heyho,
nachdem ich mir die maleware eingefangen habe is erstmal alles schwarz am desk geworden & es sind festplatten errors gekommen, bis sich der pc heruntergefahren hat
ich habe dann erstmal unhide gezocken, das durchlaufen lassen - anschließend das "Malewarebytes Anti-Maleware" Programm durchlaufen lassen, hat auch was gefunden und ich habs wie in der beschreibung gelöscht, ergebniss von dem ganzen: meine daten sind soweit ich nichts vergessen habe alle vorhanden aber ich seh z.B in der taskleiste keine programme usw. was ich aber fürn problem habe ich finde : HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
nicht in meiner reg damit ich den wert wie beschrieben von 1 auf 0 ändern kann, habe windows vista 64 bit als betriebssystem
danke schonmal im vorraus für eure hilfe ;)OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 27.04.2011 22:26:41 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sytox\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 66,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 22,98 Gb Free Space | 9,87% Space Free | Partition Type: NTFS
Drive D: | 581,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 931,51 Gb Total Space | 882,20 Gb Free Space | 94,71% Space Free | Partition Type: NTFS
Computer Name: SYTOX-PC | User Name: Sytox | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 4C 36 ED FB A3 AC C9 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F42EFE-996C-4AA7-89B9-F15A6971A227}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0852B73A-066D-4D16-9A05-59EDEC1521C8}" = rport=138 | protocol=17 | dir=out | app=system |
"{0C85992B-58C7-4889-A4CF-195E7F5D83F8}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{0EA2F1E8-6B0A-4C3E-A8E4-7AD67A6C983A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{213B48DF-B6FA-434A-9827-D41EA4C62241}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{21A63B93-C556-4080-9951-9F7A95D3D852}" = lport=2869 | protocol=6 | dir=in | app=system |
"{228BC878-4CE4-42EE-9BD5-90AB62BE8DC1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2ACA5CD2-0B46-4272-8457-3735B0F16F98}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{2F331542-19EE-40F0-B581-BEBF5B0133AB}" = lport=139 | protocol=6 | dir=in | app=system |
"{31F6ACE2-8AE1-43DA-B47A-EFEED3EF070D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{47DA1FB3-EB35-49DD-A6FD-EEA0165865B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49523087-C2C5-401C-9938-C34E744A1B17}" = lport=137 | protocol=17 | dir=in | app=system |
"{5FC6B2EB-ED0B-4E04-ACD8-9CE64F3C6445}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{699ACE5E-88C1-42EE-BB0B-11EE3410E9E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{732DFA42-D032-4204-91B8-CC7714728FC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9216DE04-FC8C-4FB3-97C7-0BCE0541F917}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{95B8B2C8-3892-42C0-B9D2-8FDB14E41F36}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B476F5CD-75FA-45B7-A053-FE7754F20B41}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B860521B-AB1F-4720-94F5-F968ED63A4F8}" = rport=2869 | protocol=6 | dir=out | app=system |
"{BC6B65E7-ABE0-4D0C-A01D-12904F302080}" = lport=138 | protocol=17 | dir=in | app=system |
"{BEC859D1-B280-4C0D-AA78-835227C3C481}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C263E5C8-0ECC-4982-AF09-E490D47DCB73}" = rport=445 | protocol=6 | dir=out | app=system |
"{D3D2638A-D00A-44FD-B066-9F7589B8AC01}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D673F520-AFA2-4957-9F0F-1B9BF0856DF1}" = rport=139 | protocol=6 | dir=out | app=system |
"{EC210FCE-38DB-4CCB-AF6F-B2A8E7F8A0EB}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC2F530B-C51C-4D46-886B-102C6FFA601A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEF856CD-EC46-4416-8D08-4F8B8B53AC82}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F081C8F0-0049-41B0-8577-73B2D4E8C74D}" = rport=137 | protocol=17 | dir=out | app=system |
"{F5A38E21-1FF1-446D-9765-BA3B770E4E37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{FDD0A7E3-FD1F-4C69-97A6-504E9829C075}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050D0FDC-FB94-4F04-87C8-35F28D6FCA4B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{058163B1-3E66-47B0-901A-BD71266B95FE}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{06CCD89F-9439-46AB-9703-925D2693CD42}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-dede-ptr-downloader.exe |
"{081A09FD-4CA0-46C4-95C3-C0A9F34CDF72}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{0840876C-5F5C-42B9-B7A6-6910B60C922C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0AD7C2E3-BB70-4C29-BBBF-DD312B863E74}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0EDB464D-B7C0-4B78-B484-E08A6B76056C}" = protocol=17 | dir=in | app=c:\spiele\call of duty 4\iw3mp.exe |
"{114547F4-7387-4D55-BC2C-C562C97F719E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-dede-ptr-downloader.exe |
"{1428586A-E83B-4E38-B21F-26A6C821F1EB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{147AEED1-D45A-4F29-B820-D12954AC8269}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{15F97655-D8E6-4246-B562-A67BA4B6CDBC}" = protocol=6 | dir=in | app=c:\spiele\counter strike\steamapps\darkor309\counter-strike source\hl2.exe |
"{1A259C5E-3A91-48CA-8C24-6A2D9F371FD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B77C443-1F73-4FC5-9CFB-E4A7D0000C52}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-dede-ptr-downloader.exe |
"{1E0CAFDD-E9D6-4B18-B396-982E622788BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1EF9015E-7767-4092-A461-C7A309C4094D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{20D3DBBB-3E57-4279-9EDB-7F24FA8C080C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{25915D89-78E5-44B4-A1F3-7274903F572C}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{273B091C-622E-40FA-AAAB-BBA42FA4EBBC}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe |
"{27D74083-EC78-423E-A2A8-1404C0204FF7}" = protocol=6 | dir=in | app=c:\spiele\counter strike\steamapps\common\call of duty black ops\blackops.exe |
"{2F98266E-BCDC-48E0-8C86-5183E48BB012}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"{35B651A9-6F84-44CE-9A15-423785A61743}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38643CB0-1B52-4EE4-BBD0-800D1CD82C0E}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe |
"{3C3BBD64-3054-4F3F-8DB4-D2DA66FC8E56}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{3E6762CF-56D2-4EDB-9000-483DB127C302}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3FC4A1FD-E999-46DD-BAAB-19751CD598DF}" = protocol=17 | dir=in | app=c:\spiele\counter strike\steamapps\darkor309\counter-strike source\hl2.exe |
"{40B10B3F-7F10-4CAB-9B0E-34300223C1FC}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{40EF980E-95BD-46E9-A4F5-133AA5681AD1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{45979232-7DA8-4AC5-A5EE-A4DF67B892D7}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{45D3C999-657A-4F7E-8189-5566819C44A3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{46FE8400-FFD3-4B4D-B159-1B23D81235B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4A62A389-F127-4E3A-865C-A25B61DDAC15}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{4D402A1F-299F-441A-A8A1-A9E9BA43E2AB}" = protocol=6 | dir=in | app=c:\users\sytox\appdata\local\apps\2.0\t8k9bjnw.y0k\pb93dp61.w0a\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{4ECD38C4-4F82-424D-A987-8ADC034C839F}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\backgrounddownloader.exe |
"{525BA602-F5AD-415A-96B5-7F96C7D79C8F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{538A4FFB-B3F9-49DE-9000-31375FAA625C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-dede-ptr-downloader.exe |
"{53CD8D99-1CEB-4A14-806E-1E207917E6EF}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\backgrounddownloader.exe |
"{53E40CAD-F719-4ECA-B8A8-07E8C1AC03BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{54C47AFC-A5E4-4F5B-8290-E01B271EB3D1}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{55570CA3-E872-4369-A401-3DD7A20E96DE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5733AD19-5296-473F-91EB-D9327CB1E96D}" = protocol=17 | dir=in | app=c:\users\sytox\appdata\local\apps\2.0\t8k9bjnw.y0k\pb93dp61.w0a\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{5C31AA80-3D43-43C9-86B1-8982AF6841B2}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{5C7E3573-FC9C-4E07-84AB-DF104A23300D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5F70CCDD-FD2D-415D-B98B-AACB0F3D173A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{618B1D06-4642-4AC5-972A-5F9E6CFB64F3}" = protocol=6 | dir=in | app=c:\spiele\call of duty 4\iw3mp.exe |
"{644D2911-A9DD-4708-A172-96146A91BD5E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{6563AC55-AEA2-42E1-A1AC-49E0B1E8CE95}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\blizzard downloader.exe |
"{683C19E9-0071-4F36-BBB2-4A407C6A1274}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6E0A19D8-4CA8-4C96-8656-E1402B11247A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{7628250B-C380-4513-A661-07D9B2A1C323}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{7771749D-1AA2-4996-8953-BFA6BF4D32C5}" = protocol=6 | dir=in | app=c:\spiele\counter strike\steamapps\darkor309\counter-strike source\hl2.exe |
"{77EF0379-5D1D-464E-8BD8-06814856FCD1}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{792E8FB1-5E80-487A-9F63-D0C4C44372B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7A2B6976-10B2-40AB-8AB3-27ECBBD576FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7A409485-94DD-4ACB-8F14-8E9BD2AA7123}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{7AAD2C17-6A77-4B6D-A91A-BAABEA51C9F9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7D09B6E1-CCD9-4874-B91B-35CBAF8D9FFD}" = protocol=6 | dir=in | app=c:\spiele\counter strike\steamapps\common\call of duty black ops\blackopsmp.exe |
"{7F03F224-0E1D-4336-B9FA-BA70FCD698B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8157974B-931C-4694-9851-93121D1F21E8}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{81752652-68D9-412E-AFD4-0E110CDAB980}" = protocol=6 | dir=in | app=c:\users\sytox\appdata\local\apps\2.0\t8k9bjnw.y0k\pb93dp61.w0a\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{8266B854-2BA9-431A-BBDE-2E6DAEF4E0B0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{828EE173-B968-497C-8D49-DD1BC4C1D5E8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-dede-ptr-downloader.exe |
"{8615B199-916A-4FD7-8350-43CE8CBD1B49}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8B05E6F6-B0B3-4004-93B5-18D0E3A64FD7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8DD0EA61-2622-4C30-BE1F-8B66F4E91DEC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{8F1179C1-4D64-4FC8-B715-AAB38C74B4ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{917C0AAB-4029-4B20-8E4B-0A5ECBB4FD61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{933A1ADA-288A-4C0F-8DC8-9C6F247AC4E0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{96A8DC35-E7ED-4B38-8DEA-16729ED4238C}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{980ED37A-DCC0-4D81-AA47-A482F465ACEC}" = protocol=17 | dir=in | app=c:\users\sytox\appdata\local\apps\2.0\t8k9bjnw.y0k\pb93dp61.w0a\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{99CF835C-5145-4D5D-B749-ECC6C3104425}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{9CEFF2D0-EF2C-4729-B089-016E69E0C00B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{9F89940F-4170-434D-9F46-F8C7B20DF94C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{A1A25C36-348D-4B56-8744-A15D83303C31}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{A3B3A682-E17D-40EE-9799-947C2E2C65D2}" = protocol=17 | dir=in | app=c:\spiele\counter strike\steamapps\common\call of duty black ops\blackopsmp.exe |
"{A3BF3843-3564-44DD-9A73-086511993555}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A4DE3624-5A8F-4FD9-9A3C-A5A9279EC098}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A5F1B1B0-1CF4-4524-AEAE-D94C689B117D}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe |
"{A67BB223-A9D4-4DDA-A9CD-46B9F2E4DED0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-engb-ptr-downloader.exe |
"{A976ADE3-DF20-443B-95FC-4A0CFB8AE271}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-engb-ptr-downloader.exe |
"{A9D320E9-7583-4632-92D2-25761BE3F74C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AEFD35AF-8F0E-43E3-B7E8-AD5E19897F2A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-dede-ptr-downloader.exe |
"{B1E535A9-4031-4280-97E0-0BC094F51207}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B2202080-347A-4E99-94C2-7A56941312DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B38AD427-D42D-4A02-B727-6E9C8FCA624B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B576A10A-9713-4D23-96AF-6AEB98B21473}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{B6C46844-F5EC-4C1C-AEAD-F482DD8C960B}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{B803F98C-C4C2-4190-8FD8-CC419DA941BF}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe |
"{B86A086D-ED65-40F1-8E72-DA529325F754}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-dede-ptr-downloader.exe |
"{BDE4E295-4950-4F6D-B870-81F263DA7831}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BDFAD867-9E4C-4639-8B83-5C53465B5CBD}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"{C45BB013-27EE-4509-A7BC-27AF7F38A809}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C7CD6A5B-F6C2-4198-8CBB-9A6FCB665BEC}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\blizzard downloader.exe |
"{C8604F8E-B7E3-436E-88E1-ED2B39EA2680}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C9AAF1A6-9CDA-46AD-B4B7-4AE8AF1D099D}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{CF0B96CA-7E4E-49B8-93F8-8C3E332D9692}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{CFEAE06D-BA89-43C4-B9AE-A15A08BB2653}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-dede-ptr-downloader.exe |
"{D5AF1B23-A1AC-4592-8664-93C7C000D890}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{D630019C-0A6D-4876-AC82-B9AFF11EBDEC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{D6E8D44A-40DC-4126-9998-BF4861BD84E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D8F22957-AD8F-4A20-8690-57A0259480C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D92DB514-5C54-4E3C-B984-F57508EFDEF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DD6939D9-ABD6-43C9-A19E-F63480188857}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ECBC67EF-16FE-481D-9C20-B6F84ECFCC9A}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{ECDB7ADA-1545-4F7A-BFBC-E1382DA0FD08}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EEAA943D-1F29-4A0D-A6F9-B5343944DE48}" = protocol=17 | dir=in | app=c:\spiele\counter strike\steamapps\common\call of duty black ops\blackops.exe |
"{F29F3DA3-DEB9-42D7-A856-1B018FACD64D}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{F5BF9A14-0D8F-46CD-8990-14EF870C5089}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FC711C75-A1C5-4EED-861A-60493ABDD320}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{FD19B873-787A-4799-A154-2E66781E201F}" = protocol=17 | dir=in | app=c:\spiele\counter strike\steamapps\darkor309\counter-strike source\hl2.exe |
"TCP Query User{011541A6-A976-45B7-AD79-F2928E09D872}C:\spiele\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\spiele\age of empires ii\empires2.exe |
"TCP Query User{047AB2F7-3EB1-4F0C-8123-3E27E38010FA}C:\spiele\cod5\codwaw.exe" = protocol=6 | dir=in | app=c:\spiele\cod5\codwaw.exe |
"TCP Query User{24F73A37-363E-4148-9B93-664EB5F7562E}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{261C4228-E13A-4628-B72B-443EF2DFF7D0}C:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"TCP Query User{38283497-C90F-4353-B58B-87383F7C4C0D}C:\spiele\battlefield22\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\spiele\battlefield22\bf2_w32ded.exe |
"TCP Query User{3F6534EC-E64A-4436-8458-5A9A8D67508D}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{452D792F-AFA7-45E4-9676-8E802F6D9E6D}C:\spiele\cod5\codwawmp.exe" = protocol=6 | dir=in | app=c:\spiele\cod5\codwawmp.exe |
"TCP Query User{4A78DDBD-9FAA-4867-B25C-03A75138AC5C}C:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"TCP Query User{651CCD1E-9995-4D9F-95A6-5B759F005CDB}C:\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"TCP Query User{7AC8AFD5-C27F-49C2-B5BB-26EDCFACA4EC}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{90737616-D10C-4843-B47D-80579FBF6426}E:\eigene dateien 2 patrick\spiele\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=e:\eigene dateien 2 patrick\spiele\call of duty 4\iw3mp.exe |
"TCP Query User{A7B237F0-6FE2-4526-84D3-9DB17B63A1A7}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{AD1AB52E-FAF0-4405-AE8B-C8D880539175}C:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe |
"TCP Query User{C7AF88EB-2283-4B7C-8E36-C9943D5D661A}C:\spiele\world of warcraft public test\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft public test\world of warcraft public test\launcher.exe |
"TCP Query User{CFAD8BF5-4C55-4E4B-B8AA-1ECB2D64078B}C:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe |
"TCP Query User{D7985307-77B0-4C56-B6FE-AE94046DBFA3}G:\games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=g:\games\mohaa\mohaa.exe |
"TCP Query User{DE6A433D-4089-4BFF-9BDA-730638AE5FD0}C:\spiele\underground 2\speed2.exe" = protocol=6 | dir=in | app=c:\spiele\underground 2\speed2.exe |
"TCP Query User{F43CB8AA-71D3-42A7-905E-33A43BADE23E}C:\spiele\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\spiele\age of empires ii\empires2.exe |
"UDP Query User{1BE3B4A6-9AB8-44D0-BC2C-9DE120A7AF0A}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{1F626C95-63CC-43B5-91C8-513D003B26F0}C:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"UDP Query User{21DC4D2F-457B-4648-B772-5BB5F2A95B92}C:\spiele\underground 2\speed2.exe" = protocol=17 | dir=in | app=c:\spiele\underground 2\speed2.exe |
"UDP Query User{46BF79FA-2303-47F3-A7AD-DFC0C51C315D}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{64102834-2D78-49AA-B5B6-0FD3B3073173}C:\spiele\cod5\codwawmp.exe" = protocol=17 | dir=in | app=c:\spiele\cod5\codwawmp.exe |
"UDP Query User{6468B26A-745A-463E-8446-389D4C90777C}C:\spiele\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\spiele\age of empires ii\empires2.exe |
"UDP Query User{94E719F7-C95E-4089-90D5-F5485BE8CF4E}C:\spiele\cod5\codwaw.exe" = protocol=17 | dir=in | app=c:\spiele\cod5\codwaw.exe |
"UDP Query User{98624AF6-A528-4215-87B9-A8E07C610038}C:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe |
"UDP Query User{98FFB936-7C32-42BF-885F-73E261A5356F}C:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe |
"UDP Query User{A6156513-B655-4809-8E76-52AD6152874C}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{A6A0F695-03B7-4327-BB41-0A586D3AE322}G:\games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=g:\games\mohaa\mohaa.exe |
"UDP Query User{AD08902F-6B6A-40A1-9A33-6EAA64237FDE}C:\spiele\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\spiele\age of empires ii\empires2.exe |
"UDP Query User{B2E1399C-F021-47C6-A9AD-6986E494BA2B}C:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"UDP Query User{C2E40A1E-B751-46E6-B5EC-909CC8347473}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{E9B26397-DD3B-4AAC-922D-BDF2EE6C8D16}C:\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"UDP Query User{EF4F76B6-9C16-49B0-BD56-C2ED0FAFE854}E:\eigene dateien 2 patrick\spiele\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=e:\eigene dateien 2 patrick\spiele\call of duty 4\iw3mp.exe |
"UDP Query User{FBAECF86-1130-49B1-9358-709632844A78}C:\spiele\battlefield22\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\spiele\battlefield22\bf2_w32ded.exe |
"UDP Query User{FE86234F-575C-4800-A8DA-78BF15211100}C:\spiele\world of warcraft public test\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft public test\world of warcraft public test\launcher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{249E9ED4-1C67-4DA5-9E39-F0F09AFD93B7}" = Logitech QuickCam
"{5800B5A7-176D-C773-7BA0-AABB25C57591}" = ATI Problem Report Wizard
"{62803CAB-203F-6307-BCCE-27B5E5A01419}" = ccc-utility64
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{911C72E0-D841-BC96-C433-BE0DE64BFE35}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB5340E7-7745-7B18-1413-C14508C2AC2B}" = ATI AVIVO64 Codecs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"6FAE10DFB240D4E907C9D4D0087112A6904F57BD" = Windows-Treiberpaket - Razer (CYUSB) USB (04/09/2009 3.4.0.110)
"7F312C4D92824B1AD4C9D92C81F1BA2E6FE12592" = Windows-Treiberpaket - Freescale Semiconductor (WinUSB) USB (10/13/2007 6.00.2064)
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{04B989A5-70D0-3DDB-B88A-629F31D98814}" = CCC Help Korean
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{06036CDA-6B67-1338-5886-9B7DEB2491C6}" = Catalyst Control Center Graphics Full New
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1A46E1D3-0E8A-B75C-28A3-2DD05838A21B}" = CCC Help Italian
"{1EF419E0-E1FC-2990-C86B-BBB15D51F057}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23F612EA-0F86-472F-2DCE-5C82DDBCC148}" = CCC Help Greek
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{2DB5CB5C-5EA0-D22D-5223-0B57A3A57525}" = CCC Help Czech
"{3124232A-A9AB-2FAD-6462-454921EDDCDE}" = CCC Help Norwegian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{36E3385E-CE9E-655F-81E3-CE7C70D74F84}" = Skins
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3D98AE11-B5A5-1EDB-F815-B1C2DA7BE1DB}" = Catalyst Control Center InstallProxy
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4363FE00-52E3-E8B5-58EE-1CB396D68000}" = CCC Help Russian
"{46059418-BB80-F9D4-8DBC-813C28883022}" = CCC Help Chinese Standard
"{4B1BD47B-51CF-0C0E-21AB-027B331EDFD5}" = CCC Help English
"{4B6E9F7F-7DEE-8570-0FEB-305E000BB462}" = ccc-core-static
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52FB9C98-2704-DAF1-8999-11EC1C14EB3C}" = Catalyst Control Center Localization All
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{553D7A1E-D263-FBF7-68E0-EA10865BC478}" = CCC Help Dutch
"{581CE7EA-A30D-0000-1211-088635773309}" = MSI US54SE 802.11 b+g USB Stick
"{58DBB693-BE6E-DA0F-42DE-3944FA9229F9}" = Catalyst Control Center HydraVision Full
"{58F3E8F1-E7CE-B5E8-AF18-C1F1B7C6FB03}" = Catalyst Control Center Graphics Previews Vista
"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"{6582B077-4BC5-3383-4F6D-1F0BC0279120}" = CCC Help Hungarian
"{669B7CF5-FC58-AE3C-EDB1-3950A5E45920}" = Catalyst Control Center Graphics Previews Common
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C6ED584-9F75-4235-8718-1F35B59814E8}" = Mamba Firmware Updater 1.08.02
"{6E0D0ABC-22CF-8CBB-F3E9-14776A25AA82}" = CCC Help Japanese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{74CCE403-68F5-7CC9-967B-976229BF5180}" = CCC Help Chinese Traditional
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC15B5F-DDA9-43D6-E53F-EE0CCBC8DB1A}" = CCC Help Danish
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{80AA9FA1-CA39-FC76-D4CE-A5E6C659F4C7}" = CCC Help Portuguese
"{81EC7A2F-EB36-44EB-A89D-C11A7D9A9EE8}" = Opera 10.00
"{82FB3E3F-1A3F-BBF2-0926-C92F6974EC91}" = Catalyst Control Center Graphics Light
"{85F82863-A6DB-E29B-6B81-4A8582180679}" = CCC Help Thai
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98A55952-7BE9-0869-A062-B6E402CCBF85}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A68F5819-0EF7-72E5-41B4-F26EFC453553}" = CCC Help Finnish
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE8C262E-5DB4-C8AC-7DA2-DC88767653A1}" = HydraVision
"{CF8C33F5-9279-5A08-7EA0-5624E6D5AD55}" = Catalyst Control Center Core Implementation
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"{D83BFF4C-FBB6-5A62-C27C-EF5612626205}" = CCC Help German
"{E000847A-AA69-E617-B038-217F8995FC4A}" = CCC Help French
"{E2300343-26C4-11DA-7E89-FD35E1C6FDDA}" = CCC Help Polish
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"{E59F4CC1-E338-7141-5B1C-1F4ADF371A87}" = CCC Help Swedish
"{EC87E256-B0A4-4A41-8682-AB57FF21196D}" = SweetIM for Messenger 2.7
"{F00B33C1-9F1C-FEA5-52EF-EE612E498D8D}" = CCC Help Turkish
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fragen-Lern-CD" = Fragen-Lern-CD
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"FrostWire" = FrostWire 4.17.2
"ICQToolbar" = ICQ Toolbar
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McLoad Preinstaller" = McLoad Preinstaller
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"MSI Live Update 3" = MSI Live Update 3
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.6.5
"PHPNukeDE Toolbar" = PHPNukeDE Toolbar
"RivaTuner" = RivaTuner v2.24
"SpeedFan" = SpeedFan (remove only)
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.04.2011 14:10:01 | Computer Name = Sytox-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.04.2011 14:39:15 | Computer Name = Sytox-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Adobe_Flash_Player.exe, Version 1.7.8800.0,
Zeitstempel 0x4d776bb8, fehlerhaftes Modul Adobe_Flash_Player.exe, Version 1.7.8800.0,
Zeitstempel 0x4d776bb8, Ausnahmecode 0xc0000005, Fehleroffset 0x00001149, Prozess-ID
0x1504, Anwendungsstartzeit 01cc050a68677f30.
Error - 27.04.2011 15:15:36 | Computer Name = Sytox-PC | Source = EventSystem | ID = 4609
Description =
[ System Events ]
Error - 27.04.2011 15:16:20 | Computer Name = Sytox-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27.04.2011 15:16:20 | Computer Name = Sytox-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27.04.2011 15:16:20 | Computer Name = Sytox-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.04.2011 15:40:08 | Computer Name = Sytox-PC | Source = HTTP | ID = 15016
Description =
Error - 27.04.2011 15:42:18 | Computer Name = Sytox-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 27.04.2011 15:42:18 | Computer Name = Sytox-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.04.2011 15:42:48 | Computer Name = Sytox-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 27.04.2011 15:42:50 | Computer Name = Sytox-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.04.2011 15:43:04 | Computer Name = Sytox-PC | Source = DCOM | ID = 10010
Description =
Error - 27.04.2011 15:43:20 | Computer Name = Sytox-PC | Source = DCOM | ID = 10010
Description =
< End of report >
--- --- ---
hier noch der andere report
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6459
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000
27.04.2011 21:38:56
mbam-log-2011-04-27 (21-38-56).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 177928
Laufzeit: 3 Minute(n), 18 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 6
Infizierte Dateien: 16
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{C2B5AAB8-2183-4be7-81A6-F11493C45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2B5AAB8-2183-4BE7-81A6-F11493C45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2B5AAB8-2183-4BE7-81A6-F11493C45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JhhuFsgavhOku (Trojan.FakeAlert) -> Value: JhhuFsgavhOku -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDBPL (Trojan.Agent) -> Value: RTHDBPL -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus Plus (Rogue.AntivirusPlus) -> Value: AntiVirus Plus -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus Plus (Rogue.AntivirusPlus) -> Value: AntiVirus Plus -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (userinit.exeC:\Users\Sytox\AppData\Roaming\appconf32.exe,C:\Users\Sytox\AppData\Roaming\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
c:\Users\Sytox\AppData\Roaming\systemproc (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d} (Trojan.Swisyn) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\antivirus plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\Users\Sytox\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\programdata\jhhufsgavhoku.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Sytox\AppData\Local\Temp\0.18075887273448632.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\Sytox\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Sytox\AppData\Local\Temp\ie1727.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Sytox\AppData\Local\Temp\ie4580.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Sytox\AppData\Local\Temp\ie7666.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Sytox\AppData\Local\Temp\ieB916.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Sytox\AppData\Local\Temp\ldr30c3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Sytox\AppData\Roaming\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\Users\Sytox\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\antivirus plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\Users\Sytox\AppData\Local\Temp\0.5080010986389739.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{8ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully.
c:\Users\Sytox\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus plus\antivirus plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\Users\Sytox\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
kann mir keiner weiterhelfen ?
