|
Log-Analyse und Auswertung: wiedermal ein TR/Kazy.mekml.1 problem..Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.04.2011, 21:38 | #1 |
| wiedermal ein TR/Kazy.mekml.1 problem.. heyho, nachdem ich mir die maleware eingefangen habe is erstmal alles schwarz am desk geworden & es sind festplatten errors gekommen, bis sich der pc heruntergefahren hat ich habe dann erstmal unhide gezocken, das durchlaufen lassen - anschließend das "Malewarebytes Anti-Maleware" Programm durchlaufen lassen, hat auch was gefunden und ich habs wie in der beschreibung gelöscht, ergebniss von dem ganzen: meine daten sind soweit ich nichts vergessen habe alle vorhanden aber ich seh z.B in der taskleiste keine programme usw. was ich aber fürn problem habe ich finde : HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer nicht in meiner reg damit ich den wert wie beschrieben von 1 auf 0 ändern kann, habe windows vista 64 bit als betriebssystem danke schonmal im vorraus für eure hilfe OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.04.2011 22:26:41 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sytox\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 66,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 22,98 Gb Free Space | 9,87% Space Free | Partition Type: NTFS Drive D: | 581,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 931,51 Gb Total Space | 882,20 Gb Free Space | 94,71% Space Free | Partition Type: NTFS Computer Name: SYTOX-PC | User Name: Sytox | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" () InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" () piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 4C 36 ED FB A3 AC C9 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07F42EFE-996C-4AA7-89B9-F15A6971A227}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0852B73A-066D-4D16-9A05-59EDEC1521C8}" = rport=138 | protocol=17 | dir=out | app=system | "{0C85992B-58C7-4889-A4CF-195E7F5D83F8}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{0EA2F1E8-6B0A-4C3E-A8E4-7AD67A6C983A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{213B48DF-B6FA-434A-9827-D41EA4C62241}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{21A63B93-C556-4080-9951-9F7A95D3D852}" = lport=2869 | protocol=6 | dir=in | app=system | "{228BC878-4CE4-42EE-9BD5-90AB62BE8DC1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{2ACA5CD2-0B46-4272-8457-3735B0F16F98}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{2F331542-19EE-40F0-B581-BEBF5B0133AB}" = lport=139 | protocol=6 | dir=in | app=system | "{31F6ACE2-8AE1-43DA-B47A-EFEED3EF070D}" = lport=2869 | protocol=6 | dir=in | app=system | "{47DA1FB3-EB35-49DD-A6FD-EEA0165865B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{49523087-C2C5-401C-9938-C34E744A1B17}" = lport=137 | protocol=17 | dir=in | app=system | "{5FC6B2EB-ED0B-4E04-ACD8-9CE64F3C6445}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{699ACE5E-88C1-42EE-BB0B-11EE3410E9E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{732DFA42-D032-4204-91B8-CC7714728FC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9216DE04-FC8C-4FB3-97C7-0BCE0541F917}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{95B8B2C8-3892-42C0-B9D2-8FDB14E41F36}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B476F5CD-75FA-45B7-A053-FE7754F20B41}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B860521B-AB1F-4720-94F5-F968ED63A4F8}" = rport=2869 | protocol=6 | dir=out | app=system | "{BC6B65E7-ABE0-4D0C-A01D-12904F302080}" = lport=138 | protocol=17 | dir=in | app=system | "{BEC859D1-B280-4C0D-AA78-835227C3C481}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C263E5C8-0ECC-4982-AF09-E490D47DCB73}" = rport=445 | protocol=6 | dir=out | app=system | "{D3D2638A-D00A-44FD-B066-9F7589B8AC01}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D673F520-AFA2-4957-9F0F-1B9BF0856DF1}" = rport=139 | protocol=6 | dir=out | app=system | "{EC210FCE-38DB-4CCB-AF6F-B2A8E7F8A0EB}" = lport=445 | protocol=6 | dir=in | app=system | "{EC2F530B-C51C-4D46-886B-102C6FFA601A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EEF856CD-EC46-4416-8D08-4F8B8B53AC82}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F081C8F0-0049-41B0-8577-73B2D4E8C74D}" = rport=137 | protocol=17 | dir=out | app=system | "{F5A38E21-1FF1-446D-9765-BA3B770E4E37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{FDD0A7E3-FD1F-4C69-97A6-504E9829C075}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{050D0FDC-FB94-4F04-87C8-35F28D6FCA4B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{058163B1-3E66-47B0-901A-BD71266B95FE}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "{06CCD89F-9439-46AB-9703-925D2693CD42}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-dede-ptr-downloader.exe | "{081A09FD-4CA0-46C4-95C3-C0A9F34CDF72}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{0840876C-5F5C-42B9-B7A6-6910B60C922C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0AD7C2E3-BB70-4C29-BBBF-DD312B863E74}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{0EDB464D-B7C0-4B78-B484-E08A6B76056C}" = protocol=17 | dir=in | app=c:\spiele\call of duty 4\iw3mp.exe | "{114547F4-7387-4D55-BC2C-C562C97F719E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-dede-ptr-downloader.exe | "{1428586A-E83B-4E38-B21F-26A6C821F1EB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{147AEED1-D45A-4F29-B820-D12954AC8269}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{15F97655-D8E6-4246-B562-A67BA4B6CDBC}" = protocol=6 | dir=in | app=c:\spiele\counter strike\steamapps\darkor309\counter-strike source\hl2.exe | "{1A259C5E-3A91-48CA-8C24-6A2D9F371FD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1B77C443-1F73-4FC5-9CFB-E4A7D0000C52}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-dede-ptr-downloader.exe | "{1E0CAFDD-E9D6-4B18-B396-982E622788BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1EF9015E-7767-4092-A461-C7A309C4094D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{20D3DBBB-3E57-4279-9EDB-7F24FA8C080C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{25915D89-78E5-44B4-A1F3-7274903F572C}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{273B091C-622E-40FA-AAAB-BBA42FA4EBBC}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe | "{27D74083-EC78-423E-A2A8-1404C0204FF7}" = protocol=6 | dir=in | app=c:\spiele\counter strike\steamapps\common\call of duty black ops\blackops.exe | "{2F98266E-BCDC-48E0-8C86-5183E48BB012}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | "{35B651A9-6F84-44CE-9A15-423785A61743}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{38643CB0-1B52-4EE4-BBD0-800D1CD82C0E}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | "{3C3BBD64-3054-4F3F-8DB4-D2DA66FC8E56}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{3E6762CF-56D2-4EDB-9000-483DB127C302}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3FC4A1FD-E999-46DD-BAAB-19751CD598DF}" = protocol=17 | dir=in | app=c:\spiele\counter strike\steamapps\darkor309\counter-strike source\hl2.exe | "{40B10B3F-7F10-4CAB-9B0E-34300223C1FC}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{40EF980E-95BD-46E9-A4F5-133AA5681AD1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{45979232-7DA8-4AC5-A5EE-A4DF67B892D7}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{45D3C999-657A-4F7E-8189-5566819C44A3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | "{46FE8400-FFD3-4B4D-B159-1B23D81235B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4A62A389-F127-4E3A-865C-A25B61DDAC15}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | "{4D402A1F-299F-441A-A8A1-A9E9BA43E2AB}" = protocol=6 | dir=in | app=c:\users\sytox\appdata\local\apps\2.0\t8k9bjnw.y0k\pb93dp61.w0a\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe | "{4ECD38C4-4F82-424D-A987-8ADC034C839F}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\backgrounddownloader.exe | "{525BA602-F5AD-415A-96B5-7F96C7D79C8F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{538A4FFB-B3F9-49DE-9000-31375FAA625C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-dede-ptr-downloader.exe | "{53CD8D99-1CEB-4A14-806E-1E207917E6EF}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\backgrounddownloader.exe | "{53E40CAD-F719-4ECA-B8A8-07E8C1AC03BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{54C47AFC-A5E4-4F5B-8290-E01B271EB3D1}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "{55570CA3-E872-4369-A401-3DD7A20E96DE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5733AD19-5296-473F-91EB-D9327CB1E96D}" = protocol=17 | dir=in | app=c:\users\sytox\appdata\local\apps\2.0\t8k9bjnw.y0k\pb93dp61.w0a\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe | "{5C31AA80-3D43-43C9-86B1-8982AF6841B2}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{5C7E3573-FC9C-4E07-84AB-DF104A23300D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5F70CCDD-FD2D-415D-B98B-AACB0F3D173A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{618B1D06-4642-4AC5-972A-5F9E6CFB64F3}" = protocol=6 | dir=in | app=c:\spiele\call of duty 4\iw3mp.exe | "{644D2911-A9DD-4708-A172-96146A91BD5E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{6563AC55-AEA2-42E1-A1AC-49E0B1E8CE95}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\blizzard downloader.exe | "{683C19E9-0071-4F36-BBB2-4A407C6A1274}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6E0A19D8-4CA8-4C96-8656-E1402B11247A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{7628250B-C380-4513-A661-07D9B2A1C323}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.0-engb-downloader.exe | "{7771749D-1AA2-4996-8953-BFA6BF4D32C5}" = protocol=6 | dir=in | app=c:\spiele\counter strike\steamapps\darkor309\counter-strike source\hl2.exe | "{77EF0379-5D1D-464E-8BD8-06814856FCD1}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | "{792E8FB1-5E80-487A-9F63-D0C4C44372B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7A2B6976-10B2-40AB-8AB3-27ECBBD576FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7A409485-94DD-4ACB-8F14-8E9BD2AA7123}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | "{7AAD2C17-6A77-4B6D-A91A-BAABEA51C9F9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7D09B6E1-CCD9-4874-B91B-35CBAF8D9FFD}" = protocol=6 | dir=in | app=c:\spiele\counter strike\steamapps\common\call of duty black ops\blackopsmp.exe | "{7F03F224-0E1D-4336-B9FA-BA70FCD698B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8157974B-931C-4694-9851-93121D1F21E8}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{81752652-68D9-412E-AFD4-0E110CDAB980}" = protocol=6 | dir=in | app=c:\users\sytox\appdata\local\apps\2.0\t8k9bjnw.y0k\pb93dp61.w0a\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe | "{8266B854-2BA9-431A-BBDE-2E6DAEF4E0B0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{828EE173-B968-497C-8D49-DD1BC4C1D5E8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-dede-ptr-downloader.exe | "{8615B199-916A-4FD7-8350-43CE8CBD1B49}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8B05E6F6-B0B3-4004-93B5-18D0E3A64FD7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8DD0EA61-2622-4C30-BE1F-8B66F4E91DEC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{8F1179C1-4D64-4FC8-B715-AAB38C74B4ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{917C0AAB-4029-4B20-8E4B-0A5ECBB4FD61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{933A1ADA-288A-4C0F-8DC8-9C6F247AC4E0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{96A8DC35-E7ED-4B38-8DEA-16729ED4238C}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | "{980ED37A-DCC0-4D81-AA47-A482F465ACEC}" = protocol=17 | dir=in | app=c:\users\sytox\appdata\local\apps\2.0\t8k9bjnw.y0k\pb93dp61.w0a\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe | "{99CF835C-5145-4D5D-B749-ECC6C3104425}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | "{9CEFF2D0-EF2C-4729-B089-016E69E0C00B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{9F89940F-4170-434D-9F46-F8C7B20DF94C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{A1A25C36-348D-4B56-8744-A15D83303C31}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{A3B3A682-E17D-40EE-9799-947C2E2C65D2}" = protocol=17 | dir=in | app=c:\spiele\counter strike\steamapps\common\call of duty black ops\blackopsmp.exe | "{A3BF3843-3564-44DD-9A73-086511993555}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A4DE3624-5A8F-4FD9-9A3C-A5A9279EC098}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A5F1B1B0-1CF4-4524-AEAE-D94C689B117D}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | "{A67BB223-A9D4-4DDA-A9CD-46B9F2E4DED0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-engb-ptr-downloader.exe | "{A976ADE3-DF20-443B-95FC-4A0CFB8AE271}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-engb-ptr-downloader.exe | "{A9D320E9-7583-4632-92D2-25761BE3F74C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AEFD35AF-8F0E-43E3-B7E8-AD5E19897F2A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-dede-ptr-downloader.exe | "{B1E535A9-4031-4280-97E0-0BC094F51207}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B2202080-347A-4E99-94C2-7A56941312DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B38AD427-D42D-4A02-B727-6E9C8FCA624B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B576A10A-9713-4D23-96AF-6AEB98B21473}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{B6C46844-F5EC-4C1C-AEAD-F482DD8C960B}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{B803F98C-C4C2-4190-8FD8-CC419DA941BF}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe | "{B86A086D-ED65-40F1-8E72-DA529325F754}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-dede-ptr-downloader.exe | "{BDE4E295-4950-4F6D-B870-81F263DA7831}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BDFAD867-9E4C-4639-8B83-5C53465B5CBD}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | "{C45BB013-27EE-4509-A7BC-27AF7F38A809}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C7CD6A5B-F6C2-4198-8CBB-9A6FCB665BEC}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\blizzard downloader.exe | "{C8604F8E-B7E3-436E-88E1-ED2B39EA2680}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C9AAF1A6-9CDA-46AD-B4B7-4AE8AF1D099D}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{CF0B96CA-7E4E-49B8-93F8-8C3E332D9692}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{CFEAE06D-BA89-43C4-B9AE-A15A08BB2653}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-dede-ptr-downloader.exe | "{D5AF1B23-A1AC-4592-8664-93C7C000D890}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | "{D630019C-0A6D-4876-AC82-B9AFF11EBDEC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{D6E8D44A-40DC-4126-9998-BF4861BD84E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D8F22957-AD8F-4A20-8690-57A0259480C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D92DB514-5C54-4E3C-B984-F57508EFDEF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DD6939D9-ABD6-43C9-A19E-F63480188857}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{ECBC67EF-16FE-481D-9C20-B6F84ECFCC9A}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.0-engb-downloader.exe | "{ECDB7ADA-1545-4F7A-BFBC-E1382DA0FD08}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EEAA943D-1F29-4A0D-A6F9-B5343944DE48}" = protocol=17 | dir=in | app=c:\spiele\counter strike\steamapps\common\call of duty black ops\blackops.exe | "{F29F3DA3-DEB9-42D7-A856-1B018FACD64D}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | "{F5BF9A14-0D8F-46CD-8990-14EF870C5089}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FC711C75-A1C5-4EED-861A-60493ABDD320}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{FD19B873-787A-4799-A154-2E66781E201F}" = protocol=17 | dir=in | app=c:\spiele\counter strike\steamapps\darkor309\counter-strike source\hl2.exe | "TCP Query User{011541A6-A976-45B7-AD79-F2928E09D872}C:\spiele\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\spiele\age of empires ii\empires2.exe | "TCP Query User{047AB2F7-3EB1-4F0C-8123-3E27E38010FA}C:\spiele\cod5\codwaw.exe" = protocol=6 | dir=in | app=c:\spiele\cod5\codwaw.exe | "TCP Query User{24F73A37-363E-4148-9B93-664EB5F7562E}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "TCP Query User{261C4228-E13A-4628-B72B-443EF2DFF7D0}C:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe | "TCP Query User{38283497-C90F-4353-B58B-87383F7C4C0D}C:\spiele\battlefield22\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\spiele\battlefield22\bf2_w32ded.exe | "TCP Query User{3F6534EC-E64A-4436-8458-5A9A8D67508D}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "TCP Query User{452D792F-AFA7-45E4-9676-8E802F6D9E6D}C:\spiele\cod5\codwawmp.exe" = protocol=6 | dir=in | app=c:\spiele\cod5\codwawmp.exe | "TCP Query User{4A78DDBD-9FAA-4867-B25C-03A75138AC5C}C:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe | "TCP Query User{651CCD1E-9995-4D9F-95A6-5B759F005CDB}C:\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "TCP Query User{7AC8AFD5-C27F-49C2-B5BB-26EDCFACA4EC}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{90737616-D10C-4843-B47D-80579FBF6426}E:\eigene dateien 2 patrick\spiele\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=e:\eigene dateien 2 patrick\spiele\call of duty 4\iw3mp.exe | "TCP Query User{A7B237F0-6FE2-4526-84D3-9DB17B63A1A7}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{AD1AB52E-FAF0-4405-AE8B-C8D880539175}C:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe | "TCP Query User{C7AF88EB-2283-4B7C-8E36-C9943D5D661A}C:\spiele\world of warcraft public test\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft public test\world of warcraft public test\launcher.exe | "TCP Query User{CFAD8BF5-4C55-4E4B-B8AA-1ECB2D64078B}C:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe | "TCP Query User{D7985307-77B0-4C56-B6FE-AE94046DBFA3}G:\games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=g:\games\mohaa\mohaa.exe | "TCP Query User{DE6A433D-4089-4BFF-9BDA-730638AE5FD0}C:\spiele\underground 2\speed2.exe" = protocol=6 | dir=in | app=c:\spiele\underground 2\speed2.exe | "TCP Query User{F43CB8AA-71D3-42A7-905E-33A43BADE23E}C:\spiele\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\spiele\age of empires ii\empires2.exe | "UDP Query User{1BE3B4A6-9AB8-44D0-BC2C-9DE120A7AF0A}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "UDP Query User{1F626C95-63CC-43B5-91C8-513D003B26F0}C:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe | "UDP Query User{21DC4D2F-457B-4648-B772-5BB5F2A95B92}C:\spiele\underground 2\speed2.exe" = protocol=17 | dir=in | app=c:\spiele\underground 2\speed2.exe | "UDP Query User{46BF79FA-2303-47F3-A7AD-DFC0C51C315D}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{64102834-2D78-49AA-B5B6-0FD3B3073173}C:\spiele\cod5\codwawmp.exe" = protocol=17 | dir=in | app=c:\spiele\cod5\codwawmp.exe | "UDP Query User{6468B26A-745A-463E-8446-389D4C90777C}C:\spiele\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\spiele\age of empires ii\empires2.exe | "UDP Query User{94E719F7-C95E-4089-90D5-F5485BE8CF4E}C:\spiele\cod5\codwaw.exe" = protocol=17 | dir=in | app=c:\spiele\cod5\codwaw.exe | "UDP Query User{98624AF6-A528-4215-87B9-A8E07C610038}C:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe | "UDP Query User{98FFB936-7C32-42BF-885F-73E261A5356F}C:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe | "UDP Query User{A6156513-B655-4809-8E76-52AD6152874C}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{A6A0F695-03B7-4327-BB41-0A586D3AE322}G:\games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=g:\games\mohaa\mohaa.exe | "UDP Query User{AD08902F-6B6A-40A1-9A33-6EAA64237FDE}C:\spiele\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\spiele\age of empires ii\empires2.exe | "UDP Query User{B2E1399C-F021-47C6-A9AD-6986E494BA2B}C:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe | "UDP Query User{C2E40A1E-B751-46E6-B5EC-909CC8347473}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{E9B26397-DD3B-4AAC-922D-BDF2EE6C8D16}C:\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "UDP Query User{EF4F76B6-9C16-49B0-BD56-C2ED0FAFE854}E:\eigene dateien 2 patrick\spiele\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=e:\eigene dateien 2 patrick\spiele\call of duty 4\iw3mp.exe | "UDP Query User{FBAECF86-1130-49B1-9358-709632844A78}C:\spiele\battlefield22\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\spiele\battlefield22\bf2_w32ded.exe | "UDP Query User{FE86234F-575C-4800-A8DA-78BF15211100}C:\spiele\world of warcraft public test\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft public test\world of warcraft public test\launcher.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{249E9ED4-1C67-4DA5-9E39-F0F09AFD93B7}" = Logitech QuickCam "{5800B5A7-176D-C773-7BA0-AABB25C57591}" = ATI Problem Report Wizard "{62803CAB-203F-6307-BCCE-27B5E5A01419}" = ccc-utility64 "{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{911C72E0-D841-BC96-C433-BE0DE64BFE35}" = ATI Catalyst Install Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CB5340E7-7745-7B18-1413-C14508C2AC2B}" = ATI AVIVO64 Codecs "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "6FAE10DFB240D4E907C9D4D0087112A6904F57BD" = Windows-Treiberpaket - Razer (CYUSB) USB (04/09/2009 3.4.0.110) "7F312C4D92824B1AD4C9D92C81F1BA2E6FE12592" = Windows-Treiberpaket - Freescale Semiconductor (WinUSB) USB (10/13/2007 6.00.2064) "BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0 "{04B989A5-70D0-3DDB-B88A-629F31D98814}" = CCC Help Korean "{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch "{06036CDA-6B67-1338-5886-9B7DEB2491C6}" = Catalyst Control Center Graphics Full New "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi "{1A46E1D3-0E8A-B75C-28A3-2DD05838A21B}" = CCC Help Italian "{1EF419E0-E1FC-2990-C86B-BBB15D51F057}" = Catalyst Control Center Graphics Full Existing "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23F612EA-0F86-472F-2DCE-5C82DDBCC148}" = CCC Help Greek "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12 "{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead "{2DB5CB5C-5EA0-D22D-5223-0B57A3A57525}" = CCC Help Czech "{3124232A-A9AB-2FAD-6462-454921EDDCDE}" = CCC Help Norwegian "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{36E3385E-CE9E-655F-81E3-CE7C70D74F84}" = Skins "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "{3D98AE11-B5A5-1EDB-F815-B1C2DA7BE1DB}" = Catalyst Control Center InstallProxy "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4363FE00-52E3-E8B5-58EE-1CB396D68000}" = CCC Help Russian "{46059418-BB80-F9D4-8DBC-813C28883022}" = CCC Help Chinese Standard "{4B1BD47B-51CF-0C0E-21AB-027B331EDFD5}" = CCC Help English "{4B6E9F7F-7DEE-8570-0FEB-305E000BB462}" = ccc-core-static "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{52FB9C98-2704-DAF1-8999-11EC1C14EB3C}" = Catalyst Control Center Localization All "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater "{553D7A1E-D263-FBF7-68E0-EA10865BC478}" = CCC Help Dutch "{581CE7EA-A30D-0000-1211-088635773309}" = MSI US54SE 802.11 b+g USB Stick "{58DBB693-BE6E-DA0F-42DE-3944FA9229F9}" = Catalyst Control Center HydraVision Full "{58F3E8F1-E7CE-B5E8-AF18-C1F1B7C6FB03}" = Catalyst Control Center Graphics Previews Vista "{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch "{6582B077-4BC5-3383-4F6D-1F0BC0279120}" = CCC Help Hungarian "{669B7CF5-FC58-AE3C-EDB1-3950A5E45920}" = Catalyst Control Center Graphics Previews Common "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C6ED584-9F75-4235-8718-1F35B59814E8}" = Mamba Firmware Updater 1.08.02 "{6E0D0ABC-22CF-8CBB-F3E9-14776A25AA82}" = CCC Help Japanese "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{74CCE403-68F5-7CC9-967B-976229BF5180}" = CCC Help Chinese Traditional "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CC15B5F-DDA9-43D6-E53F-EE0CCBC8DB1A}" = CCC Help Danish "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{80AA9FA1-CA39-FC76-D4CE-A5E6C659F4C7}" = CCC Help Portuguese "{81EC7A2F-EB36-44EB-A89D-C11A7D9A9EE8}" = Opera 10.00 "{82FB3E3F-1A3F-BBF2-0926-C92F6974EC91}" = Catalyst Control Center Graphics Light "{85F82863-A6DB-E29B-6B81-4A8582180679}" = CCC Help Thai "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2 "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{98A55952-7BE9-0869-A062-B6E402CCBF85}" = CCC Help Spanish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A68F5819-0EF7-72E5-41B4-F26EFC453553}" = CCC Help Finnish "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE8C262E-5DB4-C8AC-7DA2-DC88767653A1}" = HydraVision "{CF8C33F5-9279-5A08-7EA0-5624E6D5AD55}" = Catalyst Control Center Core Implementation "{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead "{D83BFF4C-FBB6-5A62-C27C-EF5612626205}" = CCC Help German "{E000847A-AA69-E617-B038-217F8995FC4A}" = CCC Help French "{E2300343-26C4-11DA-7E89-FD35E1C6FDDA}" = CCC Help Polish "{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock "{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch "{E59F4CC1-E338-7141-5B1C-1F4ADF371A87}" = CCC Help Swedish "{EC87E256-B0A4-4A41-8682-AB57FF21196D}" = SweetIM for Messenger 2.7 "{F00B33C1-9F1C-FEA5-52EF-EE612E498D8D}" = CCC Help Turkish "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AudioCS" = Creative Audio-Systemsteuerung "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Fragen-Lern-CD" = Fragen-Lern-CD "Fraps" = Fraps "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "FrostWire" = FrostWire 4.17.2 "ICQToolbar" = ICQ Toolbar "Icy Tower v1.3.1_is1" = Icy Tower v1.3.1 "InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McLoad Preinstaller" = McLoad Preinstaller "Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de) "MSI Live Update 3" = MSI Live Update 3 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.6.5 "PHPNukeDE Toolbar" = PHPNukeDE Toolbar "RivaTuner" = RivaTuner v2.24 "SpeedFan" = SpeedFan (remove only) "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Uninstall_is1" = Uninstall 1.0.0.1 "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.7 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "World of Warcraft" = World of Warcraft "Xfire" = Xfire (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013 Description = Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013 Description = Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013 Description = Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013 Description = Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013 Description = Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013 Description = Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013 Description = Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013 Description = Error - 27.04.2011 14:39:15 | Computer Name = Sytox-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Adobe_Flash_Player.exe, Version 1.7.8800.0, Zeitstempel 0x4d776bb8, fehlerhaftes Modul Adobe_Flash_Player.exe, Version 1.7.8800.0, Zeitstempel 0x4d776bb8, Ausnahmecode 0xc0000005, Fehleroffset 0x00001149, Prozess-ID 0x1504, Anwendungsstartzeit 01cc050a68677f30. Error - 27.04.2011 15:15:36 | Computer Name = Sytox-PC | Source = EventSystem | ID = 4609 Description = [ System Events ] Error - 27.04.2011 15:16:20 | Computer Name = Sytox-PC | Source = Service Control Manager | ID = 7001 Description = Error - 27.04.2011 15:16:20 | Computer Name = Sytox-PC | Source = Service Control Manager | ID = 7001 Description = Error - 27.04.2011 15:16:20 | Computer Name = Sytox-PC | Source = Service Control Manager | ID = 7026 Description = Error - 27.04.2011 15:40:08 | Computer Name = Sytox-PC | Source = HTTP | ID = 15016 Description = Error - 27.04.2011 15:42:18 | Computer Name = Sytox-PC | Source = Service Control Manager | ID = 7009 Description = Error - 27.04.2011 15:42:18 | Computer Name = Sytox-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27.04.2011 15:42:48 | Computer Name = Sytox-PC | Source = Service Control Manager | ID = 7009 Description = Error - 27.04.2011 15:42:50 | Computer Name = Sytox-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27.04.2011 15:43:04 | Computer Name = Sytox-PC | Source = DCOM | ID = 10010 Description = Error - 27.04.2011 15:43:20 | Computer Name = Sytox-PC | Source = DCOM | ID = 10010 Description = < End of report > hier noch der andere report Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6459 Windows 6.0.6001 Service Pack 1 (Safe Mode) Internet Explorer 7.0.6001.18000 27.04.2011 21:38:56 mbam-log-2011-04-27 (21-38-56).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 177928 Laufzeit: 3 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 4 Infizierte Verzeichnisse: 6 Infizierte Dateien: 16 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{C2B5AAB8-2183-4be7-81A6-F11493C45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2B5AAB8-2183-4BE7-81A6-F11493C45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2B5AAB8-2183-4BE7-81A6-F11493C45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JhhuFsgavhOku (Trojan.FakeAlert) -> Value: JhhuFsgavhOku -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDBPL (Trojan.Agent) -> Value: RTHDBPL -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus Plus (Rogue.AntivirusPlus) -> Value: AntiVirus Plus -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus Plus (Rogue.AntivirusPlus) -> Value: AntiVirus Plus -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (userinit.exeC:\Users\Sytox\AppData\Roaming\appconf32.exe,C:\Users\Sytox\AppData\Roaming\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: c:\Users\Sytox\AppData\Roaming\systemproc (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files (x86)\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d} (Trojan.Swisyn) -> Quarantined and deleted successfully. c:\program files (x86)\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully. c:\program files (x86)\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\antivirus plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully. c:\Users\Sytox\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\jhhufsgavhoku.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Sytox\AppData\Local\Temp\0.18075887273448632.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Users\Sytox\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Sytox\AppData\Local\Temp\ie1727.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Sytox\AppData\Local\Temp\ie4580.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Sytox\AppData\Local\Temp\ie7666.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Sytox\AppData\Local\Temp\ieB916.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Sytox\AppData\Local\Temp\ldr30c3.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Sytox\AppData\Roaming\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully. c:\Users\Sytox\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\antivirus plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully. c:\Users\Sytox\AppData\Local\Temp\0.5080010986389739.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\program files (x86)\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully. c:\program files (x86)\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully. c:\program files (x86)\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully. c:\Users\Sytox\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus plus\antivirus plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully. c:\Users\Sytox\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully. kann mir keiner weiterhelfen ? |
28.04.2011, 19:57 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | wiedermal ein TR/Kazy.mekml.1 problem..Zitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
Themen zu wiedermal ein TR/Kazy.mekml.1 problem.. |
betriebssystem, black, call of duty, counter-strike source, cpu-z, daten, disabletaskmgr, eingefangen, explorer, festplatte, festplatten, gelöscht, gen, install.exe, keine programme, location, maleware, microsoft, nichts, oldtimer, platte, problem, programm, programme, saver, schonmal, schwarz, shell32.dll, shortcut, skype.exe, software, start menu, studio, sweetim, syswow64, taskleiste, torrent.exe, tower, trojan.swisyn, unhide, version, vista, vista 64 bit, windows, windows vista, ändern |