|
Plagegeister aller Art und deren Bekämpfung: myStart-Problem unsicher ob wirklich behobenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.11.2012, 21:29 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | myStart-Problem unsicher ob wirklich behoben Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
11.11.2012, 21:52 | #17 |
| myStart-Problem unsicher ob wirklich behoben OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 11.11.2012 21:36:17 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Allgemein\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,65 Gb Available Physical Memory | 83,31% Memory free 15,96 Gb Paging File | 13,94 Gb Available in Paging File | 87,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 243,55 Gb Free Space | 52,30% Space Free | Partition Type: NTFS Drive D: | 2,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: *****-PC | User Name: *****| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Allgemein\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe () PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Users\Allgemein\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Programme\My Lockbox\mylbx.exe (FSPro Labs) PRC - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe () PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe () PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe () PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\Razer\Arctosa\razerhid.exe (Razer USA Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll () MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll () MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll () MOD - C:\Programme\My Lockbox\FSPFlt.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe () SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe () SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (AiChargerPlus) -- C:\Windows\SysNative\drivers\AiChargerPlus.sys (ASUSTek Computer Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (FSProFilter) -- C:\Windows\SysNative\drivers\FSPFltd.sys (FSPro Labs) DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek ) DRV:64bit: - (TEAM) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation) DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation) DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 D1 A2 AB DF 2A CD 01 [binary data] IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-333205402-440210070-1915747329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-333205402-440210070-1915747329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-333205402-440210070-1915747329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 D8 89 DC 2C B9 CD 01 [binary data] IE - HKU\S-1-5-21-333205402-440210070-1915747329-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-333205402-440210070-1915747329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.4 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.02 19:16:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.22 11:28:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2012.11.09 17:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\97xtdero.default\extensions [2012.11.02 19:16:52 | 000,000,000 | ---D | M] (WOT) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\97xtdero.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.02 18:54:02 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\97xtdero.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.09.10 13:10:47 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\97xtdero.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.31 23:20:51 | 000,002,112 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\97xtdero.default\searchplugins\wot-safe-search.xml [2012.05.17 14:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.23 00:07:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.23 00:07:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.23 00:07:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.23 00:07:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.23 00:07:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.30 22:02:14 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml [2012.09.23 00:07:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.23 00:07:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Arctosa] C:\Program Files (x86)\Razer\Arctosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-333205402-440210070-1915747329-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-21-333205402-440210070-1915747329-1001..\Run: [Spotify Web Helper] C:\Users\Allgemein\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4:64bit: - HKLM..\RunOnce: [*Restore] C:\Windows\SysNative\rstrui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-333205402-440210070-1915747329-1000..\RunOnce: [Report] \AdwCleaner[S1].txt File not found O4 - Startup: C:\Users\Allgemein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00DAEF2-731D-4D10-911E-02639871DBF6}: NameServer = 192.168.211.11 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.02 20:19:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2012.11.02 20:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.02 20:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.02 20:18:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.02 20:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.02 18:40:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\yolobartb [2012.11.02 16:26:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft [2012.11.01 00:32:01 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.11.01 00:32:01 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.11.01 00:32:01 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.11.01 00:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC [2012.11.01 00:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola [2012.11.01 00:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.10.31 23:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2012.10.31 23:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2012.10.31 23:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2012.10.31 23:26:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Downloaded Installations [2012.10.31 23:18:34 | 000,000,000 | ---D | C] -- C:\Temp [2012.10.20 16:47:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Dropbox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.11 21:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.11 21:11:32 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.11 21:11:32 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.11 20:56:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.11 11:29:15 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.11 11:29:15 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.11 11:29:15 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.11 11:29:15 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.11 11:29:15 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.11 11:23:07 | 2131,857,407 | -HS- | M] () -- C:\hiberfil.sys [2012.11.10 16:06:07 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.11.10 16:06:07 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.11.09 17:18:04 | 000,001,376 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.11.01 00:28:17 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync Manager.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.01 00:28:17 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync Manager.lnk [2012.09.26 10:11:00 | 000,001,376 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.06.17 23:25:04 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2012.06.17 23:25:04 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2012.03.23 20:41:45 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.23 20:41:44 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.22 12:00:30 | 005,325,856 | ---- | C] () -- C:\Windows\PE_File.dll [2012.03.22 11:54:20 | 005,260,320 | ---- | C] () -- C:\Windows\PE_Rom.dll [2012.03.22 11:42:45 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.03.22 11:42:44 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.03.22 11:16:31 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.22 11:12:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.03.22 10:56:02 | 000,036,968 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.03.22 10:52:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.03.22 10:52:47 | 000,028,651 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.11.2012 21:36:19 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Allgemein\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,65 Gb Available Physical Memory | 83,31% Memory free 15,96 Gb Paging File | 13,94 Gb Available in Paging File | 87,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 243,55 Gb Free Space | 52,30% Space Free | Partition Type: NTFS Drive D: | 2,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-333205402-440210070-1915747329-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-333205402-440210070-1915747329-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{212AFD13-727E-4676-9FFB-B3BA05A0F94D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2C3E1FC7-698C-4EF3-A298-BF4C05FF3EAE}" = lport=138 | protocol=17 | dir=in | app=system | "{4EC9F782-AB27-4090-9362-3AC9B9E6C764}" = lport=445 | protocol=6 | dir=in | app=system | "{5EAFCC5E-F8C2-4C6B-92BA-116389710F8D}" = lport=137 | protocol=17 | dir=in | app=system | "{66401D2C-35AC-4C46-B2B1-DEBDA3EB27D0}" = lport=139 | protocol=6 | dir=in | app=system | "{67FE3B60-245E-407B-AD5F-8F1A740898A1}" = rport=445 | protocol=6 | dir=out | app=system | "{7E962358-099D-4E05-992D-C62AD7BB2BE7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{84E0AD60-9EF4-4D76-8B8F-079FB96D6E98}" = rport=138 | protocol=17 | dir=out | app=system | "{A345B3E8-9A1F-4A6E-8913-1FA656864AED}" = rport=137 | protocol=17 | dir=out | app=system | "{A3FADB06-5850-42F1-B001-85200B40A554}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D8E05357-9434-41C5-85EB-3C69BCE83400}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DEDE25D1-964F-408A-A8F2-0AD84AF1793B}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08F415A6-77D9-4C91-9534-A39380580E71}" = protocol=6 | dir=in | app=c:\users\allgemein\appdata\roaming\dropbox\bin\dropbox.exe | "{09D6385E-C7E6-4B43-9320-7AB607E4A1DE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{1045BC7A-A4B0-4FB1-B2E8-708F6EDEB4B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{11595F1A-EFC8-4660-912B-7EAF485B5257}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{116C2FAB-2909-40E7-844F-01ED8DCE7921}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{153F715F-C3B1-464F-B50B-2658D2AAD51C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{1DE7F37A-5DBF-4152-8850-FD177B04E2E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{20095E0F-8E94-4846-BB77-B5233AC844AE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{2943D845-A82D-41B8-B02B-31E7AC903A34}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{2C079C2B-E26C-43F6-80FA-066D9223D318}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | "{34CFCA1E-3309-48E9-90E6-834DFB2AADEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{36699FC9-981F-4011-A4C1-23C62548A9B0}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe | "{3B926AF8-779D-4625-A7C4-BB2F82686164}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{3F3CFB73-AA36-4B98-824A-FA00130C6300}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{4496DD82-0AEE-4A36-98C1-89318373CAE6}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{4585F97A-8782-4466-A9F2-EDEAE8512D11}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{484D65E3-A07A-4E4F-821C-AC01306DF648}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4A813755-538E-49DC-8792-AF6EDDA40291}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{557B8DD9-EC3F-4097-AF38-3249D10451BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5C2784FE-B51F-4C27-8A53-19CAE3AEB12F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{5D430F2B-F5C0-4166-A2C4-59710024882E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{62C46A83-4B01-4662-A847-3A1E0F24648E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{6412063E-1A89-4263-B809-1B5A9BF0AD04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6A000B09-869B-4BF2-9A4F-CE2F8058D0FE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{6B395E90-B951-42C4-B69C-417B55894061}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{6DB572F4-7F14-4936-8D82-E723C24E45D2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{6E937193-FF5C-4DBF-B10B-A7124E77261A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{701798E4-CB67-4669-A9CC-B853FE0832FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{70C49653-75B9-4731-8868-183FF3E670B4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7129BC5D-8BBE-400B-89EC-836DF004B96C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7252DBFA-08AB-4923-9F26-778265E8DAF8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{741F9932-C90D-4E4B-8B86-1A79F09B806B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{7755B3BF-6A39-413B-9D6B-2B51F44CC8F7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{7F7C7B3B-CC2D-4A60-A4ED-C682363A9966}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{8103BDBE-549F-4A62-9522-BD7CD7A7133E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | "{84ACB5EB-558C-427F-9373-399DB31A0B64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | "{84FC18DF-A754-498A-A5D5-D208F837C760}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{86E18A31-88CB-4D7C-BB67-6A7BC7A761F1}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{88E04731-88C4-42D5-87D7-1B915C2C3876}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{930DA517-B8F0-481D-B96D-638C856FC920}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{947BE626-7A4B-4412-B94B-4294D6E23A55}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{9872033A-960C-40D1-BB3D-9FE0195A1FFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | "{9C918BA7-FD73-43E1-854B-62A730D731EC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{9CA5CF2A-57F1-4966-B5C0-6D9CC7651A33}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9EE14AC3-B0E4-46C6-853C-5916F5E7F834}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{A92A671A-4B96-4DBC-B5A8-260AC37CD663}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{B79F636E-09B3-419E-82F2-53412FF1B635}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{BBDB720C-3707-474F-A378-FD722254E93F}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{BCB13B55-CCA6-4E47-B754-02722BA699CE}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | "{C7A4D9FB-9929-4FF7-B593-7235F277EE5E}" = protocol=17 | dir=in | app=c:\users\allgemein\appdata\roaming\dropbox\bin\dropbox.exe | "{D3AC236A-3A19-47F1-A5AD-F53F5EBBFA40}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{D6238CF9-C214-44A9-9F47-D50D1F0CEFAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D7AAEC6D-30EF-4EDC-B838-A9CBADB61747}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{E17ED5C3-9C23-4A7F-851D-1686F8175242}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E231CF8D-08CF-4D25-AFDE-C0BFB2903BF2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E85F75D7-4F68-4FCA-927F-BB572EC83435}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{EAC7E779-F181-47FE-8344-D3DDCFD5D190}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EDFAED7C-6DA9-487C-85DB-FC8C6073285F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | "{F0639979-9E71-4458-8E30-9C4C7C8CA65A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{F0F85AF8-7BE7-4003-9122-F049ECA04E59}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{F33327D8-6D7E-47E8-BB9B-2338A076D7FF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F4600EDE-E1C7-420E-AAF3-6EF1377D17F2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{F9128883-75C8-433F-BD8C-5D69C08F7416}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "TCP Query User{1BA60797-7898-4CC1-8081-ED36A275D13E}C:\users\allgemein\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\allgemein\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{1F38BED2-0D0C-4E5E-AC84-813574B3414C}C:\unreal anthology\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\unreal anthology\ut2004\system\ut2004.exe | "TCP Query User{353E0D92-073E-4918-807B-F3C3A7D317FB}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "TCP Query User{4301DD79-7F97-41F1-BFDA-6E860E4EF01D}C:\program files (x86)\steam\steamapps\stoneu\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\stoneu\team fortress 2\hl2.exe | "TCP Query User{4E192CB5-BB71-478A-8608-3002A439C7BB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{6C55FF70-09A2-4945-B85E-23AEB91E9176}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "TCP Query User{73CB0788-19BA-4F0A-9559-124008FE343C}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe | "TCP Query User{77668989-4B77-45B7-B97E-185CFB2B19CD}C:\users\david\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\local\temp\gw2.exe | "TCP Query User{A3B42615-71C1-46CC-A04A-0A00025C3197}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "TCP Query User{A5779548-7501-464F-9B25-6FC0514BF929}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe | "TCP Query User{C2AEF198-26EB-4705-9934-9A2D6923C099}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{CBF75C3D-BCDF-4D87-AE6E-570EC273770B}C:\program files (x86)\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aom.exe | "TCP Query User{E34E3488-E086-4831-B7E7-0C35D0434C5C}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "TCP Query User{F230189B-8FC4-40FC-963C-08EEC0AD3458}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{F6B082B0-EDA6-45B2-80A5-274502B0206C}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{F71CD0F8-314B-4999-A1F0-E48DDD04F492}C:\users\allgemein\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\allgemein\appdata\roaming\spotify\spotify.exe | "TCP Query User{FB0507FA-B127-4187-B43A-24F2DCCF575A}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{0CBF8870-13CE-4CA3-BE30-FAC04CBE131A}C:\unreal anthology\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\unreal anthology\ut2004\system\ut2004.exe | "UDP Query User{15B465D8-1627-451D-966E-B9AA036D056A}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "UDP Query User{16653962-80F8-45AD-AF36-DF7A5F9271D7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{22AD7DD6-A7E9-45C8-B56B-C7FBAD201C07}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{2E2AF944-3DD7-4D12-9D95-3E30E699554E}C:\users\allgemein\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\allgemein\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{417DCEC0-9C4B-40FD-9390-A32E3BCDCB08}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "UDP Query User{49E80554-BB75-48B6-A446-976378E62753}C:\users\david\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\local\temp\gw2.exe | "UDP Query User{66BACE64-03A6-43C9-8937-08BC9892F71D}C:\users\allgemein\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\allgemein\appdata\roaming\spotify\spotify.exe | "UDP Query User{72ECE324-ADFB-4A59-925B-DE27E4FA70B6}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{86E0B3E2-3E7B-49F4-BF40-6F734CF4870D}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{9E9C4F1D-3FDE-4C94-9633-481CB0D36667}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe | "UDP Query User{A16136B5-74CB-4EE3-9A7E-7129E6DC53FC}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe | "UDP Query User{AA313DDF-A512-49C5-91AD-A4FBD6BEE088}C:\program files (x86)\steam\steamapps\stoneu\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\stoneu\team fortress 2\hl2.exe | "UDP Query User{B4314DB2-1A59-4D23-85FD-7D0D43E974FA}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{D1C475FA-39E4-47CA-99D9-FA810245D0E1}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{DBB9FFA9-2036-4B6A-8868-B0031316057F}C:\program files (x86)\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aom.exe | "UDP Query User{F8320DF1-FF1D-4D3B-8363-95219515C87C}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19 "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "GIMP-2_is1" = GIMP 2.8.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "My Lockbox_is1" = My Lockbox 2.8.2 "Sandboxie" = Sandboxie 3.74 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian "{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology "{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian "{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish "{2D9C81F2-CF30-47F9-860E-58DACF92ABC9}" = Razer Arctosa "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II "{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT) "{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4 "{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer "{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek "{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai "{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean "{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center "{55EB2692-FAFE-4352-AACD-AB9379E57F08}" = XSplit "{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish "{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish "{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7477F26F-CC6A-4F68-8C9D-496DBFF45E05}" = HTC Sync Manager "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian "{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7 "{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy "{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client "{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch "{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish "{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish "{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility "{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common "{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.22beta "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Age of Mythology 1.0" = Age of Mythology "ASUS WebStorage" = ASUS WebStorage "Battlelog Web Plugins" = Battlelog Web Plugins "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "Diablo III" = Diablo III "ESN Sonar-0.70.4" = ESN Sonar "Guild Wars 2" = Guild Wars 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "Steam App 205790" = Dota 2 Test "Steam App 212800" = Super Crate Box "Steam App 400" = Portal "Steam App 440" = Team Fortress 2 "Steam App 570" = Dota 2 "Steam App 620" = Portal 2 "Steam App 72850" = The Elder Scrolls V: Skyrim "SumatraPDF" = SumatraPDF "Warcraft III" = Warcraft III ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-333205402-440210070-1915747329-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.11.2012 17:44:12 | Computer Name = *****-PC | Source = WinMgmt | ID = 10 Description = Error - 11.11.2012 06:25:02 | Computer Name = *****-PC | Source = WinMgmt | ID = 10 Description = Error - 11.11.2012 15:53:10 | Computer Name = *****-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11.11.2012 15:53:10 | Computer Name = *****-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1014 Error - 11.11.2012 15:53:10 | Computer Name = *****-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1014 Error - 11.11.2012 15:53:11 | Computer Name = *****-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11.11.2012 15:53:11 | Computer Name = *****-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2012 Error - 11.11.2012 15:53:11 | Computer Name = *****-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2012 Error - 11.11.2012 15:53:12 | Computer Name = *****-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11.11.2012 15:53:12 | Computer Name = *****-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3010 Error - 11.11.2012 15:53:12 | Computer Name = *****-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3010 [ Cisco AnyConnect Secure Mobility Client Events ] Error - 12.09.2012 14:02:09 | Computer Name = *****-PC | Source = acvpnui | ID = 67108866 Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp Line: 41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description: WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung. Error - 12.09.2012 14:02:09 | Computer Name = *****-PC | Source = acvpnui | ID = 67108866 Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>. Host discarded. Error - 12.09.2012 14:02:09 | Computer Name = *****-PC | Source = acvpnui | ID = 67108866 Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 12.09.2012 14:02:09 | Computer Name = *****-PC | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1086 NULL object. Cannot establish a connection at this time. Error - 12.09.2012 18:41:54 | Computer Name = *****-PC | Source = acvpnagent | ID = 67108866 Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp Line: 1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description: Eine vorhandene Verbindung wurde vom Remotehost geschlossen. Error - 12.09.2012 18:41:54 | Computer Name = *****-PC | Source = acvpnagent | ID = 67108866 Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp Line: 1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description: unknown Error - 12.09.2012 18:41:54 | Computer Name = *****-PC | Source = acvpnagent | ID = 67108866 Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp Line: 873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE Error - 12.09.2012 18:41:54 | Computer Name = *****-PC | Source = acvpnagent | ID = 67108866 Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line: 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 (0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE Error - 12.09.2012 18:41:54 | Computer Name = *****-PC | Source = acvpnagent | ID = 67108866 Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp Line: 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene Verbindung wurde vom Remotehost geschlossen. Error - 12.09.2012 18:41:54 | Computer Name = *****-PC | Source = acvpnagent | ID = 67108866 Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp Line: 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE [ System Events ] Error - 21.09.2012 11:19:13 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 23.09.2012 19:44:55 | Computer Name = *****-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 28.09.2012 12:50:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows-Audio-Endpunkterstellung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 28.09.2012 12:50:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Zugriff auf Eingabegeräte" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 28.09.2012 12:50:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Netzwerkverbindungen" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts. Error - 28.09.2012 12:50:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 28.09.2012 12:50:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 28.09.2012 12:50:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 28.09.2012 12:50:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Sitzungs-Manager für Desktopfenster-Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 28.09.2012 12:50:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. < End of report > Vielen Dank! |
11.11.2012, 22:14 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | myStart-Problem unsicher ob wirklich behoben Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren
__________________Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ |
11.11.2012, 23:01 | #19 |
| myStart-Problem unsicher ob wirklich behobenCode:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.11.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 David :: *****-PC [Administrator] 11.11.2012 22:57:17 mbam-log-2012-11-11 (22-57-17).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 264861 Laufzeit: 2 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=a56650b3a8d5a34a8679ff5741c2d087 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-11 11:55:57 # local_time=2012-11-12 12:55:57 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 50077692 104301765 0 0 # compatibility_mode=8192 67108863 100 0 4154 4154 0 0 # scanned=187329 # found=9 # cleaned=0 # scan_time=6242 C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8SMINWO8\finish[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6YG1M3V\finish[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6YG1M3V\offer[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKEASNIZ\CreativeHandler[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKEASNIZ\CreativeHandler[2].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKEASNIZ\CreativeHandler[3].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKEASNIZ\offer[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Users\*****\AppData\Local\Temp\79318E3.tmp multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\*****\AppData\Local\Temp\793C0F4.tmp multiple threats (unable to clean) 00000000000000000000000000000000 I |
12.11.2012, 10:46 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | myStart-Problem unsicher ob wirklich behoben Nur Funde im IE Cache. Den mal leeren, helfen kann dir dabei der CCleaner aber Finger weg von der RegistryClean-Funktion! Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
12.11.2012, 10:55 | #21 |
| myStart-Problem unsicher ob wirklich behoben Nein sieht alles sehr gut aus Vielen Dank, Trojanerboard ist top! Danke cosinus super Arbeit! |
12.11.2012, 11:12 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | myStart-Problem unsicher ob wirklich behoben Dann wären wir durch! Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu myStart-Problem unsicher ob wirklich behoben |
beendet, bewertungen, falsche, fehlermeldung, gen, heute, interne, neue, probleme, proxy, schei, schnell, seite, server, start, startseite, suchmaschine, troja, trojanerboard, umleitung, unsicher, verändert, windows, windows 7, wirklich |