:\users\Emre\AppData\Local\{EB212CD6-4053-440C-99B4-587969D4C9A4}
2011-02-23 12:07 . 2011-02-23 12:07 -------- d-----w- c:\users\Emre\AppData\Local\{BE911923-C770-4D3E-984C-B32014E6814A}
2011-02-22 12:53 . 2011-02-22 12:53 -------- d-----w- c:\users\Emre\AppData\Local\{DBF4F4DF-ABAE-4596-A97F-C0B2F78079CA}
2011-02-21 18:25 . 2011-02-21 18:25 -------- d-----w- c:\users\Emre\AppData\Local\{1FC15DCA-3AE3-45E9-B864-D5870F017CB9}
2011-02-21 13:33 . 2011-02-21 13:33 -------- d-----w- c:\users\Emre\AppData\Local\{EA566E1F-332E-46D3-BE2D-8D03638E59FD}
2011-02-19 16:45 . 2011-02-19 16:45 -------- d-----w- c:\users\Emre\AppData\Local\{7D63A2C8-48E3-4223-B7B6-9368A8B564E4}
2011-02-19 09:27 . 2011-02-19 09:27 -------- d-----w- c:\users\Emre\AppData\Local\{BFF1B6FD-ADDE-4E3C-B010-2CDB0EE020D1}
2011-02-17 11:46 . 2011-02-17 11:46 -------- d-----w- c:\users\Emre\AppData\Local\{0C9EFDF1-3DD0-4E66-8F1B-1B4D30AB81B7}
2011-02-16 12:29 . 2011-02-16 12:29 -------- d-----w- c:\users\Emre\AppData\Local\{33B5AE32-7362-4C63-B27B-A68C12F4CCF6}
2011-02-15 12:48 . 2011-02-15 12:48 -------- d-----w- c:\users\Emre\AppData\Local\{F44443C8-E261-4ADC-BD55-304F36EBB056}
2011-02-14 19:21 . 2011-02-14 19:21 -------- d-----w- c:\users\Emre\AppData\Local\{2AB75A0E-C704-47C8-B5B5-8A72874FD727}
2011-02-13 09:15 . 2011-02-13 09:15 -------- d-----w- c:\users\Emre\AppData\Local\{DE88001B-8708-4D80-88F9-90C20C3AD4D9}
2011-02-12 10:35 . 2011-02-12 10:35 -------- d-----w- c:\users\Emre\AppData\Local\{A199E499-D9AE-41C6-813F-273E3569EB9B}
2011-02-11 12:48 . 2011-02-11 12:49 -------- d-----w- c:\users\Emre\AppData\Local\{9344DA23-B657-4583-AEC1-2DA8B8CD2BB6}
2011-02-09 12:04 . 2011-02-09 12:04 -------- d-----w- c:\users\Emre\AppData\Local\{F149E82E-1519-49D7-966D-9CD8FFDE77A2}
2011-02-08 19:37 . 2011-01-20 16:07 37376 ----a-w- c:\windows\system32\cdd.dll
2011-02-08 19:37 . 2011-01-20 16:04 98816 ----a-w- c:\windows\system32\mfps.dll
2011-02-08 19:37 . 2011-01-20 16:07 258048 ----a-w- c:\windows\system32\winspool.drv
2011-02-08 19:37 . 2011-01-20 16:06 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-02-08 19:37 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-08 19:37 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-08 19:37 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-08 19:37 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-08 19:37 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-08 14:22 . 2011-02-08 14:22 -------- d-----w- c:\users\Emre\AppData\Local\{AAF7286E-566A-4140-88D2-2A609419A119}
2011-02-07 16:21 . 2011-02-07 16:21 -------- d-----w- c:\users\Emre\AppData\Local\Windows Live Writer
2011-02-07 16:21 . 2011-02-07 16:21 -------- d-----w- c:\users\Emre\AppData\Roaming\Windows Live Writer
2011-02-07 12:53 . 2011-02-07 12:53 -------- d-----w- c:\users\Emre\AppData\Local\{3C98C603-A439-4F78-8FCB-2C1788FB5E0E}
2011-02-06 09:57 . 2011-02-06 09:57 -------- d-----w- c:\users\Emre\AppData\Local\{F48CCE7E-ED1D-48DA-9769-883E6EDBC90C}
2011-02-05 08:17 . 2011-02-05 08:17 -------- d-----w- c:\users\Emre\AppData\Local\{F5D38BDD-CBF8-4114-A60D-27AFF68D4804}
2011-02-04 21:13 . 2011-02-04 21:13 -------- d-----w- c:\users\Emre\AppData\Roaming\GameRanger
2011-02-03 15:42 . 2011-02-03 15:42 -------- d-----w- c:\users\Emre\AppData\Local\{35DAC40E-9CDD-4BF5-AFCD-E13137C41EFF}
2011-02-02 19:27 . 2011-02-02 19:27 -------- d-----w- c:\program files\Common Files\Skype
2011-02-01 09:43 . 2011-02-01 09:43 -------- d-----w- c:\users\Emre\AppData\Local\{0C795070-0DB4-45B5-A585-148D317DF9EC}
2011-01-31 19:13 . 2011-01-31 19:13 -------- d-----w- c:\program files\AutoHotkey
2011-01-31 14:40 . 2011-01-31 14:40 -------- d-----w- c:\users\Emre\AppData\Local\Save-EE
2011-01-31 14:36 . 2011-02-01 19:38 -------- d-----w- c:\users\Emre\AppData\Roaming\Save-EE
2011-01-31 11:03 . 2011-01-31 11:03 -------- d-----w- c:\users\Emre\AppData\Local\{ADB800A0-89EC-45A5-A176-EAA68A2D3D94}
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-03 08:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 16:08 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-22 11:47 . 2009-07-20 08:26 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-14 14:49 . 2011-01-12 16:07 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\Softonic_Deutsch\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-26 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-11-25 292824]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-21 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 92704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-26 185872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2005-10-18 163840]
"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2005-11-03 126976]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-24 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story\PrePatch.exe" [2010-08-31 319488]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
c:\users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Emre\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2011-1-28 1257184]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WeGame.lnk - c:\program files\WeGame\wegame.exe [2010-5-7 1867776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9b3853bf8e36c;Google Update Service (gupdate1c9b3853bf8e36c);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 133104]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-06 3819912]
R3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys [2006-02-28 176640]
R3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys [2006-02-28 27264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-26 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-07 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-11-25 583640]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2011-03-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 16:45]
2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 11:21]
2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 11:21]
2011-03-01 c:\windows\Tasks\User_Feed_Synchronization-{8579ADB6-98F4-4D4B-AFA5-D2FFFA62F856}.job
- c:\windows\system32\msfeedssync.exe [2011-02-08 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://g.live.com/1rewlive4startup/home
mStart Page = hxxp://www.bigseekpro.com/hypercam/{8723FF7F-63AE-4FAB-8D0F-EAFC9B444A18}
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-snpstd - c:\windows\vsnpstd.exe
**************************************************************************
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????@?@??????????????????????????
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3462764783-541386736-1487009282-1000\Software\SecuROM\License information*]
"datasecu"=hex:1b,2b,5c,c9,ab,54,0d,39,da,a3,64,78,6d,a1,6b,cf,b8,e0,6b,8d,ea,
e0,9e,08,e6,3d,a8,bc,19,5b,bc,1c,d7,ef,ed,81,da,84,96,87,46,8f,03,b3,93,e7,\
"rkeysecu"=hex:cd,6b,01,62,87,2f,1f,06,d9,bc,2f,ef,12,75,19,36
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-03-01 17:59:38
ComboFix-quarantined-files.txt 2011-03-01 16:59
Vor Suchlauf: 9 Verzeichnis(se), 650.422.116.352 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 650.345.811.968 Bytes frei
- - End Of File - - 2D21696D7B5D35C58A8A983DCB9D2C8B
|
|
01.03.2011, 21:44
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer Infiziert? Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Dirlook::
c:\users\Emre\AppData\Local\{04A85D4A-A66A-473A-8856-24EE22CD7A82}
c:\users\Emre\AppData\Local\{55053A25-183D-40A3-BE32-66DB21C08FAC}
c:\users\Emre\AppData\Local\{DB7C8116-0BA3-44E9-88DE-AAD5EAF71D37}
c:\users\Emre\AppData\Local\{ECEF8982-C900-4852-AA3D-5284F7D30CB2}
c:\users\Emre\AppData\Local\{EB212CD6-4053-440C-99B4-587969D4C9A4}
c:\users\Emre\AppData\Local\{BE911923-C770-4D3E-984C-B32014E6814A}
c:\users\Emre\AppData\Local\{DBF4F4DF-ABAE-4596-A97F-C0B2F78079CA}
c:\users\Emre\AppData\Local\{1FC15DCA-3AE3-45E9-B864-D5870F017CB9}
c:\users\Emre\AppData\Local\{EA566E1F-332E-46D3-BE2D-8D03638E59FD}
c:\users\Emre\AppData\Local\{7D63A2C8-48E3-4223-B7B6-9368A8B564E4}
c:\users\Emre\AppData\Local\{BFF1B6FD-ADDE-4E3C-B010-2CDB0EE020D1}
c:\users\Emre\AppData\Local\{0C9EFDF1-3DD0-4E66-8F1B-1B4D30AB81B7}
c:\users\Emre\AppData\Local\{33B5AE32-7362-4C63-B27B-A68C12F4CCF6}
c:\users\Emre\AppData\Local\{F44443C8-E261-4ADC-BD55-304F36EBB056}
c:\users\Emre\AppData\Local\{2AB75A0E-C704-47C8-B5B5-8A72874FD727}
c:\users\Emre\AppData\Local\{DE88001B-8708-4D80-88F9-90C20C3AD4D9}
c:\users\Emre\AppData\Local\{A199E499-D9AE-41C6-813F-273E3569EB9B}
c:\users\Emre\AppData\Local\{9344DA23-B657-4583-AEC1-2DA8B8CD2BB6}
c:\users\Emre\AppData\Local\{F149E82E-1519-49D7-966D-9CD8FFDE77A2}
c:\users\Emre\AppData\Local\{AAF7286E-566A-4140-88D2-2A609419A119}
c:\users\Emre\AppData\Local\{3C98C603-A439-4F78-8FCB-2C1788FB5E0E}
c:\users\Emre\AppData\Local\{F48CCE7E-ED1D-48DA-9769-883E6EDBC90C}
c:\users\Emre\AppData\Local\{F5D38BDD-CBF8-4114-A60D-27AFF68D4804}
c:\users\Emre\AppData\Local\{35DAC40E-9CDD-4BF5-AFCD-E13137C41EFF}
c:\users\Emre\AppData\Local\{0C795070-0DB4-45B5-A585-148D317DF9EC}
c:\users\Emre\AppData\Local\Save-EE
c:\users\Emre\AppData\Roaming\Save-EE
c:\users\Emre\AppData\Local\{ADB800A0-89EC-45A5-A176-EAA68A2D3D94}
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.03.2011, 22:32
| #23 |
| | Computer Infiziert? Combofix Logfile: Code:
ATTFilter ComboFix 11-02-28.07 - Emre 01.03.2011 22:06:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.2182 [GMT 1:00]
ausgeführt von:: c:\users\Emre\Desktop\Cofi.exe.exe
Benutzte Befehlsschalter :: c:\users\Emre\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-01 bis 2011-03-01 ))))))))))))))))))))))))))))))
.
2011-03-01 21:15 . 2011-03-01 21:15 -------- d-----w- c:\users\Emre\AppData\Local\temp
2011-03-01 21:15 . 2011-03-01 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-01 16:47 . 2011-03-01 16:59 -------- d-----w- C:\Cofi.exe
2011-03-01 16:38 . 2011-03-01 16:38 -------- d-----w- c:\program files\CCleaner
2011-03-01 13:25 . 2011-03-01 19:44 -------- d-----w- C:\_OTL
2011-02-27 17:44 . 2011-02-27 17:44 -------- d-----w- c:\users\Emre\AppData\Local\{04A85D4A-A66A-473A-8856-24EE22CD7A82}
2011-02-27 15:35 . 2011-02-27 15:35 -------- d-----w- c:\users\Emre\AppData\Roaming\Malwarebytes
2011-02-27 15:35 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 15:35 . 2011-02-27 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-27 15:35 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-27 09:50 . 2011-02-27 09:50 -------- d-----w- c:\users\Emre\AppData\Local\{55053A25-183D-40A3-BE32-66DB21C08FAC}
2011-02-26 08:42 . 2011-02-26 08:42 -------- d-----w- c:\users\Emre\AppData\Local\{DB7C8116-0BA3-44E9-88DE-AAD5EAF71D37}
2011-02-24 17:38 . 2011-02-24 17:38 -------- d-----w- c:\users\Emre\AppData\Local\{ECEF8982-C900-4852-AA3D-5284F7D30CB2}
2011-02-24 10:42 . 2011-02-24 10:42 -------- d-----w- c:\users\Emre\AppData\Local\{EB212CD6-4053-440C-99B4-587969D4C9A4}
2011-02-23 12:07 . 2011-02-23 12:07 -------- d-----w- c:\users\Emre\AppData\Local\{BE911923-C770-4D3E-984C-B32014E6814A}
2011-02-22 12:53 . 2011-02-22 12:53 -------- d-----w- c:\users\Emre\AppData\Local\{DBF4F4DF-ABAE-4596-A97F-C0B2F78079CA}
2011-02-21 18:25 . 2011-02-21 18:25 -------- d-----w- c:\users\Emre\AppData\Local\{1FC15DCA-3AE3-45E9-B864-D5870F017CB9}
2011-02-21 13:33 . 2011-02-21 13:33 -------- d-----w- c:\users\Emre\AppData\Local\{EA566E1F-332E-46D3-BE2D-8D03638E59FD}
2011-02-19 16:45 . 2011-02-19 16:45 -------- d-----w- c:\users\Emre\AppData\Local\{7D63A2C8-48E3-4223-B7B6-9368A8B564E4}
2011-02-19 09:27 . 2011-02-19 09:27 -------- d-----w- c:\users\Emre\AppData\Local\{BFF1B6FD-ADDE-4E3C-B010-2CDB0EE020D1}
2011-02-17 11:46 . 2011-02-17 11:46 -------- d-----w- c:\users\Emre\AppData\Local\{0C9EFDF1-3DD0-4E66-8F1B-1B4D30AB81B7}
2011-02-16 12:29 . 2011-02-16 12:29 -------- d-----w- c:\users\Emre\AppData\Local\{33B5AE32-7362-4C63-B27B-A68C12F4CCF6}
2011-02-15 12:48 . 2011-02-15 12:48 -------- d-----w- c:\users\Emre\AppData\Local\{F44443C8-E261-4ADC-BD55-304F36EBB056}
2011-02-14 19:21 . 2011-02-14 19:21 -------- d-----w- c:\users\Emre\AppData\Local\{2AB75A0E-C704-47C8-B5B5-8A72874FD727}
2011-02-13 09:15 . 2011-02-13 09:15 -------- d-----w- c:\users\Emre\AppData\Local\{DE88001B-8708-4D80-88F9-90C20C3AD4D9}
2011-02-12 10:35 . 2011-02-12 10:35 -------- d-----w- c:\users\Emre\AppData\Local\{A199E499-D9AE-41C6-813F-273E3569EB9B}
2011-02-11 12:48 . 2011-02-11 12:49 -------- d-----w- c:\users\Emre\AppData\Local\{9344DA23-B657-4583-AEC1-2DA8B8CD2BB6}
2011-02-09 12:04 . 2011-02-09 12:04 -------- d-----w- c:\users\Emre\AppData\Local\{F149E82E-1519-49D7-966D-9CD8FFDE77A2}
2011-02-08 19:37 . 2011-01-20 16:07 37376 ----a-w- c:\windows\system32\cdd.dll
2011-02-08 19:37 . 2011-01-20 16:04 98816 ----a-w- c:\windows\system32\mfps.dll
2011-02-08 19:37 . 2011-01-20 16:07 258048 ----a-w- c:\windows\system32\winspool.drv
2011-02-08 19:37 . 2011-01-20 16:06 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-02-08 19:37 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-08 19:37 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-08 19:37 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-08 19:37 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-08 19:37 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-08 14:22 . 2011-02-08 14:22 -------- d-----w- c:\users\Emre\AppData\Local\{AAF7286E-566A-4140-88D2-2A609419A119}
2011-02-07 16:21 . 2011-02-07 16:21 -------- d-----w- c:\users\Emre\AppData\Local\Windows Live Writer
2011-02-07 16:21 . 2011-02-07 16:21 -------- d-----w- c:\users\Emre\AppData\Roaming\Windows Live Writer
2011-02-07 12:53 . 2011-02-07 12:53 -------- d-----w- c:\users\Emre\AppData\Local\{3C98C603-A439-4F78-8FCB-2C1788FB5E0E}
2011-02-06 09:57 . 2011-02-06 09:57 -------- d-----w- c:\users\Emre\AppData\Local\{F48CCE7E-ED1D-48DA-9769-883E6EDBC90C}
2011-02-05 08:17 . 2011-02-05 08:17 -------- d-----w- c:\users\Emre\AppData\Local\{F5D38BDD-CBF8-4114-A60D-27AFF68D4804}
2011-02-04 21:13 . 2011-02-04 21:13 -------- d-----w- c:\users\Emre\AppData\Roaming\GameRanger
2011-02-03 15:42 . 2011-02-03 15:42 -------- d-----w- c:\users\Emre\AppData\Local\{35DAC40E-9CDD-4BF5-AFCD-E13137C41EFF}
2011-02-02 19:27 . 2011-02-02 19:27 -------- d-----w- c:\program files\Common Files\Skype
2011-02-01 09:43 . 2011-02-01 09:43 -------- d-----w- c:\users\Emre\AppData\Local\{0C795070-0DB4-45B5-A585-148D317DF9EC}
2011-01-31 19:13 . 2011-01-31 19:13 -------- d-----w- c:\program files\AutoHotkey
2011-01-31 14:40 . 2011-01-31 14:40 -------- d-----w- c:\users\Emre\AppData\Local\Save-EE
2011-01-31 14:36 . 2011-02-01 19:38 -------- d-----w- c:\users\Emre\AppData\Roaming\Save-EE
2011-01-31 11:03 . 2011-01-31 11:03 -------- d-----w- c:\users\Emre\AppData\Local\{ADB800A0-89EC-45A5-A176-EAA68A2D3D94}
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-03 08:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 16:08 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-22 11:47 . 2009-07-20 08:26 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-14 14:49 . 2011-01-12 16:07 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Emre\AppData\Local\{04A85D4A-A66A-473A-8856-24EE22CD7A82} ----
---- Directory of c:\users\Emre\AppData\Local\{0C795070-0DB4-45B5-A585-148D317DF9EC} ----
---- Directory of c:\users\Emre\AppData\Local\{0C9EFDF1-3DD0-4E66-8F1B-1B4D30AB81B7} ----
---- Directory of c:\users\Emre\AppData\Local\{1FC15DCA-3AE3-45E9-B864-D5870F017CB9} ----
---- Directory of c:\users\Emre\AppData\Local\{2AB75A0E-C704-47C8-B5B5-8A72874FD727} ----
---- Directory of c:\users\Emre\AppData\Local\{33B5AE32-7362-4C63-B27B-A68C12F4CCF6} ----
---- Directory of c:\users\Emre\AppData\Local\{35DAC40E-9CDD-4BF5-AFCD-E13137C41EFF} ----
---- Directory of c:\users\Emre\AppData\Local\{3C98C603-A439-4F78-8FCB-2C1788FB5E0E} ----
---- Directory of c:\users\Emre\AppData\Local\{55053A25-183D-40A3-BE32-66DB21C08FAC} ----
---- Directory of c:\users\Emre\AppData\Local\{7D63A2C8-48E3-4223-B7B6-9368A8B564E4} ----
---- Directory of c:\users\Emre\AppData\Local\{9344DA23-B657-4583-AEC1-2DA8B8CD2BB6} ----
---- Directory of c:\users\Emre\AppData\Local\{A199E499-D9AE-41C6-813F-273E3569EB9B} ----
---- Directory of c:\users\Emre\AppData\Local\{AAF7286E-566A-4140-88D2-2A609419A119} ----
---- Directory of c:\users\Emre\AppData\Local\{ADB800A0-89EC-45A5-A176-EAA68A2D3D94} ----
---- Directory of c:\users\Emre\AppData\Local\{BE911923-C770-4D3E-984C-B32014E6814A} ----
---- Directory of c:\users\Emre\AppData\Local\{BFF1B6FD-ADDE-4E3C-B010-2CDB0EE020D1} ----
---- Directory of c:\users\Emre\AppData\Local\{DB7C8116-0BA3-44E9-88DE-AAD5EAF71D37} ----
---- Directory of c:\users\Emre\AppData\Local\{DBF4F4DF-ABAE-4596-A97F-C0B2F78079CA} ----
---- Directory of c:\users\Emre\AppData\Local\{DE88001B-8708-4D80-88F9-90C20C3AD4D9} ----
---- Directory of c:\users\Emre\AppData\Local\{EA566E1F-332E-46D3-BE2D-8D03638E59FD} ----
---- Directory of c:\users\Emre\AppData\Local\{EB212CD6-4053-440C-99B4-587969D4C9A4} ----
---- Directory of c:\users\Emre\AppData\Local\{ECEF8982-C900-4852-AA3D-5284F7D30CB2} ----
---- Directory of c:\users\Emre\AppData\Local\{F149E82E-1519-49D7-966D-9CD8FFDE77A2} ----
---- Directory of c:\users\Emre\AppData\Local\{F44443C8-E261-4ADC-BD55-304F36EBB056} ----
---- Directory of c:\users\Emre\AppData\Local\{F48CCE7E-ED1D-48DA-9769-883E6EDBC90C} ----
---- Directory of c:\users\Emre\AppData\Local\{F5D38BDD-CBF8-4114-A60D-27AFF68D4804} ----
---- Directory of c:\users\Emre\AppData\Local\Save-EE ----
2011-01-31 14:40 . 2011-02-11 15:27 1903 ----a-w- c:\users\Emre\AppData\Local\Save-EE\LobbyClient.exe_Url_gclkt2ejerr20wmxxqssu24tdtqpxkro\2.6.5.0\user.config
---- Directory of c:\users\Emre\AppData\Roaming\Save-EE ----
2011-02-01 19:38 . 2011-02-01 19:42 520380 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Crack\EE-AOC.exe
2011-01-31 14:38 . 2011-01-31 14:38 262176 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\textures\post game victory_1_1.sst
2011-01-31 14:38 . 2011-01-31 14:38 262176 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\textures\post game defeat_1_1.sst
2011-01-31 14:37 . 2011-01-31 14:38 262176 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\textures\mainmenuback_1_1.sst
2011-01-31 14:37 . 2011-01-31 14:37 25722 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island\zTropic Island Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25767 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island\zTropic Island Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25764 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island\zTropic Island Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25738 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island\zTropic Island Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25788 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island\zTropic Island Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25811 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island\zTropic Island Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 2863 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island\Climate-Terrain.rmv
2011-01-31 14:37 . 2011-01-31 14:37 7496 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37 30912 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z\Tournament Islands Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 26119 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z\Tournament Islands Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 27207 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z\Tournament Islands Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25406 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z\Tournament Islands Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25358 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z\Tournament Islands Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 26058 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z\Tournament Islands Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 7477 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37 27889 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X\Tournament Islands Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25703 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X\Tournament Islands Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 26518 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X\Tournament Islands Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25554 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X\Tournament Islands Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 26036 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X\Tournament Islands Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25768 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X\Tournament Islands Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24881 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25001 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25011 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25014 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25009 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25078 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25029 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25232 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25449 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25639 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 26181 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25997 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 6650 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37 475 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Map Climate.rmv
2011-01-31 14:37 . 2011-01-31 14:37 2262 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Common Terrain Painting.rmv
2011-01-31 14:37 . 2011-01-31 14:37 806 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Common Forests.rmv
2011-01-31 14:37 . 2011-01-31 14:37 5796 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Common Conditions.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24596 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Rivers\Rivers Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24929 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Rivers\Rivers Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24689 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Rivers\Rivers Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24933 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Rivers\Rivers Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24925 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Rivers\Rivers Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24883 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Rivers\Rivers Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 6625 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25232 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Plains Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 23875 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Plains Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 23676 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Plains Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24309 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Plains Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24509 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Plains Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24186 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Plains Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 305 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Map Climate.rmv
2011-01-31 14:37 . 2011-01-31 14:37 2050 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Common Forests.rmv
2011-01-31 14:37 . 2011-01-31 14:37 5859 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island.rmv
2011-01-31 14:37 . 2011-01-31 14:37 72467 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zRandom Land.rmv
2011-01-31 14:37 . 2011-01-31 14:37 37271 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zRandom Islands.rmv
2011-01-31 14:37 . 2011-01-31 14:37 10015 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zContinents-DrOrange.rmv
2011-01-31 14:37 . 2011-01-31 14:37 18995 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zBG_Death Gulch.rmv
2011-01-31 14:37 . 2011-01-31 14:37 6988 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z.rmv
2011-01-31 14:37 . 2011-01-31 14:37 6988 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X.rmv
2011-01-31 14:37 . 2011-01-31 14:37 5830 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Vicious Isthmi.rmv
2011-01-31 14:37 . 2011-01-31 14:37 72469 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Uniquely Random.rmv
2011-01-31 14:37 . 2011-01-31 14:37 58538 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Twisted For Grens.rmv
2011-01-31 14:37 . 2011-01-31 14:37 5622 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tweek My CA Micro.rmv
2011-01-31 14:37 . 2011-01-31 14:37 5627 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis.rmv
2011-01-31 14:37 . 2011-01-31 14:37 6299 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tortured Rivers.rmv
2011-01-31 14:37 . 2011-01-31 14:37 2356 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\db\dbworld.dat
2011-01-31 14:37 . 2011-01-31 14:37 2903364 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\db\dbuicontrols.dat
2011-01-31 14:37 . 2011-01-31 14:37 796 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\db\dbstartingresources.dat
2011-01-31 14:37 . 2011-01-31 14:37 1999 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Update Notes.txt
2011-01-31 14:37 . 2011-01-31 14:37 11 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\patchversion.txt
2011-01-31 14:37 . 2011-01-31 14:37 429 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Credits.txt.txt
2011-01-31 14:37 . 2011-01-31 14:37 262176 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\textures\post game victory_1_1.sst
2011-01-31 14:37 . 2011-01-31 14:37 262176 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\textures\post game defeat_1_1.sst
2011-01-31 14:37 . 2011-01-31 14:37 262176 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\textures\men_moorishcav_07t.sst
2011-01-31 14:37 . 2011-01-31 14:37 49196 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\textures\gun_sentinel_15t.tga
2011-01-31 14:37 . 2011-01-31 14:37 196652 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\textures\bkg_title_1_1.tga
2011-01-31 14:37 . 2011-01-31 14:37 25722 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island\zTropic Island Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25767 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island\zTropic Island Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25764 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island\zTropic Island Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25738 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island\zTropic Island Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25788 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island\zTropic Island Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25811 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island\zTropic Island Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 2863 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island\Climate-Terrain.rmv
2011-01-31 14:37 . 2011-01-31 14:37 7496 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37 30912 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z\Tournament Islands Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 26119 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z\Tournament Islands Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 27207 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z\Tournament Islands Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25406 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z\Tournament Islands Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25358 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z\Tournament Islands Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 26058 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z\Tournament Islands Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 7477 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37 27889 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X\Tournament Islands Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25703 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X\Tournament Islands Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 26518 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X\Tournament Islands Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25554 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X\Tournament Islands Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 26036 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X\Tournament Islands Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25768 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X\Tournament Islands Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24881 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25001 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25011 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25014 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25009 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25078 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25029 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25232 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25449 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25639 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 26181 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25997 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 6650 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37 475 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Map Climate.rmv
2011-01-31 14:37 . 2011-01-31 14:37 2262 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Common Terrain Painting.rmv
2011-01-31 14:37 . 2011-01-31 14:37 806 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Common Forests.rmv
2011-01-31 14:37 . 2011-01-31 14:37 5796 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Common Conditions.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24596 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Rivers\Rivers Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24929 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Rivers\Rivers Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24689 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Rivers\Rivers Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24933 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Rivers\Rivers Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24925 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Rivers\Rivers Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24883 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Rivers\Rivers Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 50629 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Mediterranean - Space\Mediterranean Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 51347 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Mediterranean - Space\Mediterranean Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 51424 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Mediterranean - Space\Mediterranean Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 51753 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Mediterranean - Space\Mediterranean Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 51475 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Mediterranean - Space\Mediterranean Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 51301 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Mediterranean - Space\Mediterranean Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 50475 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Continental - Space\Continental Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 50914 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Continental - Space\Continental Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 51128 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Continental - Space\Continental Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 51328 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Continental - Space\Continental Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 51871 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Continental - Space\Continental Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 51693 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Continental - Space\Continental Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 6625 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37 25232 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Plains Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37 23875 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Plains Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37 23676 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Plains Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24309 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Plains Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24509 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Plains Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37 24186 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Plains Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37 305 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Map Climate.rmv
2011-01-31 14:37 . 2011-01-31 14:37 2050 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Common Forests.rmv
2011-01-31 14:37 . 2011-01-31 14:37 5859 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island.rmv
2011-01-31 14:37 . 2011-01-31 14:37 18378 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zRandom Space Islands.rmv
2011-01-31 14:37 . 2011-01-31 14:37 59082 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zRandom Land.rmv
2011-01-31 14:37 . 2011-01-31 14:37 37271 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zRandom Islands.rmv
2011-01-31 14:37 . 2011-01-31 14:37 6830 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zMediterranean - Space.rmv
2011-01-31 14:37 . 2011-01-31 14:37 10015 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zContinents-DrOrange.rmv
2011-01-31 14:37 . 2011-01-31 14:37 6587 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zContinental - Space.rmv
2011-01-31 14:37 . 2011-01-31 14:37 18995 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zBG_Death Gulch.rmv
2011-01-31 14:37 . 2011-01-31 14:37 6988 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z.rmv
2011-01-31 14:37 . 2011-01-31 14:37 6988 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X.rmv
2011-01-31 14:37 . 2011-01-31 14:37 5830 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Vicious Isthmi.rmv
2011-01-31 14:37 . 2011-01-31 14:37 59981 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Uniquely Random.rmv
2011-01-31 14:37 . 2011-01-31 14:37 58538 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Twisted For Grens.rmv
2011-01-31 14:37 . 2011-01-31 14:37 5622 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tweek My CA Micro.rmv
2011-01-31 14:37 . 2011-01-31 14:37 5627 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis.rmv
2011-01-31 14:37 . 2011-01-31 14:37 6299 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tortured Rivers.rmv
2011-01-31 14:37 . 2011-01-31 14:37 384840 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Models\gun_sentinel_15.cem
2011-01-31 14:37 . 2011-01-31 14:37 24 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Models\amb_rock.cem
2011-01-31 14:37 . 2011-01-31 14:37 2664 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbworld.dat
2011-01-31 14:37 . 2011-01-31 14:37 2924864 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbuicontrols.dat
2011-01-31 14:37 . 2011-01-31 14:37 1226932 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbtechtree.dat
2011-01-31 14:37 . 2011-01-31 14:37 796 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbstartingresources.dat
2011-01-31 14:37 . 2011-01-31 14:37 2764 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbpremadecivs.dat
2011-01-31 14:37 . 2011-01-31 14:37 1662084 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbobjects.dat
2011-01-31 14:36 . 2011-01-31 14:37 936188 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbgraphics.dat
2011-01-31 14:36 . 2011-01-31 14:36 3500 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbcivpowers.dat
2011-01-31 14:36 . 2011-01-31 14:36 8500 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbcalamity.dat
2011-01-31 14:36 . 2011-01-31 14:36 346980 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbbuttons.dat
2011-01-31 14:36 . 2011-01-31 14:36 8962 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Update Notes.txt
2011-01-31 14:36 . 2011-01-31 14:36 11 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\patchversion.txt
2011-01-31 14:36 . 2011-01-31 14:36 429 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Credits.txt.txt
2011-01-31 14:36 . 2011-01-31 14:36 48557 ----a-w- c:\users\Emre\AppData\Roaming\Save-EE\Patch\patchinfo.dat
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\Softonic_Deutsch\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-26 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-11-25 292824]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-21 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 92704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-26 185872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2005-10-18 163840]
"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2005-11-03 126976]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-24 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
c:\users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Emre\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2011-1-28 1257184]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WeGame.lnk - c:\program files\WeGame\wegame.exe [2010-5-7 1867776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9b3853bf8e36c;Google Update Service (gupdate1c9b3853bf8e36c);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 133104]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-06 3819912]
R3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys [2006-02-28 176640]
R3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys [2006-02-28 27264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-26 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-07 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-11-25 583640]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2011-03-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 16:45]
2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 11:21]
2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 11:21]
2011-03-01 c:\windows\Tasks\User_Feed_Synchronization-{8579ADB6-98F4-4D4B-AFA5-D2FFFA62F856}.job
- c:\windows\system32\msfeedssync.exe [2011-02-08 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://g.live.com/1rewlive4startup/home
mStart Page = hxxp://www.bigseekpro.com/hypercam/{8723FF7F-63AE-4FAB-8D0F-EAFC9B444A18}
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-4StoryPrePatch - c:\program files\Gameforge4D\4Story\PrePatch.exe
**************************************************************************
Scanne versteckte Prozesse...
[0] 0x00200073
Scanne versteckte Autostarteinträge...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????@?@??????????????????????????
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3462764783-541386736-1487009282-1000\Software\SecuROM\License information*]
"datasecu"=hex:1b,2b,5c,c9,ab,54,0d,39,da,a3,64,78,6d,a1,6b,cf,b8,e0,6b,8d,ea,
e0,9e,08,e6,3d,a8,bc,19,5b,bc,1c,d7,ef,ed,81,da,84,96,87,46,8f,03,b3,93,e7,\
"rkeysecu"=hex:cd,6b,01,62,87,2f,1f,06,d9,bc,2f,ef,12,75,19,36
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-03-01 22:17:39
ComboFix-quarantined-files.txt 2011-03-01 21:17
ComboFix2.txt 2011-03-01 16:59
Vor Suchlauf: 13 Verzeichnis(se), 653.945.860.096 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 658.041.290.752 Bytes frei
- - End Of File - - 5A936E1CAEA270D06325E1D24E3B9E19
ich hoffe ich habe es richtig gemacht oO (es wurde nach keinem neustart gefragt und danach war die CFScript.txt datei nicht mehr da und ich musste es manuel neustarten weil man keine datein mehr öffnen konnte ..) |
|
01.03.2011, 22:40
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer Infiziert? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.03.2011, 19:31
| #25 |
| | Computer Infiziert? Soo GMER ist abgestürtzt OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:01:49 on 02.03.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ahr5ex5j" (ahr5ex5j) - "Microsoft Corporation" - C:\Windows\system32\drivers\ahr5ex5j.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Emre\AppData\Local\Temp\catchme.sys (File not found) "EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys (File not found) "EagleXNt" (EagleXNt) - ? - C:\Windows\system32\drivers\EagleXNt.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SaiMini" (SaiMini) - "Saitek" - C:\Windows\System32\DRIVERS\SaiMini.sys "SaiNtBus" (SaiNtBus) - "Saitek" - C:\Windows\System32\drivers\SaiBus.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "VideoCAM Trek" (snpstd) - ? - C:\Windows\System32\DRIVERS\snpstd.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) "CorelDRAW Shell Extension Component" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "Softonic Deutsch Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch\tbSoft.dll <binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "Softonic Deutsch Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch\tbSoft.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {20A60F0D-9AFA-4515-A0FD-83BD84642501} "Checkers Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\System32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (HTTP value) "ICQ6" - ? - C:\Program Files\ICQ6.5\ICQ.exe (File not found) "ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100" - "Microsoft Corporation" - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll <binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "Softonic Deutsch Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch\tbSoft.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar BHO" - "Microsoft Corporation" - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "Softonic Deutsch Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch\tbSoft.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "GameRanger.lnk" - "GameRanger Technologies" - C:\Users\Emre\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (Shortcut exists | File exists) "OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "WeGame.lnk" - "WeGame.com, Inc." - C:\Program Files\WeGame\wegame.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler "RegistryMechanic" - "PC Tools " - C:\Program Files\Registry Mechanic\RMTray.exe /H "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "Steam" - "Valve Corporation" - "C:\Program Files\Steam\steam.exe" -silent "swg" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "PCSuiteTrayApplication" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup "Profiler" - "Saitek" - C:\Program Files\Saitek\Software\ProfilerU.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SaiMfd" - "Saitek" - C:\Program Files\Saitek\Software\SaiMfd.exe "SSDMonitor" - "PC Tools" - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9b3853bf8e36c)" (gupdate1c9b3853bf8e36c) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PC Tools Startup and Shutdown Monitor service" (PCToolsSSDMonitorSvc) - "PC Tools" - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD BIOS Manufacturer: Phoenix Technologies, LTD System Manufacturer: MEDIONPC System Product Name: MS-7502 Logical Drives Mask: 0x000001fc Kernel Drivers (total 145): 0x8200B000 \SystemRoot\system32\ntkrnlpa.exe 0x823C5000 \SystemRoot\system32\hal.dll 0x8040A000 \SystemRoot\system32\kdcom.dll 0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80481000 \SystemRoot\system32\PSHED.dll 0x80492000 \SystemRoot\system32\BOOTVID.dll 0x8049A000 \SystemRoot\system32\CLFS.SYS 0x804DB000 \SystemRoot\system32\CI.dll 0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8068E000 \SystemRoot\System32\Drivers\spxr.sys 0x80781000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8078A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x807B0000 \SystemRoot\system32\drivers\acpi.sys 0x807F6000 \SystemRoot\system32\drivers\msisadrv.sys 0x805BB000 \SystemRoot\system32\drivers\pci.sys 0x805E2000 \SystemRoot\System32\drivers\partmgr.sys 0x805F1000 \SystemRoot\system32\drivers\volmgr.sys 0x82605000 \SystemRoot\System32\drivers\volmgrx.sys 0x8264F000 \SystemRoot\System32\drivers\mountmgr.sys 0x8265F000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x82726000 \SystemRoot\system32\drivers\fltmgr.sys 0x82758000 \SystemRoot\system32\drivers\fileinfo.sys 0x82768000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x82771000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8AC00000 \SystemRoot\system32\drivers\ndis.sys 0x8AD0B000 \SystemRoot\system32\drivers\msrpc.sys 0x8AD36000 \SystemRoot\system32\drivers\NETIO.SYS 0x8AE02000 \SystemRoot\System32\drivers\tcpip.sys 0x8AEEC000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B00C000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B11C000 \SystemRoot\system32\drivers\volsnap.sys 0x8B155000 \SystemRoot\System32\Drivers\spldr.sys 0x8B15D000 \SystemRoot\System32\Drivers\mup.sys 0x8B16C000 \SystemRoot\System32\drivers\ecache.sys 0x8B193000 \SystemRoot\system32\drivers\disk.sys 0x8B1A4000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8B1C5000 \SystemRoot\system32\drivers\crcdisk.sys 0x8B1E6000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8B1EF000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8EE0A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8F56C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x8FA03000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8FAA3000 \SystemRoot\System32\drivers\watchdog.sys 0x8FAAF000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8FABA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8FAF8000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8FB07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8FB94000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8FBA4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8FBB2000 \SystemRoot\system32\DRIVERS\serial.sys 0x8FBCC000 \SystemRoot\system32\DRIVERS\serenum.sys 0x8FBD6000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8FBEE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8F56E000 \SystemRoot\System32\Drivers\aak0owqu.SYS 0x8F5A7000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8AD71000 \SystemRoot\system32\DRIVERS\storport.sys 0x8F5D6000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8F5E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8B000000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8AFCE000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8AFF1000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8ADB2000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8ADC6000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8ADDB000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8ADEB000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x827E2000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8EE00000 \SystemRoot\system32\drivers\SaiBus.sys 0x8FBF8000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8F809000 \SystemRoot\system32\DRIVERS\ks.sys 0x8F833000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8F83D000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8F84A000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8F87F000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8F890000 \SystemRoot\system32\DRIVERS\SaiMini.sys 0x8F894000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8F8A4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8FE09000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x9003F000 \SystemRoot\system32\drivers\portcls.sys 0x9006C000 \SystemRoot\system32\drivers\drmk.sys 0x90091000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x9009A000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x900A2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x900AB000 \SystemRoot\System32\Drivers\Null.SYS 0x900B2000 \SystemRoot\System32\Drivers\Beep.SYS 0x900B9000 \SystemRoot\System32\drivers\vga.sys 0x900C5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x900E6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x900FB000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x900FD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x90105000 \SystemRoot\system32\drivers\rdpencdd.sys 0x9010D000 \SystemRoot\System32\Drivers\Msfs.SYS 0x90118000 \SystemRoot\System32\Drivers\Npfs.SYS 0x90126000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x9012F000 \SystemRoot\system32\DRIVERS\tdx.sys 0x90145000 \SystemRoot\system32\DRIVERS\smb.sys 0x90159000 \SystemRoot\system32\drivers\afd.sys 0x901A1000 \SystemRoot\System32\DRIVERS\netbt.sys 0x901D3000 \SystemRoot\system32\DRIVERS\pacer.sys 0x901E9000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8F8AB000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x901F7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8F8BE000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8F8FA000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8F904000 \SystemRoot\System32\Drivers\dfsc.sys 0x8F91B000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8F941000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8FE00000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x901FD000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8F958000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys 0x8F961000 \SystemRoot\system32\DRIVERS\netr28u.sys 0x90C00000 \SystemRoot\System32\Drivers\fastfat.SYS 0x90C28000 \SystemRoot\System32\Drivers\crashdmp.sys 0x90C35000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x988C0000 \SystemRoot\System32\win32k.sys 0x90CFC000 \SystemRoot\System32\drivers\Dxapi.sys 0x90D06000 \SystemRoot\system32\DRIVERS\monitor.sys 0x98AE0000 \SystemRoot\System32\TSDDD.dll 0x98B00000 \SystemRoot\System32\cdd.dll 0x90D15000 \SystemRoot\system32\drivers\luafv.sys 0x90D30000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x90D45000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x90D55000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x90D7F000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x90D89000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x8AF07000 \SystemRoot\system32\drivers\HTTP.sys 0x90D9C000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x90DB9000 \SystemRoot\system32\DRIVERS\bowser.sys 0x90DD2000 \SystemRoot\System32\drivers\mpsdrv.sys 0x8AF74000 \SystemRoot\system32\drivers\mrxdav.sys 0x8AF95000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA000D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA0046000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA005E000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA0086000 \SystemRoot\System32\DRIVERS\srv.sys 0xA00D4000 \SystemRoot\system32\drivers\spsys.sys 0xA3A0A000 \SystemRoot\system32\drivers\peauth.sys 0xA3AE8000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA3AF2000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA3AFE000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA3B13000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA3B25000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA3B46000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x77410000 \Windows\System32\ntdll.dll 0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll Processes (total 81): 0 System Idle Process 4 System 488 C:\Windows\System32\smss.exe 632 csrss.exe 684 C:\Windows\System32\wininit.exe 696 csrss.exe 728 C:\Windows\System32\services.exe 780 C:\Windows\System32\winlogon.exe 804 C:\Windows\System32\lsass.exe 812 C:\Windows\System32\lsm.exe 944 C:\Windows\System32\svchost.exe 1008 C:\Windows\System32\nvvsvc.exe 1036 C:\Windows\System32\svchost.exe 1088 C:\Windows\System32\svchost.exe 1160 C:\Windows\System32\svchost.exe 1188 C:\Windows\System32\svchost.exe 1208 C:\Windows\System32\svchost.exe 1288 C:\Windows\System32\audiodg.exe 1312 C:\Windows\System32\svchost.exe 1328 C:\Windows\System32\SLsvc.exe 1384 C:\Windows\System32\svchost.exe 1472 C:\Windows\System32\rundll32.exe 1548 C:\Windows\System32\svchost.exe 1816 C:\Windows\System32\spoolsv.exe 1856 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1868 C:\Windows\System32\svchost.exe 720 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1376 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1520 C:\Program Files\Bonjour\mDNSResponder.exe 1712 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe 1452 C:\Windows\System32\taskeng.exe 2132 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 2140 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2176 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 2308 C:\Windows\System32\taskeng.exe 2376 C:\Windows\System32\dwm.exe 2452 C:\Windows\explorer.exe 2552 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe 2628 C:\Windows\System32\IoctlSvc.exe 2640 C:\Windows\System32\svchost.exe 2652 C:\Windows\System32\PSIService.exe 2676 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2716 C:\Windows\System32\svchost.exe 2776 C:\Windows\System32\svchost.exe 2816 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2900 C:\Windows\System32\SearchIndexer.exe 2932 WUDFHost.exe 2952 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3620 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 3628 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 3652 C:\Windows\System32\rundll32.exe 3672 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 3756 C:\Program Files\iTunes\iTunesHelper.exe 3796 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3824 C:\Program Files\Saitek\Software\ProfilerU.exe 3836 C:\Program Files\Saitek\Software\SaiMfd.exe 3856 C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe 3864 C:\Windows\VM303_STI.EXE 4080 C:\Windows\System32\wbem\unsecapp.exe 2284 WmiPrvSE.exe 2264 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe 2044 C:\Program Files\Windows Sidebar\sidebar.exe 2460 C:\Windows\ehome\ehtray.exe 2328 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe 3180 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe 2600 C:\Program Files\Windows Media Player\wmpnscfg.exe 3684 C:\Program Files\Skype\Phone\Skype.exe 1176 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE 1992 C:\Windows\ehome\ehmsas.exe 3892 C:\Program Files\Windows Media Player\wmpnetwk.exe 3956 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 4404 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 4644 C:\Program Files\Skype\Plugin Manager\skypePM.exe 4880 C:\Program Files\iPod\bin\iPodService.exe 5008 C:\Windows\System32\svchost.exe 5528 taskeng.exe 6004 C:\Program Files\Mozilla Firefox\firefox.exe 6028 dllhost.exe 4292 dllhost.exe 5296 C:\Users\Emre\Desktop\MBRCheck.exe 3616 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e3`e0907e00 (FAT32) PhysicalDrive0 Model Number: ST31000333AS, Rev: BD15 Size Device Name MBR Status -------------------------------------------- 931 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done!MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD BIOS Manufacturer: Phoenix Technologies, LTD System Manufacturer: MEDIONPC System Product Name: MS-7502 Logical Drives Mask: 0x000001fc Kernel Drivers (total 145): 0x8200B000 \SystemRoot\system32\ntkrnlpa.exe 0x823C5000 \SystemRoot\system32\hal.dll 0x8040A000 \SystemRoot\system32\kdcom.dll 0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80481000 \SystemRoot\system32\PSHED.dll 0x80492000 \SystemRoot\system32\BOOTVID.dll 0x8049A000 \SystemRoot\system32\CLFS.SYS 0x804DB000 \SystemRoot\system32\CI.dll 0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8068E000 \SystemRoot\System32\Drivers\spxr.sys 0x80781000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8078A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x807B0000 \SystemRoot\system32\drivers\acpi.sys 0x807F6000 \SystemRoot\system32\drivers\msisadrv.sys 0x805BB000 \SystemRoot\system32\drivers\pci.sys 0x805E2000 \SystemRoot\System32\drivers\partmgr.sys 0x805F1000 \SystemRoot\system32\drivers\volmgr.sys 0x82605000 \SystemRoot\System32\drivers\volmgrx.sys 0x8264F000 \SystemRoot\System32\drivers\mountmgr.sys 0x8265F000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x82726000 \SystemRoot\system32\drivers\fltmgr.sys 0x82758000 \SystemRoot\system32\drivers\fileinfo.sys 0x82768000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x82771000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8AC00000 \SystemRoot\system32\drivers\ndis.sys 0x8AD0B000 \SystemRoot\system32\drivers\msrpc.sys 0x8AD36000 \SystemRoot\system32\drivers\NETIO.SYS 0x8AE02000 \SystemRoot\System32\drivers\tcpip.sys 0x8AEEC000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B00C000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B11C000 \SystemRoot\system32\drivers\volsnap.sys 0x8B155000 \SystemRoot\System32\Drivers\spldr.sys 0x8B15D000 \SystemRoot\System32\Drivers\mup.sys 0x8B16C000 \SystemRoot\System32\drivers\ecache.sys 0x8B193000 \SystemRoot\system32\drivers\disk.sys 0x8B1A4000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8B1C5000 \SystemRoot\system32\drivers\crcdisk.sys 0x8B1E6000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8B1EF000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8EE0A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8F56C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x8FA03000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8FAA3000 \SystemRoot\System32\drivers\watchdog.sys 0x8FAAF000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8FABA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8FAF8000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8FB07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8FB94000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8FBA4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8FBB2000 \SystemRoot\system32\DRIVERS\serial.sys 0x8FBCC000 \SystemRoot\system32\DRIVERS\serenum.sys 0x8FBD6000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8FBEE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8F56E000 \SystemRoot\System32\Drivers\aak0owqu.SYS 0x8F5A7000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8AD71000 \SystemRoot\system32\DRIVERS\storport.sys 0x8F5D6000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8F5E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8B000000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8AFCE000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8AFF1000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8ADB2000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8ADC6000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8ADDB000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8ADEB000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x827E2000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8EE00000 \SystemRoot\system32\drivers\SaiBus.sys 0x8FBF8000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8F809000 \SystemRoot\system32\DRIVERS\ks.sys 0x8F833000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8F83D000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8F84A000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8F87F000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8F890000 \SystemRoot\system32\DRIVERS\SaiMini.sys 0x8F894000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8F8A4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8FE09000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x9003F000 \SystemRoot\system32\drivers\portcls.sys 0x9006C000 \SystemRoot\system32\drivers\drmk.sys 0x90091000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x9009A000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x900A2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x900AB000 \SystemRoot\System32\Drivers\Null.SYS 0x900B2000 \SystemRoot\System32\Drivers\Beep.SYS 0x900B9000 \SystemRoot\System32\drivers\vga.sys 0x900C5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x900E6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x900FB000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x900FD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x90105000 \SystemRoot\system32\drivers\rdpencdd.sys 0x9010D000 \SystemRoot\System32\Drivers\Msfs.SYS 0x90118000 \SystemRoot\System32\Drivers\Npfs.SYS 0x90126000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x9012F000 \SystemRoot\system32\DRIVERS\tdx.sys 0x90145000 \SystemRoot\system32\DRIVERS\smb.sys 0x90159000 \SystemRoot\system32\drivers\afd.sys 0x901A1000 \SystemRoot\System32\DRIVERS\netbt.sys 0x901D3000 \SystemRoot\system32\DRIVERS\pacer.sys 0x901E9000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8F8AB000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x901F7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8F8BE000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8F8FA000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8F904000 \SystemRoot\System32\Drivers\dfsc.sys 0x8F91B000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8F941000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8FE00000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x901FD000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8F958000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys 0x8F961000 \SystemRoot\system32\DRIVERS\netr28u.sys 0x90C00000 \SystemRoot\System32\Drivers\fastfat.SYS 0x90C28000 \SystemRoot\System32\Drivers\crashdmp.sys 0x90C35000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x988C0000 \SystemRoot\System32\win32k.sys 0x90CFC000 \SystemRoot\System32\drivers\Dxapi.sys 0x90D06000 \SystemRoot\system32\DRIVERS\monitor.sys 0x98AE0000 \SystemRoot\System32\TSDDD.dll 0x98B00000 \SystemRoot\System32\cdd.dll 0x90D15000 \SystemRoot\system32\drivers\luafv.sys 0x90D30000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x90D45000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x90D55000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x90D7F000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x90D89000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x8AF07000 \SystemRoot\system32\drivers\HTTP.sys 0x90D9C000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x90DB9000 \SystemRoot\system32\DRIVERS\bowser.sys 0x90DD2000 \SystemRoot\System32\drivers\mpsdrv.sys 0x8AF74000 \SystemRoot\system32\drivers\mrxdav.sys 0x8AF95000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA000D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA0046000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA005E000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA0086000 \SystemRoot\System32\DRIVERS\srv.sys 0xA00D4000 \SystemRoot\system32\drivers\spsys.sys 0xA3A0A000 \SystemRoot\system32\drivers\peauth.sys 0xA3AE8000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA3AF2000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA3AFE000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA3B13000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA3B25000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA3B46000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x77410000 \Windows\System32\ntdll.dll 0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll Processes (total 81): 0 System Idle Process 4 System 488 C:\Windows\System32\smss.exe 632 csrss.exe 684 C:\Windows\System32\wininit.exe 696 csrss.exe 728 C:\Windows\System32\services.exe 780 C:\Windows\System32\winlogon.exe 804 C:\Windows\System32\lsass.exe 812 C:\Windows\System32\lsm.exe 944 C:\Windows\System32\svchost.exe 1008 C:\Windows\System32\nvvsvc.exe 1036 C:\Windows\System32\svchost.exe 1088 C:\Windows\System32\svchost.exe 1160 C:\Windows\System32\svchost.exe 1188 C:\Windows\System32\svchost.exe 1208 C:\Windows\System32\svchost.exe 1288 C:\Windows\System32\audiodg.exe 1312 C:\Windows\System32\svchost.exe 1328 C:\Windows\System32\SLsvc.exe 1384 C:\Windows\System32\svchost.exe 1472 C:\Windows\System32\rundll32.exe 1548 C:\Windows\System32\svchost.exe 1816 C:\Windows\System32\spoolsv.exe 1856 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1868 C:\Windows\System32\svchost.exe 720 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1376 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1520 C:\Program Files\Bonjour\mDNSResponder.exe 1712 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe 1452 C:\Windows\System32\taskeng.exe 2132 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 2140 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2176 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 2308 C:\Windows\System32\taskeng.exe 2376 C:\Windows\System32\dwm.exe 2452 C:\Windows\explorer.exe 2552 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe 2628 C:\Windows\System32\IoctlSvc.exe 2640 C:\Windows\System32\svchost.exe 2652 C:\Windows\System32\PSIService.exe 2676 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2716 C:\Windows\System32\svchost.exe 2776 C:\Windows\System32\svchost.exe 2816 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2900 C:\Windows\System32\SearchIndexer.exe 2932 WUDFHost.exe 2952 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3620 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 3628 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 3652 C:\Windows\System32\rundll32.exe 3672 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 3756 C:\Program Files\iTunes\iTunesHelper.exe 3796 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3824 C:\Program Files\Saitek\Software\ProfilerU.exe 3836 C:\Program Files\Saitek\Software\SaiMfd.exe 3856 C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe 3864 C:\Windows\VM303_STI.EXE 4080 C:\Windows\System32\wbem\unsecapp.exe 2284 WmiPrvSE.exe 2264 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe 2044 C:\Program Files\Windows Sidebar\sidebar.exe 2460 C:\Windows\ehome\ehtray.exe 2328 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe 3180 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe 2600 C:\Program Files\Windows Media Player\wmpnscfg.exe 3684 C:\Program Files\Skype\Phone\Skype.exe 1176 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE 1992 C:\Windows\ehome\ehmsas.exe 3892 C:\Program Files\Windows Media Player\wmpnetwk.exe 3956 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 4404 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 4644 C:\Program Files\Skype\Plugin Manager\skypePM.exe 4880 C:\Program Files\iPod\bin\iPodService.exe 5008 C:\Windows\System32\svchost.exe 5528 taskeng.exe 6004 C:\Program Files\Mozilla Firefox\firefox.exe 6028 dllhost.exe 4292 dllhost.exe 5296 C:\Users\Emre\Desktop\MBRCheck.exe 3616 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e3`e0907e00 (FAT32) PhysicalDrive0 Model Number: ST31000333AS, Rev: BD15 Size Device Name MBR Status -------------------------------------------- 931 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
|
02.03.2011, 19:56
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer Infiziert? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.03.2011, 13:34
| #27 |
| | Computer Infiziert? Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5940 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 03.03.2011 13:33:38 mbam-log-2011-03-03 (13-33-38).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 444021 Laufzeit: 1 Stunde(n), 44 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 03/02/2011 at 10:47 PM Application Version : 4.49.1000 Core Rules Database Version : 6516 Trace Rules Database Version: 4328 Scan type : Complete Scan Total Scan Time : 02:29:12 Memory items scanned : 731 Memory threats detected : 0 Registry items scanned : 10791 Registry threats detected : 0 File items scanned : 289194 File threats detected : 4 Trojan.Agent/Gen-Goo C:\USERS\xxx\DESKTOP\AUTOIT3\HALLO WELT..EXE Trojan.Agent/Gen-Frauder[Startup] C:\USERS\xxx\DESKTOP\NUMPAD+.EXE Trojan.Agent/Gen-OnlineGames C:\USERS\xxx\DESKTOP\PSERVERMT2 NEUER CLIENT VON 27.7.10\PSERVERMT2 5.5 CLIENT UPDATE!\PSERVERMT2 5.5 CLIENT\MC.DLL C:\USERS\xxx\DESKTOP\WODN2 CLIENT\MC.DLL |
|
03.03.2011, 13:35
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer Infiziert?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.03.2011, 13:39
| #29 |
| | Computer Infiziert? hxxp://www.autoitscript.com/site/autoit/ das mit autoit (das programm selber geschrieben aber keine ahnung warum das so ist oO) die numpad+.exe is ein programm das mit autohotkey geschrieben wurde (hab ich nicht geschrieben hat mir jemand geschrieben) das 3 Keine Ahnung oO und beim 4 wie gesagt gibs nicht mehr EDIT// das 3 hat aber auch was mit dem 4 zu tun |
|
03.03.2011, 13:51
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer Infiziert? Nagut, dann betrachten wir es als "Überreste" die weg nun weg sind  Rechner wieder soweit ok?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Computer Infiziert? |
| anti-malware, bösartige, client, compu, computer, dateien, desktop, downloader, explorer, gefunde, gescannt, infiziert, infiziert?, loader, logdatei, malwarebytes, minute, pc infiziert, plagegeister aller art und deren bekämpfung, service, stunde, troja, trojandownloader, users, version, verzeichnisse, vollständige, vollständiger |
Linear-Darstellung
