Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Computer Infiziert?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 28.02.2011, 21:20   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer Infiziert? - Standard

Computer Infiziert?



Da ist doch ein Screenshot in der Anleitung...ist das sooo unklar

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.02.2011, 21:27   #17
DoomxDevil
 
Computer Infiziert? - Standard

Computer Infiziert?



Sorry hab ich übersehen raufzuklicken OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.02.2011 21:22:08 - Run 1
OTL by OldTimer - Version 3.2.22.2     Folder = C:\Users\Emre\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 599,24 Gb Free Space | 65,74% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,80 Gb Free Space | 49,04% Space Free | Partition Type: FAT32
 
Computer Name: EMRE-PC | User Name: Emre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F22075-3278-47FD-934B-A9DFC9B1686B}" = lport=8304 | protocol=17 | dir=in | name=moon | 
"{08A4A875-8633-4EF9-97E5-4D0908200C28}" = lport=8303 | protocol=17 | dir=in | name=teeworlds | 
"{0D8F72DB-7034-4043-930E-AAC0BDFA6F88}" = lport=6971 | protocol=17 | dir=in | name=league of legends launcher | 
"{1A642C6A-F7AD-4A0A-B0E1-CCAC02842F50}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2065AF49-8546-4907-95F1-6D04FC0C18F7}" = lport=6912 | protocol=6 | dir=in | name=league of legends launcher | 
"{2EE30678-C158-4EB1-B540-58084EC3590A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{304D1812-D317-4E6E-A7A4-091C7A40EEB7}" = lport=6911 | protocol=17 | dir=in | name=league of legends launcher | 
"{318DC72E-0C1F-4CD5-AFC9-8E5783F1C81A}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{3BFCF98E-F594-4DC5-BA82-64CAD86C9A39}" = lport=8304 | protocol=17 | dir=in | name=emre | 
"{3CC2A49F-77BD-4112-8053-8B28D84F4F68}" = lport=6974 | protocol=6 | dir=in | name=league of legends launcher | 
"{416333B8-B1B2-44CF-9743-76D5548D309E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{42B80740-BF50-4FF8-9187-B0B4510DDA33}" = lport=6905 | protocol=17 | dir=in | name=league of legends launcher | 
"{448BBFE1-83F7-466C-A885-89D462525594}" = lport=6886 | protocol=6 | dir=in | name=league of legends launcher | 
"{45DEC221-AA8C-4A84-AE58-309E782D62E8}" = lport=6901 | protocol=6 | dir=in | name=league of legends launcher | 
"{47C5BE74-F32A-4197-8826-F7BB0ADE25A7}" = lport=6910 | protocol=17 | dir=in | name=league of legends launcher | 
"{4A56F495-8985-411C-8E91-85703C872E0E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4B07626A-C7F0-434A-B8FA-4155B2A878E4}" = lport=6943 | protocol=17 | dir=in | name=league of legends launcher | 
"{4C3B1741-DBE0-47DD-BEC7-7FF16383047A}" = lport=6939 | protocol=17 | dir=in | name=league of legends launcher | 
"{4E1F578C-F179-4225-BD03-B3190B319A7C}" = lport=6943 | protocol=6 | dir=in | name=league of legends launcher | 
"{4EF2EF85-F80A-4329-9005-A36B1B088BF9}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher | 
"{51D7E321-8FAC-418A-BF1E-7EDFEBFA2231}" = lport=6886 | protocol=17 | dir=in | name=league of legends launcher | 
"{5586F745-30D5-45C8-B98E-7535707C281E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5A69385B-338D-49E7-BBFD-99BC21D611EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{624B7328-06E4-47E1-BE4C-6C4979411EA1}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher | 
"{64439552-2139-4BDC-978B-6FF1741DA2DB}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{6459D3EC-7FAF-4999-B25E-6033FCC1A870}" = lport=6911 | protocol=6 | dir=in | name=league of legends launcher | 
"{648E89F2-70D0-4C06-ACC7-597EC5BBA6DB}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{6527AA69-8924-41DE-A121-14046973864F}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher | 
"{657F6A06-B2D8-432E-A301-596D3E66E924}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher | 
"{71F6BAC3-98E9-496B-852B-CA9DA624931E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{73801E96-7465-4F10-B0DC-7AC313A10AB2}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher | 
"{76384E23-8A42-48F5-B025-5C2306483F54}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{764309ED-42B6-45C2-909A-ED212474B3AF}" = lport=6944 | protocol=6 | dir=in | name=league of legends launcher | 
"{774BA864-BB0E-4318-A06C-ED26185CD319}" = lport=6901 | protocol=17 | dir=in | name=league of legends launcher | 
"{7D6C80AA-DF03-4F2C-AC02-8962A22A531E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{85ACF7CD-F9F1-4C95-8CBF-D765477B3C83}" = lport=6991 | protocol=17 | dir=in | name=league of legends launcher | 
"{895CDD56-80A7-44CF-B983-D5277EF897A0}" = lport=6974 | protocol=17 | dir=in | name=league of legends launcher | 
"{8FB034FA-4D15-45FB-9B09-8B032427F247}" = lport=6898 | protocol=17 | dir=in | name=league of legends launcher | 
"{954F5BA2-1DB9-46A6-B3EA-4C34BC3310A8}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{973E0FC0-90C3-40A2-84F2-F5184BDE1AE2}" = lport=8304 | protocol=6 | dir=in | name=emre2 | 
"{97FD16C8-A0F9-4E43-8D0E-B2B731C43D3C}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{9F892019-9726-422E-B9A3-CEA766FB9122}" = lport=6910 | protocol=6 | dir=in | name=league of legends launcher | 
"{A1CD65E4-6B6E-4FD9-88A9-B145673C31F4}" = lport=6905 | protocol=6 | dir=in | name=league of legends launcher | 
"{A22E79EC-44E8-40CB-B391-70A1158E0574}" = lport=6939 | protocol=6 | dir=in | name=league of legends launcher | 
"{A374AD17-89E4-4A3F-9D8E-7DDDE6B5E77F}" = lport=6971 | protocol=6 | dir=in | name=league of legends launcher | 
"{A48129C8-82EC-46FE-94B9-8957190B73A8}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher | 
"{A67A94AB-4372-40FA-9C74-04C85A4DFD1C}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{A6896A87-FC15-41FF-AB53-57768ED207FA}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{A98FE933-7173-4DE6-9A77-4FE7FA96B8D4}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher | 
"{AD18E4BE-B588-41FE-8F4E-B589A4A9C97D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B208C7BD-20C9-454D-9747-3A4D2C289EC5}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher | 
"{C781E243-6C2B-4CB4-B34A-95F47876B105}" = lport=6944 | protocol=17 | dir=in | name=league of legends launcher | 
"{CC6A7119-A1AD-4546-B568-9DA95601C7BC}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{D333D88C-488F-4128-A7B7-46734ADB2F6B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D355AC3E-9A5D-4495-9AE2-4906FD8492F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D7148D0D-8BCD-4A8F-B952-5C3A66990A9D}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{D98054C0-C13F-4381-B56A-8A5D98B8B8AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DEC46373-2F29-4A1F-A1B9-067884A398DC}" = lport=6991 | protocol=6 | dir=in | name=league of legends launcher | 
"{DF9C2773-A001-4F50-BEDA-52387ECBC441}" = lport=6912 | protocol=17 | dir=in | name=league of legends launcher | 
"{E5CFDC9D-1F53-4716-B725-6912E454E32A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E90DF6DA-509D-41C8-8ED4-CE3BB73BF816}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{F051D31D-E7D8-45C1-9208-938CE284A53B}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe | 
"{F2989585-C1D3-4F75-919C-ED1F22CBF27D}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher | 
"{F5588D4B-D06F-4973-9367-D76502C34081}" = lport=6898 | protocol=6 | dir=in | name=league of legends launcher | 
"{F8104352-0FFA-4655-93FA-4E2FA5B9D8E7}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{FBA902DB-5B33-47C5-9ED0-F5BFE49A5FD2}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031461AC-C491-4958-A2F3-A6B7EC35C959}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{044461E3-EC88-4A43-A136-046B2CFF80F5}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{056B5762-B96A-4180-BEA6-0165473847F8}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{05CC675B-D2BC-4687-8F9B-BFE9DE27953A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{06C467C4-1E5A-4B07-80C6-47AC69002881}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe | 
"{1248C22B-9650-46E9-8D55-E9749B1C5994}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{16D71CB9-9331-4657-B598-0DC98094586E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{18C00437-03D6-4034-B7CA-75473C1D8C33}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{196BF418-EC72-4845-A016-F7DBB88B153B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{19DB3DAF-7628-4EE1-927A-054F9E66B09A}" = protocol=17 | dir=in | app=c:\program files\warcraft iii\frozen throne.exe | 
"{1AD2536A-6C90-4EB6-83B5-87D26C827F1C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{1C81D48B-E19E-4601-BF54-00BF86292959}" = protocol=6 | dir=in | app=c:\users\emre\desktop\l4d\l4d\oburis launcher.exe | 
"{1CB79998-F609-448C-8931-2CC998B76D37}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{1E207146-F4FC-466E-957F-708410DDC04B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{1F52F5CF-E8C6-4DDF-BAA2-8029F33BC403}" = protocol=6 | dir=in | app=c:\program files\eidos interactive\frontline attack\fa.exe | 
"{29BF73FD-B907-4027-88FE-7C51CA7BF75C}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{2B51998C-5840-4498-BC0B-4D6E17A74B04}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloorbeta\system\ucc.exe | 
"{3101DDFA-BB16-4FA9-BEED-F0FFA1950C2F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{3499A51F-7FE9-4625-B95A-FBFB95A8A14D}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"{353015E8-9627-45EF-AC9E-1CC192920A78}" = protocol=6 | dir=in | app=c:\program files\warcraft iii\frozen throne.exe | 
"{3567DAFE-AA64-4293-8E15-A8D8DDA78A6B}" = protocol=6 | dir=in | app=c:\program files\diablo ii\diablo ii.exe | 
"{3A2D6DFA-F8CF-4EE8-A494-245C8D3067A8}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{3CF9DD17-9C5D-4113-BA4E-A7DB098B8E71}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{3F4FC4BC-46A7-4A4D-B57D-964E59DF207D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{3F96FCED-99BF-4C25-8A75-80B844E2776B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{4A0C0263-4708-468D-A0A4-055DDDB31B3E}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{4CF558EF-8AD1-4B62-87BE-8FC9A19F0211}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{51203D94-3C16-4F3D-8922-BC41B9F0EC49}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe | 
"{54971FAD-415D-42E4-802B-39AE80C594C5}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{58B2C680-DC7C-4F03-A05E-D9170E71D834}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\grim_reaper1810\dedicated server\hlds.exe | 
"{58EE3F7E-1F07-4E42-890B-1241DB00EFCA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{5F938815-C94E-46A5-BB8A-57FE2EE23906}" = protocol=17 | dir=in | app=c:\program files\diablo ii\diablo ii.exe | 
"{630FD276-4B0B-4125-A11C-AA8347E9D8BC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{65DD71C0-A67E-4DC3-8288-65053662A724}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{67EFEE44-8EF1-499F-8321-BB0DA692E236}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6EE1BE12-D53A-491C-970F-7D071B4AF2FA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\kfed.exe | 
"{71FADE23-5E59-4798-955E-6578821B2421}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe | 
"{7539E11F-889B-4E86-BC00-5CCC3F15EBA2}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{767C2A98-24E1-47D0-A8EF-311A01C3DD34}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7790F524-1E5F-4E56-B9DC-0E95540480D4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{7B9CC091-AE30-4345-86E4-46E4B01337DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7F7ACF90-46E8-4CD0-A431-D351BFEDD8D5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{81CBD2B0-BBEC-4B14-879B-9A4E0998A31E}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{83F7F806-9B03-4A0E-BF8E-8C54B1242061}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{8C6E0736-5B62-4CDE-AA63-60D4DB55B719}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{90733DAC-406A-440C-8FFF-B99F33E76728}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{90A166A2-3DFC-4A3A-A1E2-8A7DB17D2602}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{90A97B94-2C19-4BBA-9E97-EF36BD296CF5}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{924AC97B-BE54-4147-BBA9-C88C9D7F6801}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{92536C95-F501-4284-9574-E3270A753D72}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{92D437F8-89B3-451C-84FC-C1F70ABED918}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{97480666-F709-408C-B68D-74364585F0B0}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{9B4CA228-492C-4AAB-B629-436967C06910}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{9E85AC7E-6654-42D9-8D19-8E4980F2137A}" = protocol=17 | dir=in | app=c:\users\emre\desktop\l4d\l4d\oburis launcher.exe | 
"{9EEA93BA-79FD-4E8A-933C-451057593069}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{A0E2CB15-AA5A-4791-AF4B-23D895EB6E9D}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{A1BAC31E-2E7C-4159-B4D9-877DCE5CC39C}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{A42E993B-4DFC-4265-B9B7-25881C5C545E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{A5514620-C58A-4A1D-9F1C-DBC95AE575FF}" = protocol=17 | dir=in | app=c:\program files\eidos interactive\frontline attack\fa.exe | 
"{A778D287-3527-4556-B07A-E7DCE9BACD8B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AE05EFAF-8C88-41DC-AAF5-2F3054E7A8F9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{AF3EE6CB-FB81-4AD6-A529-E61CDE67FE6C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B127DB9E-EF22-4BB3-8285-6443FD83E239}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B5D1C0C3-7F47-4386-AB55-AE87251FEC41}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B82660AC-44F2-42AE-85DD-DB9A80B33310}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{BAE021F3-2703-4930-917D-3F8878AAF1CE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{BCD25CDD-2ED3-4D12-9959-84AFF75BC08D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{BD190AA2-5CF1-4139-ACC9-5CD4AA8200F0}" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{BD31194C-6200-4105-978A-6F8D19502F47}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloorbeta\system\ucc.exe | 
"{C109C170-B616-4F38-9DAA-8FA53C20DBAA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C25909FD-7823-4F4D-B126-F684AA0D7389}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\grim_reaper1810\dedicated server\hlds.exe | 
"{CA2534B8-F8F0-4819-AD95-D475D01E340E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{CAD9FA56-8B99-4C63-BA05-9A2350A355F3}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe | 
"{D5708924-D6B5-4F21-A36D-10E6F69F5E02}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\kfed.exe | 
"{D63C4C15-B866-4044-9C47-9D678BBF21AE}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"{D8165E46-90FD-412D-8487-BFF614A225DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E26374C9-DB30-4152-8FD4-561516CE73B0}" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{E9E10DFB-CE19-4208-8690-3437D78DD7FF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{EC54A344-D396-4B09-BB63-53C742AE912C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{ECAD26C4-E15B-4078-9CF1-0B42BD991F23}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F322D628-2DB9-4E37-899D-D7BF4590503E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{F43D9620-E37E-49C2-97F8-C85F7FF26A02}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{F6EC8A5B-997E-4A3F-8A70-67B658B2EFEB}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe | 
"{F8D70598-B24B-409F-A995-2526A1B9D8D6}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{FCC130B4-5018-4D05-8019-7AAAD0B22056}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe | 
"{FF85FBA6-9790-40DF-850F-E04228B08647}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"TCP Query User{01BC267D-F70E-4520-A933-4CC99DD8F6F9}C:\program files\microsoft games\mechwarrior vengeance\mw4.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\mechwarrior vengeance\mw4.icd | 
"TCP Query User{01F7EC1F-80A4-40D1-9386-72081FF0E890}C:\program files\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\program files\urbanterror\iourbanterror.exe | 
"TCP Query User{049D65AA-3A07-4E30-8DCE-1795909808C3}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe | 
"TCP Query User{053E38B0-375D-41F3-9F9B-6BCF975926B9}C:\program files\steam\steamapps\grim_reaper1810\dedicated server\hlds.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\grim_reaper1810\dedicated server\hlds.exe | 
"TCP Query User{0A8BED1C-C635-4BB1-A34A-79282FD77A2B}C:\program files\sudden strike - release 1.0\suddenstrike.exe" = protocol=6 | dir=in | app=c:\program files\sudden strike - release 1.0\suddenstrike.exe | 
"TCP Query User{0B9E14A5-18E3-45EE-A843-18140717F908}C:\users\emre\desktop\games\cs\cs 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\cs\cs 1.6\hl.exe | 
"TCP Query User{0BD3CA9F-00A9-4DE7-82D9-373D2CD87595}C:\sierra\ee-zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe | 
"TCP Query User{0EDFD629-B463-4B09-A6E8-457236576DA4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{1B436C26-C1B9-4BDB-ACEC-7B92C69D6043}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe | 
"TCP Query User{1BF545A7-5AE8-4957-8FD4-F2296ECE9DE3}C:\program files\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\program files\urbanterror\iourbanterror.exe | 
"TCP Query User{2415DEBA-38EE-4066-B403-5598B1E3323A}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"TCP Query User{243B5F96-0C94-43A9-90A5-B9E71B34E8E6}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{27B3F39D-506D-425C-AF9B-80FA914C49EF}C:\users\emre\desktop\games\wc3\war3.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\wc3\war3.exe | 
"TCP Query User{283468E0-AF6C-447D-87CF-E70F27914463}C:\users\emre\desktop\games\wc3\war3.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\wc3\war3.exe | 
"TCP Query User{2ED8C533-4BB2-4830-B57F-68B4E0962618}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"TCP Query User{35876C8A-5D90-43F7-80EF-852C6BF573A4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{3D22C753-976A-4D51-AC5D-E973C21E2243}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"TCP Query User{40385FB8-5C59-49F3-847E-E1F984CCB8AF}C:\program files\firefly studios\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"TCP Query User{41709B0F-2280-461C-B292-9EB945E45075}C:\games\dune 2000\dune2000.dat" = protocol=6 | dir=in | app=c:\games\dune 2000\dune2000.dat | 
"TCP Query User{44B30AD7-49DE-4DBA-8D74-550B04F41280}C:\users\emre\appdata\local\temp\173c6dce5da34a3799a1616fe642eba1\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\emre\appdata\local\temp\173c6dce5da34a3799a1616fe642eba1\relicdownloader.exe | 
"TCP Query User{45D21392-3020-4408-B151-AD9C9B9E75F2}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{4AB392F7-E4DB-448A-A0D5-746F33A37475}C:\program files\half-life-counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\half-life-counter-strike\hl.exe | 
"TCP Query User{4AB49CF4-3213-447B-972B-58B5FCD23ED2}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"TCP Query User{4C9E094B-C7A2-4D8D-9D49-25ED30A700FE}C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe | 
"TCP Query User{56FE968D-66F8-4553-AFBD-E75FE5DC1D21}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"TCP Query User{6065C319-251D-437E-AF18-C079F363086F}C:\program files\eidos interactive\pyro studios\praetorians\praetorians.exe" = protocol=6 | dir=in | app=c:\program files\eidos interactive\pyro studios\praetorians\praetorians.exe | 
"TCP Query User{65A6C593-15C2-49FD-9506-199240D1DF2F}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"TCP Query User{682AAF55-2F1E-450B-BB84-7DBA87C1D55D}C:\users\emre\appdata\local\temp\rar$ex06.709\wodn2 client\wodn2.exe" = protocol=6 | dir=in | app=c:\users\emre\appdata\local\temp\rar$ex06.709\wodn2 client\wodn2.exe | 
"TCP Query User{68793119-0F64-48AB-8EDD-307C0C56C14D}C:\program files\microsoft games\impossible creatures\ic.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\impossible creatures\ic.exe | 
"TCP Query User{6B1F5CF7-61F7-4E4D-BB87-D82661258EB4}C:\program files\cossacks - the art of war\dmcr.exe" = protocol=6 | dir=in | app=c:\program files\cossacks - the art of war\dmcr.exe | 
"TCP Query User{6FF26AD3-635B-4515-9A6F-8459C431862C}C:\games\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\games\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{705ED2AD-C5FC-4A65-B231-68555E9892B5}C:\users\emre\desktop\l4d\l4d\hl2.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\l4d\l4d\hl2.exe | 
"TCP Query User{7AFD1083-979A-4145-8E73-8D80DBA0FE9C}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe | 
"TCP Query User{7B902AC9-D17B-48D5-B5B3-EC830E7BDE0A}C:\program files\microsoft games\mechwarrior vengeance\mw4.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\mechwarrior vengeance\mw4.icd | 
"TCP Query User{7E7BDA59-F089-4CD4-87FA-20401CDEFC58}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{7EB715B0-416B-4979-98B6-436EC1D9C5CB}C:\program files\urbanterror\iourtded.exe" = protocol=6 | dir=in | app=c:\program files\urbanterror\iourtded.exe | 
"TCP Query User{7F2D296D-0637-4F7F-A660-5B913FECA304}C:\users\emre\desktop\wodn2 client\wodn2.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\wodn2 client\wodn2.exe | 
"TCP Query User{7F68F025-8A9B-4583-AD5E-7357825EC163}C:\program files\counter strike source 2.5 full türkçe\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter strike source 2.5 full türkçe\hl2.exe | 
"TCP Query User{835FFD92-89B2-40DA-8292-9960294FFEBE}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{843B0868-F28C-4240-B2FA-0F060BE41E9B}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe | 
"TCP Query User{867220C9-7C64-4BB6-ADB1-B35975214FCF}C:\users\emre\desktop\wodn2 client\wodn2.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\wodn2 client\wodn2.exe | 
"TCP Query User{8A9B4487-D5FB-4361-8716-E4B159F688E8}C:\users\emre\downloads\lobbyclient.exe" = protocol=6 | dir=in | app=c:\users\emre\downloads\lobbyclient.exe | 
"TCP Query User{8C89A1F7-9AC2-45D5-AFDF-16BC1DA4C53E}C:\program files\rockstar games\gta san andreas\samp-server.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta san andreas\samp-server.exe | 
"TCP Query User{8FE64573-CEC2-4268-BEB9-3A51A075CA1A}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{904037DC-CE85-488D-8621-B1E76D6EBABE}C:\users\emre\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\emre\appdata\roaming\gameranger\gameranger\gameranger.exe | 
"TCP Query User{93AD18CC-1E06-47B0-BF6A-B0F761BE868F}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin | 
"TCP Query User{93EB9039-9090-4A0B-A9F8-B5330D753C50}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{95486F58-4C08-4DE9-8795-17E6D3CB8315}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe | 
"TCP Query User{9B595F1B-54E9-406E-90FB-B76F6AF47C63}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"TCP Query User{A1A72A76-6307-4E1F-B2B5-A6E0DD4D00E5}C:\program files\sudden strike - resource war\run\code\release\game_exe.exe" = protocol=6 | dir=in | app=c:\program files\sudden strike - resource war\run\code\release\game_exe.exe | 
"TCP Query User{A6727C83-9EA4-4242-8726-3B8DE54FA277}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{AB8D4706-F07F-40F7-8CFE-8500F2F2DDDB}C:\program files\firefly studios\stronghold legends\strongholdlegends.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe | 
"TCP Query User{BCED3515-20E3-48AC-AD48-3331D7ECE400}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{BD5D29FC-00AF-45FF-A77E-4CECB216E411}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{D07FAAB3-C17C-4B06-AA8F-883AB89DC20B}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{D295CE14-8208-4FBD-ACFC-FA0138FCC65F}C:\program files\cossacks - the art of war\dmcr.exe" = protocol=6 | dir=in | app=c:\program files\cossacks - the art of war\dmcr.exe | 
"TCP Query User{D96EADEE-CCB7-4217-B642-835A18B481E3}C:\users\emre\desktop\games\sonstiges\teeworlds-0.4.3-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\sonstiges\teeworlds-0.4.3-win32\teeworlds_srv.exe | 
"TCP Query User{DA288875-60B7-4819-BBDF-D590410328A7}C:\games\dune 2000\dune2000.dat" = protocol=6 | dir=in | app=c:\games\dune 2000\dune2000.dat | 
"TCP Query User{DC9EAC18-2398-484B-93D0-0A8B7F6DB4BE}C:\users\emre\desktop\games\cs\cs 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\cs\cs 1.6\hl.exe | 
"TCP Query User{E060818F-43D6-454F-BA60-8BE5D407EB3D}C:\sierra\ee-zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe | 
"TCP Query User{E15B302A-67EB-494E-A366-374282955DD9}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"TCP Query User{E1B85E9F-AB68-48C0-9517-5F8BE525E088}C:\users\emre\desktop\wodn2 client\mc.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\wodn2 client\mc.exe | 
"TCP Query User{E268D22C-A1F0-4DD3-B033-27D7F96EA4AB}C:\program files\eidos interactive\frontline attack\fa.ex2" = protocol=6 | dir=in | app=c:\program files\eidos interactive\frontline attack\fa.ex2 | 
"TCP Query User{E4331875-CA3B-4E4D-86A6-118D485A7EDB}C:\games\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\games\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{E7F65E17-87EF-4104-929B-483C68737FE6}C:\program files\counter strike source 2.5 full türkçe\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter strike source 2.5 full türkçe\hl2.exe | 
"TCP Query User{E80D138A-60E6-4DB6-9E8F-D21CBE169555}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe | 
"TCP Query User{EA730568-3C71-429B-81A7-D14365DB023C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{EC7A5556-5EB5-4785-8E35-742738BF5C05}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe" = protocol=6 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe | 
"TCP Query User{EF81ED5E-D99C-4F8B-BAEF-D4DEB76C7006}C:\program files\counter strike source tr\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter strike source tr\hl2.exe | 
"TCP Query User{EFBB8894-F66F-4ECA-8145-977DC32C15EF}C:\program files\rockstar games\gta san andreas\samp-server.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta san andreas\samp-server.exe | 
"TCP Query User{F106033A-681D-462F-8335-BA0A63FBBDDC}C:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe | 
"UDP Query User{026BBC2A-0A24-46A8-8EF3-7DD2EAE2506F}C:\program files\microsoft games\mechwarrior vengeance\mw4.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\mechwarrior vengeance\mw4.icd | 
"UDP Query User{03A6B0C2-E4DD-4A9A-B8A0-4C935605D7B7}C:\games\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\games\call of duty modern warfare 2\iw4mp.exe | 
"UDP Query User{07017987-A129-43C0-AE51-1A610D8F2C35}C:\program files\microsoft games\mechwarrior vengeance\mw4.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\mechwarrior vengeance\mw4.icd | 
"UDP Query User{0C9250AD-EF8C-4F34-84F1-2555874327D4}C:\program files\sudden strike - release 1.0\suddenstrike.exe" = protocol=17 | dir=in | app=c:\program files\sudden strike - release 1.0\suddenstrike.exe | 
"UDP Query User{0DF00EBD-5E5F-4DFE-8A35-F6EE77983D2F}C:\games\dune 2000\dune2000.dat" = protocol=17 | dir=in | app=c:\games\dune 2000\dune2000.dat | 
"UDP Query User{0FDBDA33-0D99-4F2E-8BDB-753F6B0F3B61}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{1035E140-54AD-4D73-AD33-7785241741D1}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"UDP Query User{16A38AB0-9B49-48E1-B060-84961ECE0557}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{18C0AEFE-8331-4DA1-BC86-9F8FC0F7C57D}C:\users\emre\desktop\games\wc3\war3.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\wc3\war3.exe | 
"UDP Query User{1A239B34-E9E1-455D-BB8D-4DB76962D4F3}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{2002B4E7-6AB9-46C4-AF66-8C4CE6D9800A}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin | 
"UDP Query User{23B0FA9D-6E7E-42E2-9ABC-FB9708645CAD}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"UDP Query User{2535BCB6-C644-4FE6-BC5B-36F211B7FB42}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"UDP Query User{27A48F73-817E-4253-AA3C-9A902B26CA77}C:\program files\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\program files\urbanterror\iourbanterror.exe | 
"UDP Query User{2A9F3643-F678-473D-BC88-7BEA68B082F5}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{2BECDE0C-A54A-4BAB-B7CB-4A455598660D}C:\sierra\ee-zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe | 
"UDP Query User{2EA3A88D-66B1-4DCA-8F3E-FDC2E23C2C58}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{3192FE2A-A06E-4EE7-8BEE-A94C05F71F6E}C:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe | 
"UDP Query User{416E88F4-0D25-4FF7-B5F0-4ED90D0357AE}C:\program files\rockstar games\gta san andreas\samp-server.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta san andreas\samp-server.exe | 
"UDP Query User{43D106F9-6D5F-456F-8EE9-E5A7C7A0A580}C:\program files\counter strike source tr\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter strike source tr\hl2.exe | 
"UDP Query User{45665697-DBF6-4F2A-8BC5-8BCDEBEE3E49}C:\program files\cossacks - the art of war\dmcr.exe" = protocol=17 | dir=in | app=c:\program files\cossacks - the art of war\dmcr.exe | 
"UDP Query User{466CCB66-26C5-427F-9A79-E9D8405CCDAA}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe | 
"UDP Query User{46FFF757-75AA-4146-95A6-E05D64F70D5C}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe | 
"UDP Query User{470E3364-CFE2-4DC4-AFAB-A0FFF013A1F9}C:\program files\sudden strike - resource war\run\code\release\game_exe.exe" = protocol=17 | dir=in | app=c:\program files\sudden strike - resource war\run\code\release\game_exe.exe | 
"UDP Query User{474D66DD-2EA1-47F5-8241-9562F25685F9}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"UDP Query User{479CD5DC-60B2-4A97-8453-7E2A40B2E2EB}C:\program files\half-life-counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\half-life-counter-strike\hl.exe | 
"UDP Query User{5308253F-D489-4F6F-8DA0-15073D883E0A}C:\users\emre\desktop\l4d\l4d\hl2.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\l4d\l4d\hl2.exe | 
"UDP Query User{531F6E24-896C-4892-8A12-3F9FDDD2D335}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{558B09BB-FA13-413E-B0BB-49A8A70A6978}C:\users\emre\desktop\games\cs\cs 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\cs\cs 1.6\hl.exe | 
"UDP Query User{56F0C0C9-40EF-47C3-8019-A3AE0162FF64}C:\program files\eidos interactive\pyro studios\praetorians\praetorians.exe" = protocol=17 | dir=in | app=c:\program files\eidos interactive\pyro studios\praetorians\praetorians.exe | 
"UDP Query User{5A30A3A4-E16F-4AE6-81CE-627602D2C037}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe | 
"UDP Query User{6279D6FE-6255-4C03-BF60-2324F4F497BD}C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe | 
"UDP Query User{63021A5F-2A38-4193-9E64-8B452FE639C3}C:\users\emre\desktop\games\wc3\war3.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\wc3\war3.exe | 
"UDP Query User{6BE4368A-AAF2-43F4-9E7D-EF6F3563EF9A}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"UDP Query User{6C3BDBBE-D3E6-4E68-959E-D1D6FBB7D613}C:\games\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\games\call of duty modern warfare 2\iw4mp.exe | 
"UDP Query User{70FA3CCD-BF22-48F7-A464-A97A2F7E30FC}C:\program files\cossacks - the art of war\dmcr.exe" = protocol=17 | dir=in | app=c:\program files\cossacks - the art of war\dmcr.exe | 
"UDP Query User{73658D4D-D91F-4760-AE73-9B51F33700D9}C:\program files\urbanterror\iourtded.exe" = protocol=17 | dir=in | app=c:\program files\urbanterror\iourtded.exe | 
"UDP Query User{76FB7AC8-B13F-4220-8E00-550C58148465}C:\program files\steam\steamapps\grim_reaper1810\dedicated server\hlds.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\grim_reaper1810\dedicated server\hlds.exe | 
"UDP Query User{7C780340-1FDD-49A0-952D-60ECFF3F307B}C:\program files\eidos interactive\frontline attack\fa.ex2" = protocol=17 | dir=in | app=c:\program files\eidos interactive\frontline attack\fa.ex2 | 
"UDP Query User{8365B082-248D-4926-96DE-C3C15325EC48}C:\users\emre\desktop\games\cs\cs 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\cs\cs 1.6\hl.exe | 
"UDP Query User{89BC73F4-D443-4536-BFE6-6B2ED25A451F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{8A88120F-71DE-4EDC-B03C-D9CD973D81BA}C:\users\emre\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\emre\appdata\roaming\gameranger\gameranger\gameranger.exe | 
"UDP Query User{8EEB5FBB-FF0A-424A-A7C7-F35568C4D0F6}C:\program files\firefly studios\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"UDP Query User{92AA4F21-3D11-42C0-AE5C-76C5B1C2E474}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"UDP Query User{94D295BB-12FF-4B9A-B4F5-3EC22BC87301}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{97EEC7AC-7BF3-41CB-8577-CA14FA2836A6}C:\program files\counter strike source 2.5 full türkçe\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter strike source 2.5 full türkçe\hl2.exe | 
"UDP Query User{9A3C22E7-6451-4214-B61C-5374378B4815}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe | 
"UDP Query User{9DC6A63D-8538-4AED-B8E0-3B3AF094F066}C:\users\emre\downloads\lobbyclient.exe" = protocol=17 | dir=in | app=c:\users\emre\downloads\lobbyclient.exe | 
"UDP Query User{A23412AE-47B6-4B5C-B8F8-309F94CD545B}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{A9A72F9B-23F5-418B-9C82-3E44B95AF38D}C:\program files\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\program files\urbanterror\iourbanterror.exe | 
"UDP Query User{B412D482-67DD-489C-AAF6-F27475D0D56B}C:\program files\microsoft games\impossible creatures\ic.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\impossible creatures\ic.exe | 
"UDP Query User{B795D091-5632-4935-9B4E-8ABFC1BFD853}C:\games\dune 2000\dune2000.dat" = protocol=17 | dir=in | app=c:\games\dune 2000\dune2000.dat | 
"UDP Query User{B8538426-448C-4F6B-8479-220C205C9519}C:\program files\firefly studios\stronghold legends\strongholdlegends.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe | 
"UDP Query User{B9F223B4-116D-4B63-A1E9-D82ECC06FA03}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{BEDA26D1-0FEA-429E-92C6-BDD0357E505E}C:\sierra\ee-zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe | 
"UDP Query User{C005542C-2F9A-4CD9-80A9-81374738C609}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{C281776B-9E83-4878-8AA1-84C0AFE654B9}C:\program files\rockstar games\gta san andreas\samp-server.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta san andreas\samp-server.exe | 
"UDP Query User{C4C25BAD-7A09-404F-93AF-EE07B78DC1CF}C:\users\emre\appdata\local\temp\rar$ex06.709\wodn2 client\wodn2.exe" = protocol=17 | dir=in | app=c:\users\emre\appdata\local\temp\rar$ex06.709\wodn2 client\wodn2.exe | 
"UDP Query User{C8930CCA-1454-4089-8F07-F15C99463261}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"UDP Query User{CC3CED14-41EE-41F1-A607-780D4B02EF15}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{D13B634F-1F3F-478E-A7AF-76874A848BE2}C:\users\emre\desktop\wodn2 client\wodn2.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\wodn2 client\wodn2.exe | 
"UDP Query User{D1D6C8B5-1CC2-4CEA-847C-DDFD0FD21A21}C:\users\emre\desktop\wodn2 client\wodn2.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\wodn2 client\wodn2.exe | 
"UDP Query User{D3D2C01C-79D8-443F-A86C-AAB9C61DD918}C:\program files\counter strike source 2.5 full türkçe\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter strike source 2.5 full türkçe\hl2.exe | 
"UDP Query User{D7E985E3-14A8-4F64-917A-90721FE27D8E}C:\users\emre\appdata\local\temp\173c6dce5da34a3799a1616fe642eba1\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\emre\appdata\local\temp\173c6dce5da34a3799a1616fe642eba1\relicdownloader.exe | 
"UDP Query User{E5AE7F75-72D6-480C-A7F9-1A059593B479}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe | 
"UDP Query User{EEF62281-40E2-4DF4-9AE2-A7DD71168222}C:\users\emre\desktop\games\sonstiges\teeworlds-0.4.3-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\sonstiges\teeworlds-0.4.3-win32\teeworlds_srv.exe | 
"UDP Query User{F0365B6D-7203-4F31-B048-7CA5580D035E}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv.exe | 
"UDP Query User{F17D9BDF-9B4F-4A0A-A1E4-AC1E8D133C1E}C:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\games\sonstiges\xd\teeworlds_srv_nrace.exe | 
"UDP Query User{F52722F9-4003-41A9-AE6B-5B0940E46FC3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{FBFBA27D-FEF7-47AD-9882-F739DCFA4305}C:\users\emre\desktop\wodn2 client\mc.exe" = protocol=17 | dir=in | app=c:\users\emre\desktop\wodn2 client\mc.exe | 
"UDP Query User{FD7FEFD0-08FB-43F3-B58B-861FB8D61EE9}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"12345_is1" = WeGame Client Beta 2.1.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutoHotkey" = AutoHotkey 1.0.48.05
"AutoItv3" = AutoIt v3.3.6.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CABAL Online_is1" = CABAL Online
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Counter Strike Source TR_is1" = Counter Strike Source TR
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Devil May Cry 4 *Full-Rip* [Team JPN]_is1" = Devil May Cry 4
"Google Chrome" = Google Chrome
"Half-Life-Counter-Strike 1.5 Full" = Half-Life-Counter-Strike 1.5 Full
"League of Legends_is1" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MechWarrior Vengeance" = MechWarrior Vengeance
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SpeedSim" = SpeedSim
"Steam App 1250" = Killing Floor
"Steam App 1260" = Killing Floor SDK
"Steam App 1273" = Killing Floor Beta Dedicated Server
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 630" = Alien Swarm
"Urban Terror_is1" = Urban Terror 4.1
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.03.2010 05:58:33 | Computer Name = Emre-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.03.2010 05:59:30 | Computer Name = Emre-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
 0x47c6bd1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x12271227,  Prozess-ID 0x698, Anwendungsstartzeit
 01cac293bec4040f.
 
Error - 14.03.2010 07:54:55 | Computer Name = Emre-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul NVSVC.DLL, Version 7.15.11.8120, Zeitstempel 0x4954aa31,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00002c6b,  Prozess-ID 0x6d0, Anwendungsstartzeit
 01cac36d0f255aed.
 
Error - 14.03.2010 07:55:03 | Computer Name = Emre-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.03.2010 10:59:11 | Computer Name = Emre-PC | Source = Application Hang | ID = 1002
Description = Programm Empire Earth.exe, Version 0.0.0.0 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 540  Anfangszeit: 01cac386d2407e28  Zeitpunkt
 der Beendigung: 31
 
Error - 15.03.2010 09:45:35 | Computer Name = Emre-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul NVSVC.DLL, Version 7.15.11.8120, Zeitstempel 0x4954aa31,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00002c6b,  Prozess-ID 0x6d8, Anwendungsstartzeit
 01cac445b597f14f.
 
Error - 15.03.2010 09:45:42 | Computer Name = Emre-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.03.2010 14:17:09 | Computer Name = Emre-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.03.2010 08:26:41 | Computer Name = Emre-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.03.2010 11:30:23 | Computer Name = Emre-PC | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: d28  Anfangszeit: 01cac51b74ac92cc  Zeitpunkt der Beendigung:
 238
 
[ OSession Events ]
Error - 18.11.2010 12:44:22 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.11.2010 11:43:19 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.11.2010 12:18:30 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.11.2010 12:20:47 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.12.2010 13:07:24 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.12.2010 10:47:07 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.12.2010 08:58:54 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.01.2011 07:02:08 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.01.2011 15:26:59 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.02.2011 06:04:32 | Computer Name = Emre-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.02.2011 05:52:40 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 27.02.2011 05:52:51 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 27.02.2011 13:47:03 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 27.02.2011 13:48:06 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 27.02.2011 13:49:07 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 28.02.2011 11:26:47 | Computer Name = Emre-PC | Source = BROWSER | ID = 8032
Description = 
 
Error - 28.02.2011 14:42:34 | Computer Name = Emre-PC | Source = BROWSER | ID = 8032
Description = 
 
Error - 28.02.2011 15:48:05 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 28.02.2011 15:48:58 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 28.02.2011 15:49:29 | Computer Name = Emre-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0022436B20B2 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.02.2011 21:22:08 - Run 1
OTL by OldTimer - Version 3.2.22.2     Folder = C:\Users\Emre\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 599,24 Gb Free Space | 65,74% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,80 Gb Free Space | 49,04% Space Free | Partition Type: FAT32
 
Computer Name: EMRE-PC | User Name: Emre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Programme\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Windows\VM303_STI.EXE (Vimicro)
PRC - C:\Programme\Saitek\Software\SaiMfd.exe (Saitek)
PRC - C:\Programme\Saitek\Software\ProfilerU.exe (Saitek)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (PCToolsSSDMonitorSvc) -- C:\Programme\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (SaiH5F0D) -- C:\Windows\System32\drivers\SaiH5F0D.sys (Saitek)
DRV - (SaiU5F0D) -- C:\Windows\System32\drivers\SaiU5F0D.sys (Saitek)
DRV - (ZSMC303) VIMICRO USB PC Camera (VC0303) -- C:\Windows\System32\drivers\usbVM303.sys (Vimicro Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{8723FF7F-63AE-4FAB-8D0F-EAFC9B444A18}
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.live.com/1rewlive4startup/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.03.26 18:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.25 13:01:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.11 13:53:05 | 000,000,000 | ---D | M]
 
[2010.02.21 12:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emre\AppData\Roaming\Mozilla\Extensions
[2011.02.28 16:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions
[2009.06.28 11:30:08 | 000,000,000 | ---D | M] ("Microsoft .NET Framework Assistant") -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.24 12:13:22 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.01.17 21:25:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.10 21:07:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.27 16:52:57 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2010.06.30 09:24:44 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions\DTToolbar@toolbarnet.com
[2010.06.24 12:13:20 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\extensions\finder@meingutscheincode.de
[2010.06.02 19:30:25 | 000,002,331 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\bigseekpro.xml
[2011.01.24 21:23:28 | 000,001,832 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\bing.xml
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\conduit.xml
[2010.06.30 09:24:31 | 000,002,059 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\daemon-search.xml
[2011.02.21 20:56:56 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-1.xml
[2010.06.28 10:22:17 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-2.xml
[2010.07.01 09:33:26 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-3.xml
[2010.08.06 12:51:47 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-4.xml
[2010.09.18 18:45:56 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-5.xml
[2010.10.24 18:50:13 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-6.xml
[2010.10.29 21:28:17 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-7.xml
[2010.12.15 15:20:19 | 000,000,950 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin-8.xml
[2010.04.10 21:07:48 | 000,000,168 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin.gif
[2010.04.10 21:07:48 | 000,000,618 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin.src
[2010.04.30 20:11:24 | 000,000,947 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\icqplugin.xml
[2010.03.24 10:34:04 | 000,002,456 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\searchplugins\iMeshWebSearch.xml
[2011.01.17 21:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.26 18:06:46 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.07.02 19:22:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.17 17:43:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.17 21:24:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009.07.03 18:14:23 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Programme\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
[2010.10.17 17:43:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.17 21:24:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.06 12:50:30 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.06 12:50:30 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.24 10:34:04 | 000,002,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
[2010.08.06 12:50:30 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.06 12:50:31 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.06 12:50:31 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [4StoryPrePatch] C:\Programme\Gameforge4D\4Story\PrePatch.exe (Zamiinc)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BigDog303] C:\Windows\VM303_STI.EXE (Vimicro)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [Profiler] C:\Programme\Saitek\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snpstd]  File not found
O4 - HKLM..\Run: [SSDMonitor] C:\Programme\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools  )
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\Emre\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
O4 - Startup: C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -  File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Emre\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Emre\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{90894d42-f21d-11de-852e-002421062aa0}\Shell - "" = AutoRun
O33 - MountPoints2\{90894d42-f21d-11de-852e-002421062aa0}\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.28 21:12:24 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Emre\Desktop\OTL.exe
[2011.02.27 18:44:45 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{04A85D4A-A66A-473A-8856-24EE22CD7A82}
[2011.02.27 16:35:54 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\Malwarebytes
[2011.02.27 16:35:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.27 16:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.27 16:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.27 16:35:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.27 16:35:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.02.27 10:50:53 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{55053A25-183D-40A3-BE32-66DB21C08FAC}
[2011.02.26 09:42:03 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{DB7C8116-0BA3-44E9-88DE-AAD5EAF71D37}
[2011.02.24 18:38:05 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{ECEF8982-C900-4852-AA3D-5284F7D30CB2}
[2011.02.24 11:42:34 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{EB212CD6-4053-440C-99B4-587969D4C9A4}
[2011.02.23 13:07:23 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{BE911923-C770-4D3E-984C-B32014E6814A}
[2011.02.22 13:53:02 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{DBF4F4DF-ABAE-4596-A97F-C0B2F78079CA}
[2011.02.21 19:25:32 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{1FC15DCA-3AE3-45E9-B864-D5870F017CB9}
[2011.02.21 14:33:27 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{EA566E1F-332E-46D3-BE2D-8D03638E59FD}
[2011.02.19 17:45:00 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{7D63A2C8-48E3-4223-B7B6-9368A8B564E4}
[2011.02.19 10:27:50 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{BFF1B6FD-ADDE-4E3C-B010-2CDB0EE020D1}
[2011.02.17 12:46:54 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{0C9EFDF1-3DD0-4E66-8F1B-1B4D30AB81B7}
[2011.02.16 13:29:35 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{33B5AE32-7362-4C63-B27B-A68C12F4CCF6}
[2011.02.15 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{F44443C8-E261-4ADC-BD55-304F36EBB056}
[2011.02.14 20:21:27 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{2AB75A0E-C704-47C8-B5B5-8A72874FD727}
[2011.02.13 10:15:11 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{DE88001B-8708-4D80-88F9-90C20C3AD4D9}
[2011.02.12 11:35:38 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{A199E499-D9AE-41C6-813F-273E3569EB9B}
[2011.02.11 13:48:59 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{9344DA23-B657-4583-AEC1-2DA8B8CD2BB6}
[2011.02.09 13:04:54 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{F149E82E-1519-49D7-966D-9CD8FFDE77A2}
[2011.02.08 20:38:05 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.02.08 20:38:05 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.02.08 20:38:05 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.08 20:38:05 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.02.08 20:38:05 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.08 20:38:05 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.02.08 20:38:05 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.02.08 20:38:05 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.02.08 20:38:05 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.02.08 20:38:05 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.02.08 20:38:04 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.02.08 20:38:04 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.02.08 20:38:04 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.02.08 20:38:04 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.02.08 20:38:03 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.08 20:38:03 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.02.08 20:38:03 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.02.08 20:38:03 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.02.08 20:38:03 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.02.08 20:38:03 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.02.08 20:38:03 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.02.08 20:37:59 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.02.08 20:37:59 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.02.08 20:37:57 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.02.08 20:37:44 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.08 20:37:40 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.08 20:37:40 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.08 20:32:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.02.08 20:32:45 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.08 20:32:44 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.08 20:32:44 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.08 20:32:44 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.08 20:32:44 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.08 20:32:44 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.08 20:32:44 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.02.08 20:32:44 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.08 20:32:44 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.08 20:32:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.02.08 20:32:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.02.08 20:32:44 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.02.08 20:32:44 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.08 20:32:44 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.08 20:32:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.08 20:32:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.08 20:32:38 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.08 20:32:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.08 15:22:23 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{AAF7286E-566A-4140-88D2-2A609419A119}
[2011.02.07 17:21:25 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\Windows Live Writer
[2011.02.07 17:21:25 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\Windows Live Writer
[2011.02.07 13:53:50 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{3C98C603-A439-4F78-8FCB-2C1788FB5E0E}
[2011.02.06 10:57:08 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{F48CCE7E-ED1D-48DA-9769-883E6EDBC90C}
[2011.02.05 09:17:27 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{F5D38BDD-CBF8-4114-A60D-27AFF68D4804}
[2011.02.04 22:13:19 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\GameRanger
[2011.02.03 16:42:58 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{35DAC40E-9CDD-4BF5-AFCD-E13137C41EFF}
[2011.02.02 20:27:36 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2011.02.02 20:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.02.01 10:43:49 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{0C795070-0DB4-45B5-A585-148D317DF9EC}
[2011.01.31 20:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2011.01.31 20:13:20 | 000,000,000 | ---D | C] -- C:\Programme\AutoHotkey
[2011.01.31 15:40:46 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\Save-EE
[2011.01.31 15:36:55 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\Save-EE
[2011.01.31 12:03:21 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{ADB800A0-89EC-45A5-A176-EAA68A2D3D94}
[2011.01.30 11:11:17 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\{D280B5AF-EDEE-4FE5-B143-A2477A9A39EA}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.28 21:25:05 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011.02.28 21:21:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.28 21:21:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.28 21:12:26 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Emre\Desktop\OTL.exe
[2011.02.28 21:11:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.28 13:52:10 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.02.28 13:38:41 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8579ADB6-98F4-4D4B-AFA5-D2FFFA62F856}.job
[2011.02.28 13:21:57 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.28 13:21:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.28 13:21:09 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.27 16:35:45 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.27 14:28:16 | 000,006,442 | ---- | M] () -- C:\Users\Emre\.recently-used.xbel
[2011.02.24 15:52:00 | 000,000,680 | ---- | M] () -- C:\Users\Emre\AppData\Local\d3d9caps.dat
[2011.02.21 21:04:45 | 000,000,209 | ---- | M] () -- C:\Users\Emre\Desktop\Killing Floor Beta Dedicated Server.url
[2011.02.21 19:55:41 | 000,043,520 | ---- | M] () -- C:\Users\Emre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.15 21:10:16 | 000,000,214 | ---- | M] () -- C:\Users\Emre\Desktop\Killing Floor SDK.url
[2011.02.14 20:15:31 | 000,000,800 | ---- | M] () -- C:\Users\Emre\Desktop\Steam.lnk
[2011.02.14 20:08:26 | 000,000,215 | ---- | M] () -- C:\Users\Emre\Desktop\Defence Alliance 2.url
[2011.02.14 19:22:19 | 000,000,214 | ---- | M] () -- C:\Users\Emre\Desktop\Killing Floor.url
[2011.02.09 13:10:05 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.09 13:10:05 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.09 13:10:05 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.09 13:10:05 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.09 13:02:41 | 000,332,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.05 23:39:52 | 000,000,361 | ---- | M] () -- C:\Users\Emre\SciTE.session
[2011.02.05 19:04:56 | 000,000,023 | ---- | M] () -- C:\Users\Emre\Desktop\Klick.ahk
[2011.02.04 22:13:30 | 000,000,993 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk
[2011.02.04 22:13:30 | 000,000,979 | ---- | M] () -- C:\Users\Emre\Desktop\GameRanger.lnk
[2011.02.04 16:33:00 | 000,000,564 | ---- | M] () -- C:\Users\Emre\Desktop\Spam.ahk
[2011.02.02 20:27:36 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.02.02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.01.31 22:53:37 | 000,000,697 | ---- | M] () -- C:\Users\Emre\Desktop\Samp.ahk
[2011.01.31 22:13:09 | 000,000,198 | ---- | M] () -- C:\Users\Emre\Desktop\Bla.ahk
[2011.01.31 20:32:00 | 000,000,850 | ---- | M] () -- C:\Users\Emre\Desktop\AutoHotkey.lnk
[2011.01.31 20:13:44 | 000,001,352 | ---- | M] () -- C:\Users\Emre\Documents\AutoHotkey.ahk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.27 16:35:45 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.27 14:28:16 | 000,006,442 | ---- | C] () -- C:\Users\Emre\.recently-used.xbel
[2011.02.21 21:04:45 | 000,000,209 | ---- | C] () -- C:\Users\Emre\Desktop\Killing Floor Beta Dedicated Server.url
[2011.02.15 21:10:16 | 000,000,214 | ---- | C] () -- C:\Users\Emre\Desktop\Killing Floor SDK.url
[2011.02.14 20:15:31 | 000,000,800 | ---- | C] () -- C:\Users\Emre\Desktop\Steam.lnk
[2011.02.14 20:08:26 | 000,000,215 | ---- | C] () -- C:\Users\Emre\Desktop\Defence Alliance 2.url
[2011.02.14 19:22:19 | 000,000,214 | ---- | C] () -- C:\Users\Emre\Desktop\Killing Floor.url
[2011.02.05 18:40:44 | 000,000,023 | ---- | C] () -- C:\Users\Emre\Desktop\Klick.ahk
[2011.02.04 22:13:30 | 000,000,993 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk
[2011.02.04 22:13:30 | 000,000,979 | ---- | C] () -- C:\Users\Emre\Desktop\GameRanger.lnk
[2011.02.04 22:13:30 | 000,000,965 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2011.02.04 16:31:02 | 000,000,564 | ---- | C] () -- C:\Users\Emre\Desktop\Spam.ahk
[2011.01.31 22:09:51 | 000,000,198 | ---- | C] () -- C:\Users\Emre\Desktop\Bla.ahk
[2011.01.31 20:33:13 | 000,000,697 | ---- | C] () -- C:\Users\Emre\Desktop\Samp.ahk
[2011.01.31 20:32:00 | 000,000,850 | ---- | C] () -- C:\Users\Emre\Desktop\AutoHotkey.lnk
[2011.01.31 20:13:44 | 000,001,352 | ---- | C] () -- C:\Users\Emre\Documents\AutoHotkey.ahk
[2010.11.07 11:01:39 | 000,110,788 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.10.06 14:59:28 | 000,000,604 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\wklnhst.dat
[2010.08.30 19:55:18 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009.12.13 12:01:14 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.11.14 19:52:34 | 000,000,067 | ---- | C] () -- C:\Windows\SpeedGear.INI
[2009.07.24 20:02:55 | 000,155,648 | ---- | C] () -- C:\Windows\System32\nY.exe
[2009.07.14 19:31:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.14 19:31:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.14 08:14:25 | 000,089,430 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009.07.14 08:14:25 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009.07.14 08:14:25 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009.07.14 08:14:25 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009.07.14 08:14:25 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009.07.14 08:14:25 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009.07.14 08:14:25 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009.07.14 08:14:25 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009.07.14 08:14:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009.07.14 08:14:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009.07.14 08:14:25 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009.07.14 08:14:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009.07.14 08:14:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009.07.14 08:14:25 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009.07.14 08:14:25 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009.07.14 08:14:25 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009.07.14 08:14:25 | 000,000,099 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.07.14 08:04:38 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX4200EFGIPSD.ini
[2009.07.14 08:00:49 | 000,000,680 | ---- | C] () -- C:\Users\Emre\AppData\Local\d3d9caps.dat
[2009.06.24 21:55:56 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2009.06.15 14:19:43 | 000,017,089 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\UserTile.png
[2009.05.31 14:36:33 | 000,000,807 | ---- | C] () -- C:\Windows\Ssc.INI
[2009.05.29 14:44:52 | 000,108,068 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009.04.26 12:44:10 | 000,037,416 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009.04.07 12:26:44 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.04.07 12:26:44 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.04.07 12:26:44 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.03.27 19:58:30 | 000,043,520 | ---- | C] () -- C:\Users\Emre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.26 20:19:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.03.26 18:38:35 | 000,000,403 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.03.26 18:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.03.26 18:06:24 | 000,003,942 | ---- | C] () -- C:\Windows\mozver.dat
[2009.02.26 14:50:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.01.22 12:33:38 | 000,000,030 | ---- | C] () -- C:\Windows\System32\drivers\version.dat
[2009.01.20 23:18:53 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.01.20 23:18:53 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.01.20 23:18:53 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.01.20 23:18:53 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.01.20 14:50:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.22 04:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007.03.29 22:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,332,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.02.25 05:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
 
========== LOP Check ==========
 
[2009.06.24 21:31:30 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\BitDefender
[2009.12.26 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\DAEMON Tools Lite
[2010.11.27 17:14:23 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Dev-Cpp
[2011.02.04 22:13:29 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\GameRanger
[2011.01.30 16:23:38 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\gtk-2.0
[2011.02.27 21:46:33 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\ICQ
[2010.06.30 17:15:43 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\LolClient
[2010.01.27 12:41:32 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Mumble
[2009.08.10 18:50:39 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Nokia
[2010.03.13 13:16:11 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Nokia Multimedia Player
[2010.10.17 17:47:26 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\OpenOffice.org
[2009.07.27 19:04:56 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\PC Suite
[2009.06.15 14:19:42 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\PeerNetworking
[2009.03.28 14:58:12 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Petroglyph
[2011.02.01 20:38:13 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Save-EE
[2010.10.01 16:55:04 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Soldat
[2010.10.19 18:26:14 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Sony
[2010.06.13 17:27:21 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\SpeedSim
[2010.10.23 17:07:50 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\TeamViewer
[2009.09.22 18:45:25 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Teeworlds
[2010.10.06 14:59:30 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Template
[2010.05.30 16:50:00 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\TS3Client
[2009.12.26 14:09:56 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Ubisoft
[2011.02.07 17:21:25 | 000,000,000 | ---D | M] -- C:\Users\Emre\AppData\Roaming\Windows Live Writer
[2011.02.27 22:57:15 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.02.28 13:38:41 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8579ADB6-98F4-4D4B-AFA5-D2FFFA62F856}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
--- --- ---
__________________


Alt 01.03.2011, 09:58   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer Infiziert? - Standard

Computer Infiziert?



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{90894d42-f21d-11de-852e-002421062aa0}\Shell - "" = AutoRun
O33 - MountPoints2\{90894d42-f21d-11de-852e-002421062aa0}\Shell\AutoRun\command - "" = I:\Autorun.exe
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
__________________

Alt 01.03.2011, 14:32   #19
DoomxDevil
 
Computer Infiziert? - Standard

Computer Infiziert?



All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90894d42-f21d-11de-852e-002421062aa0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90894d42-f21d-11de-852e-002421062aa0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90894d42-f21d-11de-852e-002421062aa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90894d42-f21d-11de-852e-002421062aa0}\ not found.
File I:\Autorun.exe not found.
ADS C:\ProgramData\TEMP1B5B4F1 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56545 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Benutzer*
->Temp folder emptied: 4034097 bytes
->Temporary Internet Files folder emptied: 3341626 bytes
->Java cache emptied: 3302713 bytes
->FireFox cache emptied: 121075630 bytes
->Google Chrome cache emptied: 13492669 bytes
->Flash cache emptied: 188351 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4231155132 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.174,00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 03012011_142521

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Frage: Was hab ich da eigendlich gemacht??
Bzw gelöscht?

MfG Doom

Alt 01.03.2011, 15:27   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer Infiziert? - Standard

Computer Infiziert?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.03.2011, 18:03   #21
DoomxDevil
 
Computer Infiziert? - Standard

Computer Infiziert?



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-02-28.07 - Emre 01.03.2011  17:48:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.1659 [GMT 1:00]
ausgeführt von:: c:\users\Emre\Desktop\Cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\windows\system32\winio.vxd

.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-01 bis 2011-03-01  ))))))))))))))))))))))))))))))
.

2011-03-01 16:38 . 2011-03-01 16:38	--------	d-----w-	c:\program files\CCleaner
2011-03-01 13:25 . 2011-03-01 13:25	--------	d-----w-	C:\_OTL
2011-02-27 17:44 . 2011-02-27 17:44	--------	d-----w-	c:\users\Emre\AppData\Local\{04A85D4A-A66A-473A-8856-24EE22CD7A82}
2011-02-27 15:35 . 2011-02-27 15:35	--------	d-----w-	c:\users\Emre\AppData\Roaming\Malwarebytes
2011-02-27 15:35 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 15:35 . 2011-02-27 15:35	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-02-27 15:35 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-02-27 09:50 . 2011-02-27 09:50	--------	d-----w-	c:\users\Emre\AppData\Local\{55053A25-183D-40A3-BE32-66DB21C08FAC}
2011-02-26 08:42 . 2011-02-26 08:42	--------	d-----w-	c:\users\Emre\AppData\Local\{DB7C8116-0BA3-44E9-88DE-AAD5EAF71D37}
2011-02-24 17:38 . 2011-02-24 17:38	--------	d-----w-	c:\users\Emre\AppData\Local\{ECEF8982-C900-4852-AA3D-5284F7D30CB2}
2011-02-24 10:42 . 2011-02-24 10:42	--------	d-----w-	c:\users\Emre\AppData\Local\{EB212CD6-4053-440C-99B4-587969D4C9A4}
2011-02-23 12:07 . 2011-02-23 12:07	--------	d-----w-	c:\users\Emre\AppData\Local\{BE911923-C770-4D3E-984C-B32014E6814A}
2011-02-22 12:53 . 2011-02-22 12:53	--------	d-----w-	c:\users\Emre\AppData\Local\{DBF4F4DF-ABAE-4596-A97F-C0B2F78079CA}
2011-02-21 18:25 . 2011-02-21 18:25	--------	d-----w-	c:\users\Emre\AppData\Local\{1FC15DCA-3AE3-45E9-B864-D5870F017CB9}
2011-02-21 13:33 . 2011-02-21 13:33	--------	d-----w-	c:\users\Emre\AppData\Local\{EA566E1F-332E-46D3-BE2D-8D03638E59FD}
2011-02-19 16:45 . 2011-02-19 16:45	--------	d-----w-	c:\users\Emre\AppData\Local\{7D63A2C8-48E3-4223-B7B6-9368A8B564E4}
2011-02-19 09:27 . 2011-02-19 09:27	--------	d-----w-	c:\users\Emre\AppData\Local\{BFF1B6FD-ADDE-4E3C-B010-2CDB0EE020D1}
2011-02-17 11:46 . 2011-02-17 11:46	--------	d-----w-	c:\users\Emre\AppData\Local\{0C9EFDF1-3DD0-4E66-8F1B-1B4D30AB81B7}
2011-02-16 12:29 . 2011-02-16 12:29	--------	d-----w-	c:\users\Emre\AppData\Local\{33B5AE32-7362-4C63-B27B-A68C12F4CCF6}
2011-02-15 12:48 . 2011-02-15 12:48	--------	d-----w-	c:\users\Emre\AppData\Local\{F44443C8-E261-4ADC-BD55-304F36EBB056}
2011-02-14 19:21 . 2011-02-14 19:21	--------	d-----w-	c:\users\Emre\AppData\Local\{2AB75A0E-C704-47C8-B5B5-8A72874FD727}
2011-02-13 09:15 . 2011-02-13 09:15	--------	d-----w-	c:\users\Emre\AppData\Local\{DE88001B-8708-4D80-88F9-90C20C3AD4D9}
2011-02-12 10:35 . 2011-02-12 10:35	--------	d-----w-	c:\users\Emre\AppData\Local\{A199E499-D9AE-41C6-813F-273E3569EB9B}
2011-02-11 12:48 . 2011-02-11 12:49	--------	d-----w-	c:\users\Emre\AppData\Local\{9344DA23-B657-4583-AEC1-2DA8B8CD2BB6}
2011-02-09 12:04 . 2011-02-09 12:04	--------	d-----w-	c:\users\Emre\AppData\Local\{F149E82E-1519-49D7-966D-9CD8FFDE77A2}
2011-02-08 19:37 . 2011-01-20 16:07	37376	----a-w-	c:\windows\system32\cdd.dll
2011-02-08 19:37 . 2011-01-20 16:04	98816	----a-w-	c:\windows\system32\mfps.dll
2011-02-08 19:37 . 2011-01-20 16:07	258048	----a-w-	c:\windows\system32\winspool.drv
2011-02-08 19:37 . 2011-01-20 16:06	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-02-08 19:37 . 2010-12-31 13:57	2039808	----a-w-	c:\windows\system32\win32k.sys
2011-02-08 19:37 . 2010-10-15 14:08	3602320	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-02-08 19:37 . 2010-10-15 14:08	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-02-08 19:37 . 2010-10-15 13:48	1205080	----a-w-	c:\windows\system32\ntdll.dll
2011-02-08 19:37 . 2011-01-06 10:51	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-02-08 14:22 . 2011-02-08 14:22	--------	d-----w-	c:\users\Emre\AppData\Local\{AAF7286E-566A-4140-88D2-2A609419A119}
2011-02-07 16:21 . 2011-02-07 16:21	--------	d-----w-	c:\users\Emre\AppData\Local\Windows Live Writer
2011-02-07 16:21 . 2011-02-07 16:21	--------	d-----w-	c:\users\Emre\AppData\Roaming\Windows Live Writer
2011-02-07 12:53 . 2011-02-07 12:53	--------	d-----w-	c:\users\Emre\AppData\Local\{3C98C603-A439-4F78-8FCB-2C1788FB5E0E}
2011-02-06 09:57 . 2011-02-06 09:57	--------	d-----w-	c:\users\Emre\AppData\Local\{F48CCE7E-ED1D-48DA-9769-883E6EDBC90C}
2011-02-05 08:17 . 2011-02-05 08:17	--------	d-----w-	c:\users\Emre\AppData\Local\{F5D38BDD-CBF8-4114-A60D-27AFF68D4804}
2011-02-04 21:13 . 2011-02-04 21:13	--------	d-----w-	c:\users\Emre\AppData\Roaming\GameRanger
2011-02-03 15:42 . 2011-02-03 15:42	--------	d-----w-	c:\users\Emre\AppData\Local\{35DAC40E-9CDD-4BF5-AFCD-E13137C41EFF}
2011-02-02 19:27 . 2011-02-02 19:27	--------	d-----w-	c:\program files\Common Files\Skype
2011-02-01 09:43 . 2011-02-01 09:43	--------	d-----w-	c:\users\Emre\AppData\Local\{0C795070-0DB4-45B5-A585-148D317DF9EC}
2011-01-31 19:13 . 2011-01-31 19:13	--------	d-----w-	c:\program files\AutoHotkey
2011-01-31 14:40 . 2011-01-31 14:40	--------	d-----w-	c:\users\Emre\AppData\Local\Save-EE
2011-01-31 14:36 . 2011-02-01 19:38	--------	d-----w-	c:\users\Emre\AppData\Roaming\Save-EE
2011-01-31 11:03 . 2011-01-31 11:03	--------	d-----w-	c:\users\Emre\AppData\Local\{ADB800A0-89EC-45A5-A176-EAA68A2D3D94}

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-03 08:31	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 16:08	413696	----a-w-	c:\windows\system32\odbc32.dll
2010-12-22 11:47 . 2009-07-20 08:26	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-12-14 14:49 . 2011-01-12 16:07	1169408	----a-w-	c:\windows\system32\sdclt.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2009-11-09 17:38	2331672	----a-w-	c:\program files\Softonic_Deutsch\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-26 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-11-25 292824]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-21 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 92704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-26 185872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2005-10-18 163840]
"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2005-11-03 126976]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-24 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story\PrePatch.exe" [2010-08-31 319488]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Emre\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2011-1-28 1257184]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WeGame.lnk - c:\program files\WeGame\wegame.exe [2010-5-7 1867776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9b3853bf8e36c;Google Update Service (gupdate1c9b3853bf8e36c);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 133104]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-06 3819912]
R3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys [2006-02-28 176640]
R3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys [2006-02-28 27264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-26 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-07 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-11-25 583640]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2011-03-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 16:45]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 11:21]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 11:21]

2011-03-01 c:\windows\Tasks\User_Feed_Synchronization-{8579ADB6-98F4-4D4B-AFA5-D2FFFA62F856}.job
- c:\windows\system32\msfeedssync.exe [2011-02-08 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://g.live.com/1rewlive4startup/home
mStart Page = hxxp://www.bigseekpro.com/hypercam/{8723FF7F-63AE-4FAB-8D0F-EAFC9B444A18}
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-snpstd - c:\windows\vsnpstd.exe



**************************************************************************
Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????@?@?????????????????????????? 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3462764783-541386736-1487009282-1000\Software\SecuROM\License information*]
"datasecu"=hex:1b,2b,5c,c9,ab,54,0d,39,da,a3,64,78,6d,a1,6b,cf,b8,e0,6b,8d,ea,
   e0,9e,08,e6,3d,a8,bc,19,5b,bc,1c,d7,ef,ed,81,da,84,96,87,46,8f,03,b3,93,e7,\
"rkeysecu"=hex:cd,6b,01,62,87,2f,1f,06,d9,bc,2f,ef,12,75,19,36

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-03-01  17:59:38
ComboFix-quarantined-files.txt  2011-03-01 16:59

Vor Suchlauf: 9 Verzeichnis(se), 650.422.116.352 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 650.345.811.968 Bytes frei

- - End Of File - - 2D21696D7B5D35C58A8A983DCB9D2C8B
         
--- --- ---

Alt 01.03.2011, 21:44   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer Infiziert? - Standard

Computer Infiziert?



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Dirlook::
c:\users\Emre\AppData\Local\{04A85D4A-A66A-473A-8856-24EE22CD7A82}
c:\users\Emre\AppData\Local\{55053A25-183D-40A3-BE32-66DB21C08FAC}
c:\users\Emre\AppData\Local\{DB7C8116-0BA3-44E9-88DE-AAD5EAF71D37}
c:\users\Emre\AppData\Local\{ECEF8982-C900-4852-AA3D-5284F7D30CB2}
c:\users\Emre\AppData\Local\{EB212CD6-4053-440C-99B4-587969D4C9A4}
c:\users\Emre\AppData\Local\{BE911923-C770-4D3E-984C-B32014E6814A}
c:\users\Emre\AppData\Local\{DBF4F4DF-ABAE-4596-A97F-C0B2F78079CA}
c:\users\Emre\AppData\Local\{1FC15DCA-3AE3-45E9-B864-D5870F017CB9}
c:\users\Emre\AppData\Local\{EA566E1F-332E-46D3-BE2D-8D03638E59FD}
c:\users\Emre\AppData\Local\{7D63A2C8-48E3-4223-B7B6-9368A8B564E4}
c:\users\Emre\AppData\Local\{BFF1B6FD-ADDE-4E3C-B010-2CDB0EE020D1}
c:\users\Emre\AppData\Local\{0C9EFDF1-3DD0-4E66-8F1B-1B4D30AB81B7}
c:\users\Emre\AppData\Local\{33B5AE32-7362-4C63-B27B-A68C12F4CCF6}
c:\users\Emre\AppData\Local\{F44443C8-E261-4ADC-BD55-304F36EBB056}
c:\users\Emre\AppData\Local\{2AB75A0E-C704-47C8-B5B5-8A72874FD727}
c:\users\Emre\AppData\Local\{DE88001B-8708-4D80-88F9-90C20C3AD4D9}
c:\users\Emre\AppData\Local\{A199E499-D9AE-41C6-813F-273E3569EB9B}
c:\users\Emre\AppData\Local\{9344DA23-B657-4583-AEC1-2DA8B8CD2BB6}
c:\users\Emre\AppData\Local\{F149E82E-1519-49D7-966D-9CD8FFDE77A2}
c:\users\Emre\AppData\Local\{AAF7286E-566A-4140-88D2-2A609419A119}
c:\users\Emre\AppData\Local\{3C98C603-A439-4F78-8FCB-2C1788FB5E0E}
c:\users\Emre\AppData\Local\{F48CCE7E-ED1D-48DA-9769-883E6EDBC90C}
c:\users\Emre\AppData\Local\{F5D38BDD-CBF8-4114-A60D-27AFF68D4804}
c:\users\Emre\AppData\Local\{35DAC40E-9CDD-4BF5-AFCD-E13137C41EFF}
c:\users\Emre\AppData\Local\{0C795070-0DB4-45B5-A585-148D317DF9EC}
c:\users\Emre\AppData\Local\Save-EE
c:\users\Emre\AppData\Roaming\Save-EE
c:\users\Emre\AppData\Local\{ADB800A0-89EC-45A5-A176-EAA68A2D3D94}
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.03.2011, 22:32   #23
DoomxDevil
 
Computer Infiziert? - Standard

Computer Infiziert?



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-02-28.07 - Emre 01.03.2011  22:06:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.2182 [GMT 1:00]
ausgeführt von:: c:\users\Emre\Desktop\Cofi.exe.exe
Benutzte Befehlsschalter :: c:\users\Emre\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2011-02-01 bis 2011-03-01  ))))))))))))))))))))))))))))))
.

2011-03-01 21:15 . 2011-03-01 21:15	--------	d-----w-	c:\users\Emre\AppData\Local\temp
2011-03-01 21:15 . 2011-03-01 21:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-01 16:47 . 2011-03-01 16:59	--------	d-----w-	C:\Cofi.exe
2011-03-01 16:38 . 2011-03-01 16:38	--------	d-----w-	c:\program files\CCleaner
2011-03-01 13:25 . 2011-03-01 19:44	--------	d-----w-	C:\_OTL
2011-02-27 17:44 . 2011-02-27 17:44	--------	d-----w-	c:\users\Emre\AppData\Local\{04A85D4A-A66A-473A-8856-24EE22CD7A82}
2011-02-27 15:35 . 2011-02-27 15:35	--------	d-----w-	c:\users\Emre\AppData\Roaming\Malwarebytes
2011-02-27 15:35 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 15:35 . 2011-02-27 15:35	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-02-27 15:35 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-02-27 09:50 . 2011-02-27 09:50	--------	d-----w-	c:\users\Emre\AppData\Local\{55053A25-183D-40A3-BE32-66DB21C08FAC}
2011-02-26 08:42 . 2011-02-26 08:42	--------	d-----w-	c:\users\Emre\AppData\Local\{DB7C8116-0BA3-44E9-88DE-AAD5EAF71D37}
2011-02-24 17:38 . 2011-02-24 17:38	--------	d-----w-	c:\users\Emre\AppData\Local\{ECEF8982-C900-4852-AA3D-5284F7D30CB2}
2011-02-24 10:42 . 2011-02-24 10:42	--------	d-----w-	c:\users\Emre\AppData\Local\{EB212CD6-4053-440C-99B4-587969D4C9A4}
2011-02-23 12:07 . 2011-02-23 12:07	--------	d-----w-	c:\users\Emre\AppData\Local\{BE911923-C770-4D3E-984C-B32014E6814A}
2011-02-22 12:53 . 2011-02-22 12:53	--------	d-----w-	c:\users\Emre\AppData\Local\{DBF4F4DF-ABAE-4596-A97F-C0B2F78079CA}
2011-02-21 18:25 . 2011-02-21 18:25	--------	d-----w-	c:\users\Emre\AppData\Local\{1FC15DCA-3AE3-45E9-B864-D5870F017CB9}
2011-02-21 13:33 . 2011-02-21 13:33	--------	d-----w-	c:\users\Emre\AppData\Local\{EA566E1F-332E-46D3-BE2D-8D03638E59FD}
2011-02-19 16:45 . 2011-02-19 16:45	--------	d-----w-	c:\users\Emre\AppData\Local\{7D63A2C8-48E3-4223-B7B6-9368A8B564E4}
2011-02-19 09:27 . 2011-02-19 09:27	--------	d-----w-	c:\users\Emre\AppData\Local\{BFF1B6FD-ADDE-4E3C-B010-2CDB0EE020D1}
2011-02-17 11:46 . 2011-02-17 11:46	--------	d-----w-	c:\users\Emre\AppData\Local\{0C9EFDF1-3DD0-4E66-8F1B-1B4D30AB81B7}
2011-02-16 12:29 . 2011-02-16 12:29	--------	d-----w-	c:\users\Emre\AppData\Local\{33B5AE32-7362-4C63-B27B-A68C12F4CCF6}
2011-02-15 12:48 . 2011-02-15 12:48	--------	d-----w-	c:\users\Emre\AppData\Local\{F44443C8-E261-4ADC-BD55-304F36EBB056}
2011-02-14 19:21 . 2011-02-14 19:21	--------	d-----w-	c:\users\Emre\AppData\Local\{2AB75A0E-C704-47C8-B5B5-8A72874FD727}
2011-02-13 09:15 . 2011-02-13 09:15	--------	d-----w-	c:\users\Emre\AppData\Local\{DE88001B-8708-4D80-88F9-90C20C3AD4D9}
2011-02-12 10:35 . 2011-02-12 10:35	--------	d-----w-	c:\users\Emre\AppData\Local\{A199E499-D9AE-41C6-813F-273E3569EB9B}
2011-02-11 12:48 . 2011-02-11 12:49	--------	d-----w-	c:\users\Emre\AppData\Local\{9344DA23-B657-4583-AEC1-2DA8B8CD2BB6}
2011-02-09 12:04 . 2011-02-09 12:04	--------	d-----w-	c:\users\Emre\AppData\Local\{F149E82E-1519-49D7-966D-9CD8FFDE77A2}
2011-02-08 19:37 . 2011-01-20 16:07	37376	----a-w-	c:\windows\system32\cdd.dll
2011-02-08 19:37 . 2011-01-20 16:04	98816	----a-w-	c:\windows\system32\mfps.dll
2011-02-08 19:37 . 2011-01-20 16:07	258048	----a-w-	c:\windows\system32\winspool.drv
2011-02-08 19:37 . 2011-01-20 16:06	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-02-08 19:37 . 2010-12-31 13:57	2039808	----a-w-	c:\windows\system32\win32k.sys
2011-02-08 19:37 . 2010-10-15 14:08	3602320	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-02-08 19:37 . 2010-10-15 14:08	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-02-08 19:37 . 2010-10-15 13:48	1205080	----a-w-	c:\windows\system32\ntdll.dll
2011-02-08 19:37 . 2011-01-06 10:51	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-02-08 14:22 . 2011-02-08 14:22	--------	d-----w-	c:\users\Emre\AppData\Local\{AAF7286E-566A-4140-88D2-2A609419A119}
2011-02-07 16:21 . 2011-02-07 16:21	--------	d-----w-	c:\users\Emre\AppData\Local\Windows Live Writer
2011-02-07 16:21 . 2011-02-07 16:21	--------	d-----w-	c:\users\Emre\AppData\Roaming\Windows Live Writer
2011-02-07 12:53 . 2011-02-07 12:53	--------	d-----w-	c:\users\Emre\AppData\Local\{3C98C603-A439-4F78-8FCB-2C1788FB5E0E}
2011-02-06 09:57 . 2011-02-06 09:57	--------	d-----w-	c:\users\Emre\AppData\Local\{F48CCE7E-ED1D-48DA-9769-883E6EDBC90C}
2011-02-05 08:17 . 2011-02-05 08:17	--------	d-----w-	c:\users\Emre\AppData\Local\{F5D38BDD-CBF8-4114-A60D-27AFF68D4804}
2011-02-04 21:13 . 2011-02-04 21:13	--------	d-----w-	c:\users\Emre\AppData\Roaming\GameRanger
2011-02-03 15:42 . 2011-02-03 15:42	--------	d-----w-	c:\users\Emre\AppData\Local\{35DAC40E-9CDD-4BF5-AFCD-E13137C41EFF}
2011-02-02 19:27 . 2011-02-02 19:27	--------	d-----w-	c:\program files\Common Files\Skype
2011-02-01 09:43 . 2011-02-01 09:43	--------	d-----w-	c:\users\Emre\AppData\Local\{0C795070-0DB4-45B5-A585-148D317DF9EC}
2011-01-31 19:13 . 2011-01-31 19:13	--------	d-----w-	c:\program files\AutoHotkey
2011-01-31 14:40 . 2011-01-31 14:40	--------	d-----w-	c:\users\Emre\AppData\Local\Save-EE
2011-01-31 14:36 . 2011-02-01 19:38	--------	d-----w-	c:\users\Emre\AppData\Roaming\Save-EE
2011-01-31 11:03 . 2011-01-31 11:03	--------	d-----w-	c:\users\Emre\AppData\Local\{ADB800A0-89EC-45A5-A176-EAA68A2D3D94}

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-03 08:31	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 16:08	413696	----a-w-	c:\windows\system32\odbc32.dll
2010-12-22 11:47 . 2009-07-20 08:26	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-12-14 14:49 . 2011-01-12 16:07	1169408	----a-w-	c:\windows\system32\sdclt.exe
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Emre\AppData\Local\{04A85D4A-A66A-473A-8856-24EE22CD7A82} ----


---- Directory of c:\users\Emre\AppData\Local\{0C795070-0DB4-45B5-A585-148D317DF9EC} ----


---- Directory of c:\users\Emre\AppData\Local\{0C9EFDF1-3DD0-4E66-8F1B-1B4D30AB81B7} ----


---- Directory of c:\users\Emre\AppData\Local\{1FC15DCA-3AE3-45E9-B864-D5870F017CB9} ----


---- Directory of c:\users\Emre\AppData\Local\{2AB75A0E-C704-47C8-B5B5-8A72874FD727} ----


---- Directory of c:\users\Emre\AppData\Local\{33B5AE32-7362-4C63-B27B-A68C12F4CCF6} ----


---- Directory of c:\users\Emre\AppData\Local\{35DAC40E-9CDD-4BF5-AFCD-E13137C41EFF} ----


---- Directory of c:\users\Emre\AppData\Local\{3C98C603-A439-4F78-8FCB-2C1788FB5E0E} ----


---- Directory of c:\users\Emre\AppData\Local\{55053A25-183D-40A3-BE32-66DB21C08FAC} ----


---- Directory of c:\users\Emre\AppData\Local\{7D63A2C8-48E3-4223-B7B6-9368A8B564E4} ----


---- Directory of c:\users\Emre\AppData\Local\{9344DA23-B657-4583-AEC1-2DA8B8CD2BB6} ----


---- Directory of c:\users\Emre\AppData\Local\{A199E499-D9AE-41C6-813F-273E3569EB9B} ----


---- Directory of c:\users\Emre\AppData\Local\{AAF7286E-566A-4140-88D2-2A609419A119} ----


---- Directory of c:\users\Emre\AppData\Local\{ADB800A0-89EC-45A5-A176-EAA68A2D3D94} ----


---- Directory of c:\users\Emre\AppData\Local\{BE911923-C770-4D3E-984C-B32014E6814A} ----


---- Directory of c:\users\Emre\AppData\Local\{BFF1B6FD-ADDE-4E3C-B010-2CDB0EE020D1} ----


---- Directory of c:\users\Emre\AppData\Local\{DB7C8116-0BA3-44E9-88DE-AAD5EAF71D37} ----


---- Directory of c:\users\Emre\AppData\Local\{DBF4F4DF-ABAE-4596-A97F-C0B2F78079CA} ----


---- Directory of c:\users\Emre\AppData\Local\{DE88001B-8708-4D80-88F9-90C20C3AD4D9} ----


---- Directory of c:\users\Emre\AppData\Local\{EA566E1F-332E-46D3-BE2D-8D03638E59FD} ----


---- Directory of c:\users\Emre\AppData\Local\{EB212CD6-4053-440C-99B4-587969D4C9A4} ----


---- Directory of c:\users\Emre\AppData\Local\{ECEF8982-C900-4852-AA3D-5284F7D30CB2} ----


---- Directory of c:\users\Emre\AppData\Local\{F149E82E-1519-49D7-966D-9CD8FFDE77A2} ----


---- Directory of c:\users\Emre\AppData\Local\{F44443C8-E261-4ADC-BD55-304F36EBB056} ----


---- Directory of c:\users\Emre\AppData\Local\{F48CCE7E-ED1D-48DA-9769-883E6EDBC90C} ----


---- Directory of c:\users\Emre\AppData\Local\{F5D38BDD-CBF8-4114-A60D-27AFF68D4804} ----


---- Directory of c:\users\Emre\AppData\Local\Save-EE ----

2011-01-31 14:40 . 2011-02-11 15:27	1903	----a-w-	c:\users\Emre\AppData\Local\Save-EE\LobbyClient.exe_Url_gclkt2ejerr20wmxxqssu24tdtqpxkro\2.6.5.0\user.config

---- Directory of c:\users\Emre\AppData\Roaming\Save-EE ----

2011-02-01 19:38 . 2011-02-01 19:42	520380	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Crack\EE-AOC.exe
2011-01-31 14:38 . 2011-01-31 14:38	262176	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\textures\post game victory_1_1.sst
2011-01-31 14:38 . 2011-01-31 14:38	262176	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\textures\post game defeat_1_1.sst
2011-01-31 14:37 . 2011-01-31 14:38	262176	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\textures\mainmenuback_1_1.sst
2011-01-31 14:37 . 2011-01-31 14:37	25722	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island\zTropic Island Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25767	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island\zTropic Island Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25764	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island\zTropic Island Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25738	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island\zTropic Island Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25788	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island\zTropic Island Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25811	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island\zTropic Island Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	2863	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island\Climate-Terrain.rmv
2011-01-31 14:37 . 2011-01-31 14:37	7496	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37	30912	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z\Tournament Islands Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	26119	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z\Tournament Islands Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	27207	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z\Tournament Islands Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25406	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z\Tournament Islands Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25358	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z\Tournament Islands Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	26058	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z\Tournament Islands Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	7477	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37	27889	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X\Tournament Islands Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25703	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X\Tournament Islands Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	26518	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X\Tournament Islands Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25554	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X\Tournament Islands Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	26036	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X\Tournament Islands Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25768	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X\Tournament Islands Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24881	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25001	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25011	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25014	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25009	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25078	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25029	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25232	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25449	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25639	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	26181	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25997	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	6650	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37	475	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Map Climate.rmv
2011-01-31 14:37 . 2011-01-31 14:37	2262	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Common Terrain Painting.rmv
2011-01-31 14:37 . 2011-01-31 14:37	806	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Common Forests.rmv
2011-01-31 14:37 . 2011-01-31 14:37	5796	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis\Common Conditions.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24596	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Rivers\Rivers Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24929	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Rivers\Rivers Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24689	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Rivers\Rivers Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24933	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Rivers\Rivers Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24925	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Rivers\Rivers Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24883	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Rivers\Rivers Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	6625	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25232	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Plains Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	23875	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Plains Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	23676	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Plains Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24309	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Plains Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24509	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Plains Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24186	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Plains Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	305	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Map Climate.rmv
2011-01-31 14:37 . 2011-01-31 14:37	2050	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\CA Micro\Common Forests.rmv
2011-01-31 14:37 . 2011-01-31 14:37	5859	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zTropic Island.rmv
2011-01-31 14:37 . 2011-01-31 14:37	72467	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zRandom Land.rmv
2011-01-31 14:37 . 2011-01-31 14:37	37271	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zRandom Islands.rmv
2011-01-31 14:37 . 2011-01-31 14:37	10015	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zContinents-DrOrange.rmv
2011-01-31 14:37 . 2011-01-31 14:37	18995	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\zBG_Death Gulch.rmv
2011-01-31 14:37 . 2011-01-31 14:37	6988	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Z.rmv
2011-01-31 14:37 . 2011-01-31 14:37	6988	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\X.rmv
2011-01-31 14:37 . 2011-01-31 14:37	5830	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Vicious Isthmi.rmv
2011-01-31 14:37 . 2011-01-31 14:37	72469	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Uniquely Random.rmv
2011-01-31 14:37 . 2011-01-31 14:37	58538	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Twisted For Grens.rmv
2011-01-31 14:37 . 2011-01-31 14:37	5622	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tweek My CA Micro.rmv
2011-01-31 14:37 . 2011-01-31 14:37	5627	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tunisia Oasis.rmv
2011-01-31 14:37 . 2011-01-31 14:37	6299	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\Random Map Scripts\Tortured Rivers.rmv
2011-01-31 14:37 . 2011-01-31 14:37	2356	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\db\dbworld.dat
2011-01-31 14:37 . 2011-01-31 14:37	2903364	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\db\dbuicontrols.dat
2011-01-31 14:37 . 2011-01-31 14:37	796	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Data\db\dbstartingresources.dat
2011-01-31 14:37 . 2011-01-31 14:37	1999	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Update Notes.txt
2011-01-31 14:37 . 2011-01-31 14:37	11	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\patchversion.txt
2011-01-31 14:37 . 2011-01-31 14:37	429	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\ee\Credits.txt.txt
2011-01-31 14:37 . 2011-01-31 14:37	262176	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\textures\post game victory_1_1.sst
2011-01-31 14:37 . 2011-01-31 14:37	262176	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\textures\post game defeat_1_1.sst
2011-01-31 14:37 . 2011-01-31 14:37	262176	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\textures\men_moorishcav_07t.sst
2011-01-31 14:37 . 2011-01-31 14:37	49196	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\textures\gun_sentinel_15t.tga
2011-01-31 14:37 . 2011-01-31 14:37	196652	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\textures\bkg_title_1_1.tga
2011-01-31 14:37 . 2011-01-31 14:37	25722	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island\zTropic Island Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25767	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island\zTropic Island Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25764	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island\zTropic Island Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25738	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island\zTropic Island Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25788	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island\zTropic Island Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25811	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island\zTropic Island Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	2863	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island\Climate-Terrain.rmv
2011-01-31 14:37 . 2011-01-31 14:37	7496	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37	30912	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z\Tournament Islands Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	26119	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z\Tournament Islands Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	27207	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z\Tournament Islands Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25406	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z\Tournament Islands Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25358	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z\Tournament Islands Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	26058	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z\Tournament Islands Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	7477	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37	27889	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X\Tournament Islands Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25703	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X\Tournament Islands Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	26518	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X\Tournament Islands Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25554	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X\Tournament Islands Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	26036	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X\Tournament Islands Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25768	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X\Tournament Islands Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24881	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25001	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25011	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25014	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25009	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25078	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Vicious Isthmi\Vicious Isthmi Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25029	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25232	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25449	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25639	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	26181	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25997	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Tunisia Oasis Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	6650	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37	475	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Map Climate.rmv
2011-01-31 14:37 . 2011-01-31 14:37	2262	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Common Terrain Painting.rmv
2011-01-31 14:37 . 2011-01-31 14:37	806	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Common Forests.rmv
2011-01-31 14:37 . 2011-01-31 14:37	5796	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis\Common Conditions.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24596	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Rivers\Rivers Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24929	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Rivers\Rivers Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24689	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Rivers\Rivers Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24933	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Rivers\Rivers Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24925	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Rivers\Rivers Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24883	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Rivers\Rivers Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	50629	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Mediterranean - Space\Mediterranean Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	51347	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Mediterranean - Space\Mediterranean Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	51424	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Mediterranean - Space\Mediterranean Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	51753	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Mediterranean - Space\Mediterranean Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	51475	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Mediterranean - Space\Mediterranean Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	51301	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Mediterranean - Space\Mediterranean Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	50475	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Continental - Space\Continental Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	50914	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Continental - Space\Continental Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	51128	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Continental - Space\Continental Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	51328	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Continental - Space\Continental Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	51871	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Continental - Space\Continental Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	51693	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Continental - Space\Continental Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	6625	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Tourney Common Initial Units.rmv
2011-01-31 14:37 . 2011-01-31 14:37	25232	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Plains Tiny.rmv
2011-01-31 14:37 . 2011-01-31 14:37	23875	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Plains Small.rmv
2011-01-31 14:37 . 2011-01-31 14:37	23676	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Plains Medium.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24309	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Plains Large.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24509	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Plains Huge.rmv
2011-01-31 14:37 . 2011-01-31 14:37	24186	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Plains Gigantic.rmv
2011-01-31 14:37 . 2011-01-31 14:37	305	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Map Climate.rmv
2011-01-31 14:37 . 2011-01-31 14:37	2050	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\CA Micro\Common Forests.rmv
2011-01-31 14:37 . 2011-01-31 14:37	5859	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zTropic Island.rmv
2011-01-31 14:37 . 2011-01-31 14:37	18378	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zRandom Space Islands.rmv
2011-01-31 14:37 . 2011-01-31 14:37	59082	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zRandom Land.rmv
2011-01-31 14:37 . 2011-01-31 14:37	37271	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zRandom Islands.rmv
2011-01-31 14:37 . 2011-01-31 14:37	6830	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zMediterranean - Space.rmv
2011-01-31 14:37 . 2011-01-31 14:37	10015	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zContinents-DrOrange.rmv
2011-01-31 14:37 . 2011-01-31 14:37	6587	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zContinental - Space.rmv
2011-01-31 14:37 . 2011-01-31 14:37	18995	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\zBG_Death Gulch.rmv
2011-01-31 14:37 . 2011-01-31 14:37	6988	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Z.rmv
2011-01-31 14:37 . 2011-01-31 14:37	6988	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\X.rmv
2011-01-31 14:37 . 2011-01-31 14:37	5830	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Vicious Isthmi.rmv
2011-01-31 14:37 . 2011-01-31 14:37	59981	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Uniquely Random.rmv
2011-01-31 14:37 . 2011-01-31 14:37	58538	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Twisted For Grens.rmv
2011-01-31 14:37 . 2011-01-31 14:37	5622	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tweek My CA Micro.rmv
2011-01-31 14:37 . 2011-01-31 14:37	5627	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tunisia Oasis.rmv
2011-01-31 14:37 . 2011-01-31 14:37	6299	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Random Map Scripts\Tortured Rivers.rmv
2011-01-31 14:37 . 2011-01-31 14:37	384840	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Models\gun_sentinel_15.cem
2011-01-31 14:37 . 2011-01-31 14:37	24	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\Models\amb_rock.cem
2011-01-31 14:37 . 2011-01-31 14:37	2664	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbworld.dat
2011-01-31 14:37 . 2011-01-31 14:37	2924864	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbuicontrols.dat
2011-01-31 14:37 . 2011-01-31 14:37	1226932	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbtechtree.dat
2011-01-31 14:37 . 2011-01-31 14:37	796	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbstartingresources.dat
2011-01-31 14:37 . 2011-01-31 14:37	2764	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbpremadecivs.dat
2011-01-31 14:37 . 2011-01-31 14:37	1662084	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbobjects.dat
2011-01-31 14:36 . 2011-01-31 14:37	936188	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbgraphics.dat
2011-01-31 14:36 . 2011-01-31 14:36	3500	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbcivpowers.dat
2011-01-31 14:36 . 2011-01-31 14:36	8500	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbcalamity.dat
2011-01-31 14:36 . 2011-01-31 14:36	346980	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Data\db\dbbuttons.dat
2011-01-31 14:36 . 2011-01-31 14:36	8962	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Update Notes.txt
2011-01-31 14:36 . 2011-01-31 14:36	11	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\patchversion.txt
2011-01-31 14:36 . 2011-01-31 14:36	429	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\aoc\Credits.txt.txt
2011-01-31 14:36 . 2011-01-31 14:36	48557	----a-w-	c:\users\Emre\AppData\Roaming\Save-EE\Patch\patchinfo.dat


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2009-11-09 17:38	2331672	----a-w-	c:\program files\Softonic_Deutsch\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-26 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-11-25 292824]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-21 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 92704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-26 185872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2005-10-18 163840]
"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2005-11-03 126976]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-24 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Emre\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2011-1-28 1257184]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WeGame.lnk - c:\program files\WeGame\wegame.exe [2010-5-7 1867776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9b3853bf8e36c;Google Update Service (gupdate1c9b3853bf8e36c);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 133104]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-06 3819912]
R3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys [2006-02-28 176640]
R3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys [2006-02-28 27264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-26 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-07 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-11-25 583640]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2011-03-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 16:45]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 11:21]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 11:21]

2011-03-01 c:\windows\Tasks\User_Feed_Synchronization-{8579ADB6-98F4-4D4B-AFA5-D2FFFA62F856}.job
- c:\windows\system32\msfeedssync.exe [2011-02-08 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://g.live.com/1rewlive4startup/home
mStart Page = hxxp://www.bigseekpro.com/hypercam/{8723FF7F-63AE-4FAB-8D0F-EAFC9B444A18}
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\6gdpg2i0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-4StoryPrePatch - c:\program files\Gameforge4D\4Story\PrePatch.exe



**************************************************************************
Scanne versteckte Prozesse... 

 [0] 0x00200073

Scanne versteckte Autostarteinträge... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????@?@?????????????????????????? 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3462764783-541386736-1487009282-1000\Software\SecuROM\License information*]
"datasecu"=hex:1b,2b,5c,c9,ab,54,0d,39,da,a3,64,78,6d,a1,6b,cf,b8,e0,6b,8d,ea,
   e0,9e,08,e6,3d,a8,bc,19,5b,bc,1c,d7,ef,ed,81,da,84,96,87,46,8f,03,b3,93,e7,\
"rkeysecu"=hex:cd,6b,01,62,87,2f,1f,06,d9,bc,2f,ef,12,75,19,36

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-03-01  22:17:39
ComboFix-quarantined-files.txt  2011-03-01 21:17
ComboFix2.txt  2011-03-01 16:59

Vor Suchlauf: 13 Verzeichnis(se), 653.945.860.096 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 658.041.290.752 Bytes frei

- - End Of File - - 5A936E1CAEA270D06325E1D24E3B9E19
         
--- --- ---

ich hoffe ich habe es richtig gemacht oO
(es wurde nach keinem neustart gefragt und danach war die CFScript.txt datei nicht mehr da und ich musste es manuel neustarten weil man keine datein mehr öffnen konnte ..)

Alt 01.03.2011, 22:40   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer Infiziert? - Standard

Computer Infiziert?



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.03.2011, 19:31   #25
DoomxDevil
 
Computer Infiziert? - Standard

Computer Infiziert?



Soo GMER ist abgestürtzt

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:01:49 on 02.03.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ahr5ex5j" (ahr5ex5j) - "Microsoft Corporation" - C:\Windows\system32\drivers\ahr5ex5j.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Emre\AppData\Local\Temp\catchme.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
"EagleXNt" (EagleXNt) - ? - C:\Windows\system32\drivers\EagleXNt.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SaiMini" (SaiMini) - "Saitek" - C:\Windows\System32\DRIVERS\SaiMini.sys
"SaiNtBus" (SaiNtBus) - "Saitek" - C:\Windows\System32\drivers\SaiBus.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"VideoCAM Trek" (snpstd) - ? - C:\Windows\System32\DRIVERS\snpstd.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Softonic Deutsch Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch\tbSoft.dll
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "Softonic Deutsch Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch\tbSoft.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{20A60F0D-9AFA-4515-A0FD-83BD84642501} "Checkers Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\System32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)
"ICQ6" - ? - C:\Program Files\ICQ6.5\ICQ.exe  (File not found)
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100" - "Microsoft Corporation" - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "Softonic Deutsch Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch\tbSoft.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar BHO" - "Microsoft Corporation" - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "Softonic Deutsch Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch\tbSoft.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"GameRanger.lnk" - "GameRanger Technologies" - C:\Users\Emre\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe  (Shortcut exists | File exists)
"OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"WeGame.lnk" - "WeGame.com, Inc." - C:\Program Files\WeGame\wegame.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"RegistryMechanic" - "PC Tools  " - C:\Program Files\Registry Mechanic\RMTray.exe /H
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"Steam" - "Valve Corporation" - "C:\Program Files\Steam\steam.exe" -silent
"swg" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"PCSuiteTrayApplication" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"Profiler" - "Saitek" - C:\Program Files\Saitek\Software\ProfilerU.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SaiMfd" - "Saitek" - C:\Program Files\Saitek\Software\SaiMfd.exe
"SSDMonitor" - "PC Tools" - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9b3853bf8e36c)" (gupdate1c9b3853bf8e36c) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PC Tools Startup and Shutdown Monitor service" (PCToolsSSDMonitorSvc) - "PC Tools" - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: MEDIONPC
System Product Name: MS-7502
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 145):
0x8200B000 \SystemRoot\system32\ntkrnlpa.exe
0x823C5000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80481000 \SystemRoot\system32\PSHED.dll
0x80492000 \SystemRoot\system32\BOOTVID.dll
0x8049A000 \SystemRoot\system32\CLFS.SYS
0x804DB000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\System32\Drivers\spxr.sys
0x80781000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8078A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B0000 \SystemRoot\system32\drivers\acpi.sys
0x807F6000 \SystemRoot\system32\drivers\msisadrv.sys
0x805BB000 \SystemRoot\system32\drivers\pci.sys
0x805E2000 \SystemRoot\System32\drivers\partmgr.sys
0x805F1000 \SystemRoot\system32\drivers\volmgr.sys
0x82605000 \SystemRoot\System32\drivers\volmgrx.sys
0x8264F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8265F000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82726000 \SystemRoot\system32\drivers\fltmgr.sys
0x82758000 \SystemRoot\system32\drivers\fileinfo.sys
0x82768000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82771000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AC00000 \SystemRoot\system32\drivers\ndis.sys
0x8AD0B000 \SystemRoot\system32\drivers\msrpc.sys
0x8AD36000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AE02000 \SystemRoot\System32\drivers\tcpip.sys
0x8AEEC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B00C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B11C000 \SystemRoot\system32\drivers\volsnap.sys
0x8B155000 \SystemRoot\System32\Drivers\spldr.sys
0x8B15D000 \SystemRoot\System32\Drivers\mup.sys
0x8B16C000 \SystemRoot\System32\drivers\ecache.sys
0x8B193000 \SystemRoot\system32\drivers\disk.sys
0x8B1A4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B1C5000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B1E6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B1EF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EE0A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F56C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8FA03000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FAA3000 \SystemRoot\System32\drivers\watchdog.sys
0x8FAAF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FABA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FAF8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FB07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FB94000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FBA4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FBB2000 \SystemRoot\system32\DRIVERS\serial.sys
0x8FBCC000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8FBD6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FBEE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F56E000 \SystemRoot\System32\Drivers\aak0owqu.SYS
0x8F5A7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AD71000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F5D6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F5E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AFCE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AFF1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8ADB2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8ADC6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8ADDB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8ADEB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x827E2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EE00000 \SystemRoot\system32\drivers\SaiBus.sys
0x8FBF8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F809000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F833000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F83D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F84A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F87F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F890000 \SystemRoot\system32\DRIVERS\SaiMini.sys
0x8F894000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F8A4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FE09000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9003F000 \SystemRoot\system32\drivers\portcls.sys
0x9006C000 \SystemRoot\system32\drivers\drmk.sys
0x90091000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9009A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x900A2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x900AB000 \SystemRoot\System32\Drivers\Null.SYS
0x900B2000 \SystemRoot\System32\Drivers\Beep.SYS
0x900B9000 \SystemRoot\System32\drivers\vga.sys
0x900C5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x900E6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x900FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x900FD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90105000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9010D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90118000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90126000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9012F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90145000 \SystemRoot\system32\DRIVERS\smb.sys
0x90159000 \SystemRoot\system32\drivers\afd.sys
0x901A1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x901D3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x901E9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F8AB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x901F7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F8BE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F8FA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F904000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F91B000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F941000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x901FD000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F958000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x8F961000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x90C00000 \SystemRoot\System32\Drivers\fastfat.SYS
0x90C28000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90C35000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x988C0000 \SystemRoot\System32\win32k.sys
0x90CFC000 \SystemRoot\System32\drivers\Dxapi.sys
0x90D06000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98AE0000 \SystemRoot\System32\TSDDD.dll
0x98B00000 \SystemRoot\System32\cdd.dll
0x90D15000 \SystemRoot\system32\drivers\luafv.sys
0x90D30000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x90D45000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90D55000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x90D7F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x90D89000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8AF07000 \SystemRoot\system32\drivers\HTTP.sys
0x90D9C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x90DB9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x90DD2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8AF74000 \SystemRoot\system32\drivers\mrxdav.sys
0x8AF95000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA000D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0046000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA005E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0086000 \SystemRoot\System32\DRIVERS\srv.sys
0xA00D4000 \SystemRoot\system32\drivers\spsys.sys
0xA3A0A000 \SystemRoot\system32\drivers\peauth.sys
0xA3AE8000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3AF2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA3AFE000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA3B13000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA3B25000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA3B46000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x77410000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 81):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
632 csrss.exe
684 C:\Windows\System32\wininit.exe
696 csrss.exe
728 C:\Windows\System32\services.exe
780 C:\Windows\System32\winlogon.exe
804 C:\Windows\System32\lsass.exe
812 C:\Windows\System32\lsm.exe
944 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\nvvsvc.exe
1036 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\audiodg.exe
1312 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\SLsvc.exe
1384 C:\Windows\System32\svchost.exe
1472 C:\Windows\System32\rundll32.exe
1548 C:\Windows\System32\svchost.exe
1816 C:\Windows\System32\spoolsv.exe
1856 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1868 C:\Windows\System32\svchost.exe
720 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1376 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1520 C:\Program Files\Bonjour\mDNSResponder.exe
1712 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
1452 C:\Windows\System32\taskeng.exe
2132 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2140 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2176 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
2308 C:\Windows\System32\taskeng.exe
2376 C:\Windows\System32\dwm.exe
2452 C:\Windows\explorer.exe
2552 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
2628 C:\Windows\System32\IoctlSvc.exe
2640 C:\Windows\System32\svchost.exe
2652 C:\Windows\System32\PSIService.exe
2676 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2716 C:\Windows\System32\svchost.exe
2776 C:\Windows\System32\svchost.exe
2816 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2900 C:\Windows\System32\SearchIndexer.exe
2932 WUDFHost.exe
2952 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3620 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3628 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3652 C:\Windows\System32\rundll32.exe
3672 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3756 C:\Program Files\iTunes\iTunesHelper.exe
3796 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3824 C:\Program Files\Saitek\Software\ProfilerU.exe
3836 C:\Program Files\Saitek\Software\SaiMfd.exe
3856 C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
3864 C:\Windows\VM303_STI.EXE
4080 C:\Windows\System32\wbem\unsecapp.exe
2284 WmiPrvSE.exe
2264 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
2044 C:\Program Files\Windows Sidebar\sidebar.exe
2460 C:\Windows\ehome\ehtray.exe
2328 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3180 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
2600 C:\Program Files\Windows Media Player\wmpnscfg.exe
3684 C:\Program Files\Skype\Phone\Skype.exe
1176 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
1992 C:\Windows\ehome\ehmsas.exe
3892 C:\Program Files\Windows Media Player\wmpnetwk.exe
3956 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
4404 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
4644 C:\Program Files\Skype\Plugin Manager\skypePM.exe
4880 C:\Program Files\iPod\bin\iPodService.exe
5008 C:\Windows\System32\svchost.exe
5528 taskeng.exe
6004 C:\Program Files\Mozilla Firefox\firefox.exe
6028 dllhost.exe
4292 dllhost.exe
5296 C:\Users\Emre\Desktop\MBRCheck.exe
3616 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e3`e0907e00 (FAT32)

PhysicalDrive0 Model Number: ST31000333AS, Rev: BD15

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: MEDIONPC
System Product Name: MS-7502
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 145):
0x8200B000 \SystemRoot\system32\ntkrnlpa.exe
0x823C5000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80481000 \SystemRoot\system32\PSHED.dll
0x80492000 \SystemRoot\system32\BOOTVID.dll
0x8049A000 \SystemRoot\system32\CLFS.SYS
0x804DB000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\System32\Drivers\spxr.sys
0x80781000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8078A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B0000 \SystemRoot\system32\drivers\acpi.sys
0x807F6000 \SystemRoot\system32\drivers\msisadrv.sys
0x805BB000 \SystemRoot\system32\drivers\pci.sys
0x805E2000 \SystemRoot\System32\drivers\partmgr.sys
0x805F1000 \SystemRoot\system32\drivers\volmgr.sys
0x82605000 \SystemRoot\System32\drivers\volmgrx.sys
0x8264F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8265F000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82726000 \SystemRoot\system32\drivers\fltmgr.sys
0x82758000 \SystemRoot\system32\drivers\fileinfo.sys
0x82768000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82771000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AC00000 \SystemRoot\system32\drivers\ndis.sys
0x8AD0B000 \SystemRoot\system32\drivers\msrpc.sys
0x8AD36000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AE02000 \SystemRoot\System32\drivers\tcpip.sys
0x8AEEC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B00C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B11C000 \SystemRoot\system32\drivers\volsnap.sys
0x8B155000 \SystemRoot\System32\Drivers\spldr.sys
0x8B15D000 \SystemRoot\System32\Drivers\mup.sys
0x8B16C000 \SystemRoot\System32\drivers\ecache.sys
0x8B193000 \SystemRoot\system32\drivers\disk.sys
0x8B1A4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B1C5000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B1E6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B1EF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EE0A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F56C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8FA03000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FAA3000 \SystemRoot\System32\drivers\watchdog.sys
0x8FAAF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FABA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FAF8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FB07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FB94000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FBA4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FBB2000 \SystemRoot\system32\DRIVERS\serial.sys
0x8FBCC000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8FBD6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FBEE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F56E000 \SystemRoot\System32\Drivers\aak0owqu.SYS
0x8F5A7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AD71000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F5D6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F5E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AFCE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AFF1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8ADB2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8ADC6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8ADDB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8ADEB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x827E2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EE00000 \SystemRoot\system32\drivers\SaiBus.sys
0x8FBF8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F809000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F833000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F83D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F84A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F87F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F890000 \SystemRoot\system32\DRIVERS\SaiMini.sys
0x8F894000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F8A4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FE09000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9003F000 \SystemRoot\system32\drivers\portcls.sys
0x9006C000 \SystemRoot\system32\drivers\drmk.sys
0x90091000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9009A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x900A2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x900AB000 \SystemRoot\System32\Drivers\Null.SYS
0x900B2000 \SystemRoot\System32\Drivers\Beep.SYS
0x900B9000 \SystemRoot\System32\drivers\vga.sys
0x900C5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x900E6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x900FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x900FD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90105000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9010D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90118000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90126000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9012F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90145000 \SystemRoot\system32\DRIVERS\smb.sys
0x90159000 \SystemRoot\system32\drivers\afd.sys
0x901A1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x901D3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x901E9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F8AB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x901F7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F8BE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F8FA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F904000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F91B000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F941000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x901FD000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F958000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x8F961000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x90C00000 \SystemRoot\System32\Drivers\fastfat.SYS
0x90C28000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90C35000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x988C0000 \SystemRoot\System32\win32k.sys
0x90CFC000 \SystemRoot\System32\drivers\Dxapi.sys
0x90D06000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98AE0000 \SystemRoot\System32\TSDDD.dll
0x98B00000 \SystemRoot\System32\cdd.dll
0x90D15000 \SystemRoot\system32\drivers\luafv.sys
0x90D30000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x90D45000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90D55000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x90D7F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x90D89000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8AF07000 \SystemRoot\system32\drivers\HTTP.sys
0x90D9C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x90DB9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x90DD2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8AF74000 \SystemRoot\system32\drivers\mrxdav.sys
0x8AF95000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA000D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0046000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA005E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0086000 \SystemRoot\System32\DRIVERS\srv.sys
0xA00D4000 \SystemRoot\system32\drivers\spsys.sys
0xA3A0A000 \SystemRoot\system32\drivers\peauth.sys
0xA3AE8000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3AF2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA3AFE000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA3B13000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA3B25000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA3B46000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x77410000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 81):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
632 csrss.exe
684 C:\Windows\System32\wininit.exe
696 csrss.exe
728 C:\Windows\System32\services.exe
780 C:\Windows\System32\winlogon.exe
804 C:\Windows\System32\lsass.exe
812 C:\Windows\System32\lsm.exe
944 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\nvvsvc.exe
1036 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\audiodg.exe
1312 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\SLsvc.exe
1384 C:\Windows\System32\svchost.exe
1472 C:\Windows\System32\rundll32.exe
1548 C:\Windows\System32\svchost.exe
1816 C:\Windows\System32\spoolsv.exe
1856 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1868 C:\Windows\System32\svchost.exe
720 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1376 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1520 C:\Program Files\Bonjour\mDNSResponder.exe
1712 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
1452 C:\Windows\System32\taskeng.exe
2132 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2140 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2176 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
2308 C:\Windows\System32\taskeng.exe
2376 C:\Windows\System32\dwm.exe
2452 C:\Windows\explorer.exe
2552 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
2628 C:\Windows\System32\IoctlSvc.exe
2640 C:\Windows\System32\svchost.exe
2652 C:\Windows\System32\PSIService.exe
2676 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2716 C:\Windows\System32\svchost.exe
2776 C:\Windows\System32\svchost.exe
2816 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2900 C:\Windows\System32\SearchIndexer.exe
2932 WUDFHost.exe
2952 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3620 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3628 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3652 C:\Windows\System32\rundll32.exe
3672 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3756 C:\Program Files\iTunes\iTunesHelper.exe
3796 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3824 C:\Program Files\Saitek\Software\ProfilerU.exe
3836 C:\Program Files\Saitek\Software\SaiMfd.exe
3856 C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
3864 C:\Windows\VM303_STI.EXE
4080 C:\Windows\System32\wbem\unsecapp.exe
2284 WmiPrvSE.exe
2264 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
2044 C:\Program Files\Windows Sidebar\sidebar.exe
2460 C:\Windows\ehome\ehtray.exe
2328 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3180 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
2600 C:\Program Files\Windows Media Player\wmpnscfg.exe
3684 C:\Program Files\Skype\Phone\Skype.exe
1176 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
1992 C:\Windows\ehome\ehmsas.exe
3892 C:\Program Files\Windows Media Player\wmpnetwk.exe
3956 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
4404 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
4644 C:\Program Files\Skype\Plugin Manager\skypePM.exe
4880 C:\Program Files\iPod\bin\iPodService.exe
5008 C:\Windows\System32\svchost.exe
5528 taskeng.exe
6004 C:\Program Files\Mozilla Firefox\firefox.exe
6028 dllhost.exe
4292 dllhost.exe
5296 C:\Users\Emre\Desktop\MBRCheck.exe
3616 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e3`e0907e00 (FAT32)

PhysicalDrive0 Model Number: ST31000333AS, Rev: BD15

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Alt 02.03.2011, 19:56   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer Infiziert? - Standard

Computer Infiziert?



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.03.2011, 13:34   #27
DoomxDevil
 
Computer Infiziert? - Standard

Computer Infiziert?



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5940

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

03.03.2011 13:33:38
mbam-log-2011-03-03 (13-33-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 444021
Laufzeit: 1 Stunde(n), 44 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/02/2011 at 10:47 PM

Application Version : 4.49.1000

Core Rules Database Version : 6516
Trace Rules Database Version: 4328

Scan type : Complete Scan
Total Scan Time : 02:29:12

Memory items scanned : 731
Memory threats detected : 0
Registry items scanned : 10791
Registry threats detected : 0
File items scanned : 289194
File threats detected : 4

Trojan.Agent/Gen-Goo
C:\USERS\xxx\DESKTOP\AUTOIT3\HALLO WELT..EXE

Trojan.Agent/Gen-Frauder[Startup]
C:\USERS\xxx\DESKTOP\NUMPAD+.EXE

Trojan.Agent/Gen-OnlineGames
C:\USERS\xxx\DESKTOP\PSERVERMT2 NEUER CLIENT VON 27.7.10\PSERVERMT2 5.5 CLIENT UPDATE!\PSERVERMT2 5.5 CLIENT\MC.DLL
C:\USERS\xxx\DESKTOP\WODN2 CLIENT\MC.DLL

Alt 03.03.2011, 13:35   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer Infiziert? - Standard

Computer Infiziert?



Zitat:
Trojan.Agent/Gen-Goo
C:\USERS\xxx\DESKTOP\AUTOIT3\HALLO WELT..EXE

Trojan.Agent/Gen-Frauder[Startup]
C:\USERS\xxx\DESKTOP\NUMPAD+.EXE

Trojan.Agent/Gen-OnlineGames
C:\USERS\xxx\DESKTOP\PSERVERMT2 NEUER CLIENT VON 27.7.10\PSERVERMT2 5.5 CLIENT UPDATE!\PSERVERMT2 5.5 CLIENT\MC.DLL
C:\USERS\xxx\DESKTOP\WODN2 CLIENT\MC.DLL
Was ist das und aus welcher Quelle stammen diese Dateien?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.03.2011, 13:39   #29
DoomxDevil
 
Computer Infiziert? - Standard

Computer Infiziert?



hxxp://www.autoitscript.com/site/autoit/
das mit autoit (das programm selber geschrieben aber keine ahnung warum das so ist oO)

die numpad+.exe is ein programm das mit autohotkey geschrieben wurde (hab ich nicht geschrieben hat mir jemand geschrieben)

das 3 Keine Ahnung oO

und beim 4 wie gesagt gibs nicht mehr

EDIT// das 3 hat aber auch was mit dem 4 zu tun

Alt 03.03.2011, 13:51   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer Infiziert? - Standard

Computer Infiziert?



Nagut, dann betrachten wir es als "Überreste" die weg nun weg sind

Rechner wieder soweit ok?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Computer Infiziert?
anti-malware, bösartige, client, compu, computer, dateien, desktop, downloader, explorer, gefunde, gescannt, infiziert, infiziert?, loader, logdatei, malwarebytes, minute, pc infiziert, plagegeister aller art und deren bekämpfung, service, stunde, troja, trojandownloader, users, version, verzeichnisse, vollständige, vollständiger




Ähnliche Themen: Computer Infiziert?


  1. Mailaccount hat Trojaner/Virus verschickt. Computer infiziert?
    Plagegeister aller Art und deren Bekämpfung - 22.12.2014 (9)
  2. Computer Zero.Access Virus infiziert
    Mülltonne - 16.07.2013 (1)
  3. Computer möglicherweise infiziert
    Log-Analyse und Auswertung - 06.02.2013 (1)
  4. Computer mit Bundestrojaner infiziert
    Log-Analyse und Auswertung - 21.11.2012 (6)
  5. Computer infiziert?
    Log-Analyse und Auswertung - 04.09.2012 (31)
  6. Computer mit Bundespolizei-Virus (Ukash) infiziert
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (3)
  7. Computer infiziert? Latenz und Internetprobleme
    Log-Analyse und Auswertung - 11.06.2012 (1)
  8. Computer mit TR/Ransom.EJ.3 infiziert
    Log-Analyse und Auswertung - 08.04.2012 (27)
  9. computer ev. infiziert
    Plagegeister aller Art und deren Bekämpfung - 08.02.2011 (3)
  10. Computer macht zicken - svchost.exe infiziert?
    Log-Analyse und Auswertung - 17.01.2010 (0)
  11. Computer friert ein! Infiziert??
    Log-Analyse und Auswertung - 04.01.2009 (12)
  12. Computer infiziert! Internet brutal langsam!!
    Log-Analyse und Auswertung - 27.11.2008 (1)
  13. Computer infiziert!
    Plagegeister aller Art und deren Bekämpfung - 05.09.2008 (9)
  14. Computer infiziert?
    Mülltonne - 15.08.2007 (3)
  15. DER VIRUS MIT DEN TAUSEND NAMEN hat meinen computer infiziert
    Log-Analyse und Auswertung - 13.08.2006 (8)
  16. Computer ist infiziert - was kann ich noch tun?
    Plagegeister aller Art und deren Bekämpfung - 11.08.2005 (9)
  17. Datei gelöscht, Computer noch immer infiziert
    Plagegeister aller Art und deren Bekämpfung - 11.04.2003 (14)

Zum Thema Computer Infiziert? - Da ist doch ein Screenshot in der Anleitung...ist das sooo unklar - Computer Infiziert?...
Archiv
Du betrachtest: Computer Infiziert? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.