Ads by BetterMarkIt

Finlay · 06.01.2015, 13:19

Ja, habe damals die FritzBox auf Werkseinstellungen zurückgesetzt und alle Zugangsdaten neu eingegeben. Unmittelbar danach habe ich die Browser zurückgesetzt, sogar noch bevor ich mich neu in den Router eingewählt hatte.

Könnte es an der Verbindungsart zum Router liegen? Meine beiden Mitbewohnerinnen hängen über W-LAN an dem Ding und haben keine Probleme. Ich könnte meinen alten Belkin-Stick rauskramen und überprüfen ob das der Fall ist. In dem Fall wäre ein Formatieren ja auch sinnlos.

Wie ich glaube ich schonmal erwähnt habe, tauchen die Ads nicht auf allen Seiten auf. facebook, wikipedia und youtube beispielsweise bleiben komplett verschont.
Lässt sich daraus irgendwas schliessen womit ich es zu tun habe?

schrauber · 06.01.2015, 15:47

Ja, geh mal über den Stick online (auch wenn das echt kurios wäre). Ach testbar wäre, wenn möglich, mal mit LAN an den Router zu gehen.

Und setz bitte mal Google DNS als DNS am Rechner und teste nochmal.

Finlay · 06.01.2015, 16:29

Ich bin ja durchgehend per LAN am Router. Bin der einzige in der WG der das ist, meine Mitbewohnerinnen sind per W-LAN dran. Habe die LAN Verbindung jetzt mal deaktiviert und bin über meinen alten Belkin W-LAN Stick ran und habe die Browser resettet. Ads waren danach immer noch da.

Wie setze ich Google DNS am Rechner, bin nicht wirklich bewandert leider?

schrauber · 06.01.2015, 16:58

Google DNS setzen:
Google DNS-Server: Internet beschleunigen und Ping verbessern - NETZWELT

Dann Windows Taste + R drücken, schreibe

ipconfig /flushdns

und drücke Enter. Jetzt nochmal die Browser testen. Die Mitbewohner haben keinen Stress mit den Ads? Schon mal wirklich getestet?

Finlay · 06.01.2015, 18:41

Habs getan, Ads sind noch da.

Hab den DNS Server an der FritzBox verändert. Tu ich das zusätzlich in den Windows Netzwerk Einstellungen sind sie auch noch da, aber ich kann nicht auf die FritzBox zugreifen.

Gerade bei meiner Mitbewohnerin getestet. Seiten die bei mir Ads überschwemmt werden, sind werbefrei bei ihnen in Chrome, Firefox und IE.

Habe jetzt auch mal einen Screenshot vom Schnellverlauf gemacht. Unter anderem tauchen da die automatisch angesteuerten Adressen der PopUps auf.
Unter anderem targetingadvisor, click.blueseek und clickhoofind. Kann damit nichts anfangen, aber vielleicht hilft es dir.

schrauber · 06.01.2015, 19:49

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).

Doppelklick auf die OTL.exe
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Finlay · 06.01.2015, 20:18

Code:

ATTFilter

OTL logfile created on: 06.01.2015 20:09:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 54,66% Memory free
6,72 Gb Paging File | 5,01 Gb Available in Paging File | 74,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,00 Gb Total Space | 55,87 Gb Free Space | 37,25% Space Free | Partition Type: NTFS
Drive D: | 315,76 Gb Total Space | 280,05 Gb Free Space | 88,69% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\APOMngr.DLL ()
MOD - C:\Windows\System32\CmdRtr.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Admin\AppData\Local\Temp\catchme.sys File not found
DRV - (aaridp2o) --  File not found
DRV - (webinstrNewH) -- C:\Windows\System32\drivers\webinstrNewH.sys (Corsica)
DRV - (acsmux) -- C:\Windows\System32\drivers\acsmux.sys (Cisco Systems, Inc.)
DRV - (acsint) -- C:\Windows\System32\drivers\acsint.sys (Cisco Systems, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices)
DRV - (LADF_RenderOnly) -- C:\Windows\System32\drivers\ladfGSRi386.sys (Logitech)
DRV - (LADF_CaptureOnly) -- C:\Windows\System32\drivers\ladfGSCi386.sys (Logitech)
DRV - (LADF_SBVM) -- C:\Windows\System32\drivers\ladfSBVMi386.sys (Logitech)
DRV - (LADF_DHP2) -- C:\Windows\System32\drivers\ladfDHP2i386.sys (Logitech)
DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek Semiconductor Corporation                           )
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (BCMH43XX) -- C:\Windows\System32\drivers\bcmwlhigh6.sys (Broadcom Corporation)
DRV - (P17) -- C:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys ()
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (MRV6X32P) -- C:\Windows\System32\drivers\MRVW13B.sys (Marvell Semiconductor, Inc)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (Razerlow) -- C:\Windows\System32\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (W8335XP) -- C:\Windows\System32\drivers\Mrv8000c.sys (Marvell Semiconductor, Inc)
DRV - (atxboxfl) -- C:\Windows\System32\drivers\atxboxfl.sys (Compuware Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
 
[2013.10.21 18:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2015.01.06 16:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\frar7uot.default-1420557857815\extensions
[2014.12.09 17:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2014.12.09 17:36:02 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2015.01.05 20:22:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 11.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 11.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A911EDC-E141-4878-ACA2-03C0960EDA0E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D0C0572-CDD1-424D-85E1-AA507802458C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FFBF3D9-506A-4524-A263-A0CEFFDD51AB}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0B724AE-D3DB-4BAB-A134-83D327316FCF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\Downloads\ANNO5_THEME\uplay_wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\Downloads\ANNO5_THEME\uplay_wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015.01.06 20:07:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2015.01.05 20:59:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015.01.05 20:59:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
[2015.01.05 20:58:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015.01.05 20:53:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2015.01.05 20:16:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015.01.05 20:16:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015.01.05 20:16:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015.01.05 20:15:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015.01.05 20:15:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015.01.04 12:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014.12.22 22:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014.12.18 11:43:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\VSRevoGroup
[2014.12.10 09:57:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014.12.10 09:35:21 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.12.10 09:35:21 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.12.10 09:35:21 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.12.10 09:35:21 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014.12.10 09:35:21 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014.12.10 09:35:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.12.10 09:35:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014.12.10 09:35:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.12.10 09:35:19 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014.12.10 09:35:19 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.12.10 09:35:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.12.10 09:35:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.12.10 09:35:18 | 001,810,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.12.09 22:30:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.12.09 19:23:48 | 000,000,000 | ---D | C] -- C:\FRST
[2014.12.09 19:23:35 | 001,115,136 | ---- | C] (Farbar) -- C:\Users\Admin\Desktop\FRST.exe
[2014.12.09 18:28:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Tunngle
[2014.12.09 17:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014.12.09 17:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.12.09 01:10:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Opera Software
[2014.12.09 01:10:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Opera Software
[2014.12.09 01:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2014.12.08 17:44:42 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015.01.06 20:08:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2015.01.06 19:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.01.06 18:35:42 | 000,269,617 | ---- | M] () -- C:\Users\Admin\Desktop\Verlauf.jpg
[2015.01.06 18:29:44 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015.01.06 18:29:44 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015.01.06 16:18:52 | 000,674,024 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2015.01.06 16:18:52 | 000,634,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.01.06 16:18:52 | 000,146,036 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2015.01.06 16:18:52 | 000,119,840 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015.01.06 12:30:06 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2015.01.06 12:29:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.01.06 12:29:43 | 3488,669,696 | -HS- | M] () -- C:\hiberfil.sys
[2015.01.05 20:22:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015.01.04 12:57:02 | 001,115,136 | ---- | M] (Farbar) -- C:\Users\Admin\Desktop\FRST.exe
[2014.12.22 22:32:19 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.12.22 22:32:19 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.12.16 15:07:42 | 340,246,887 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.12.09 18:30:15 | 000,256,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.12.09 18:28:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2014.12.09 17:36:10 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.12.09 12:43:00 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015.01.06 18:35:41 | 000,269,617 | ---- | C] () -- C:\Users\Admin\Desktop\Verlauf.jpg
[2015.01.05 20:16:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015.01.05 20:16:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015.01.05 20:16:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015.01.05 20:16:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015.01.05 20:16:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014.12.16 15:07:42 | 340,246,887 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.12.09 17:36:10 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014.12.09 17:36:10 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.12.08 17:44:42 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2014.12.05 21:04:53 | 000,002,393 | ---- | C] () -- C:\Windows\patsearch.bin
[2014.12.03 00:01:39 | 000,000,552 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d8caps.dat
[2014.09.01 09:18:44 | 000,002,086 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MYCBDE
[2014.09.01 09:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\YUHCVSH
[2013.05.14 11:24:31 | 000,000,218 | ---- | C] () -- C:\Users\Admin\AppData\Local\recently-used.xbel
[2012.05.31 19:31:42 | 022,307,328 | ---- | C] () -- C:\Program Files\Play Wireless USB Adapter.msi
[2012.05.31 19:31:42 | 000,029,184 | ---- | C] () -- C:\Program Files\1031.MST
[2012.05.31 19:31:42 | 000,024,692 | ---- | C] () -- C:\Program Files\0x0407.ini
[2009.09.09 13:48:54 | 000,168,960 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.24 19:54:39 | 000,022,328 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PnkBstrK.sys
[2009.01.04 18:01:54 | 000,002,708 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 14:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AD022376

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 06.01.2015 20:09:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 54,66% Memory free
6,72 Gb Paging File | 5,01 Gb Available in Paging File | 74,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,00 Gb Total Space | 55,87 Gb Free Space | 37,25% Space Free | Partition Type: NTFS
Drive D: | 315,76 Gb Total Space | 280,05 Gb Free Space | 88,69% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D1724DB-C790-43DF-B84F-95385BD21FB2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1DEFD9E2-04F8-40CD-A5E1-861883FFDF44}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1ECE18B0-1415-4501-B179-758342226260}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2F207C39-9FB9-4C4F-897D-7FA2B25DCD33}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4098A501-3FDA-42E9-A359-556123E16501}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{47978D39-6BC7-4B8A-8D5A-52D8949AD595}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4CBE5B32-79D0-4950-A083-D167FCFDE003}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50736E45-AB99-4219-8B8C-C4B3A9E17087}" = rport=137 | protocol=17 | dir=out | app=system | 
"{596908C3-3A2B-4C00-8D64-651ABEF9C9DA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{59E61392-1484-4CBD-BB70-03700B343418}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5DBE5955-7EF3-4091-99F9-6E3DCE3789F3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{73472542-B843-4705-9A7A-A8B00061F6B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{75B7C64D-360A-4FDC-B6FB-63AE6D877139}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7F8CA566-65EF-4BAE-A617-497D97B7A65A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{80CD9F8E-CD35-49D7-A9AA-223CBFBD4455}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{80E80BE9-5866-449B-8150-22CAF44A09D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8928379D-E65A-457F-9F15-26664B2E582B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8BF33719-CD9C-49CF-A751-A7780D081A9D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8D3020B3-4830-400E-8DB4-69020779369D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8F125284-834E-4382-A2E1-7216E77BA6B5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A22AFC58-D5F0-4127-B012-76FFC820452E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AC699E4A-A408-4310-9557-774543889DFB}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B52748DF-EC0F-4309-917B-596BF84BDCB8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BC9C5049-EE7F-4E43-9B52-CC5837CAC19D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BFAE8BDE-E990-4A0C-9259-8B28414271B8}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{C62E848D-407E-4ECA-9DAF-46F36E1CC164}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CAB028B3-19AD-462C-B987-2EE2CBCB2267}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D0BCF8C3-9980-4FC8-9E92-60B4468A474B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DF88FC50-1508-4E6F-A9FE-657E947F8EED}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E0C4D493-0B01-4D88-B04B-5A7E9068C6CD}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{EA380C51-A7CE-4492-937C-D52A3E0F7AB8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EF3FC3E1-EDC4-4134-BA1C-385EEDEAFFCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F028DFD2-FE60-4397-960A-FB6349AE8010}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F7FAED82-37E2-4A3C-9D5E-1AA3608CE380}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08CE773B-5DB2-4948-80B1-95B3AB4C2E49}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{10989112-5011-4C29-97E0-1CEC0E297963}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\addon.exe | 
"{1212DB92-FD81-465A-A8B1-2EAF3D3063B3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe | 
"{15FC9CA1-74F4-44C1-A778-CBDD94A483F7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{17617DE1-3F52-43B0-956E-960AFA1D94B3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{1B6212B6-1CC0-4C05-91FF-0632892F11C6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe | 
"{208E0C5C-2560-43DF-9BA7-2C7B54E9255F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\addon.exe | 
"{2800265A-2E20-4759-BE26-1C3C7C7E96C2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{30EE8E32-9ACB-4AE2-8958-A1232E71ECDE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3619ADD8-3BF9-4A2C-9D17-DD8E0BAA6BFA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{3B5C5EFC-58D5-4639-9449-1B9BBB6FC8EB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 3\bin\farcry3.exe | 
"{4207066C-90F5-4B5D-8077-BE9EF3A8B5AA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{45C527E4-7667-4BF8-BD34-2CDC105186E8}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{4F1D39CC-9EB4-4DFC-953B-34A34B403C8D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{51742890-7695-4861-83FD-51D26729EEF0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{5292DC23-64DC-405C-A28B-5F8AFD769E1C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{52B870AC-B320-4D9E-AA37-22A2F828BC45}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{58A689AE-A4F7-4E49-88FC-57DEC3708BC2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{590EABF7-25C7-413E-BABC-5CE221FFF645}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{5A422287-2FED-4D11-99A1-B74D53BB52DD}" = protocol=17 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe | 
"{5C12DA4F-E548-47A7-9136-E14FFE089414}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5E0BFBF3-9C46-449D-894D-7773825C3E8C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{5EFE1420-2110-4221-94EA-E0EAA519342E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{6C4CD084-9500-446E-9DD4-82B2F6A20CE2}" = protocol=6 | dir=in | app=d:\spiele\fifa 14\game\fifa14.exe | 
"{7DCDA3CE-39F5-4012-8AA1-3B1460D8BFE8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe | 
"{826B908E-C361-47C8-A555-AEAC017CD42B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe | 
"{84D17E5E-E74F-40B5-B6A6-AAD8463C3138}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{86C7645C-1698-4CBB-84E0-0DD8A45055C7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{87CB2AC1-FECB-4D87-858A-BB1F0DDFFAF6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{8A1DD01D-0A35-4040-B788-7720C939C084}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8B21D88A-0353-4977-8BCB-6A93100BDBC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8CF39578-DBAA-4975-8872-DD2E3A45C3F6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{8EA8C951-80DC-4295-9226-51AD917EA1BF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{9307256C-94BB-42BB-801A-650149225DD9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{938C915A-4D96-410C-BE8E-E6FC48C95DAE}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{9741914B-79B0-4CCC-94FA-CCF82855B7F0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 3\bin\farcry3.exe | 
"{97900F7C-D979-42FD-9C97-961622A4348B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{991DD247-C184-404E-8696-9CFA44C2843E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{9AC3F94C-6197-4624-BF84-E603AB80A6FC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{9BD34D1E-28E7-4302-BE8B-454C3A32DF07}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{9CEB369E-4579-40FA-9C65-C7D027C2C022}" = protocol=6 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe | 
"{9D45A39D-CD29-4A6D-94AC-D768088E58A2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{9DB57904-61A7-49B5-8456-87CAD85E7FA0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe | 
"{9F67605F-56D7-4CDB-8DA8-0254752F2F57}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe | 
"{A2305B2D-5DB6-4740-970C-E41790682C31}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe | 
"{A53B63BF-52BA-4702-87C7-291F9CDB4066}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{AAC3ADCB-1B74-43F1-B11C-8E33AED217B1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{AD02F1A3-9725-4CE4-9574-3A8475DE6A76}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe | 
"{AFA73688-AFD6-4CF8-B663-27A4944897D0}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{B10E287A-F745-434C-BFDF-F477978F8266}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B36D1DC3-7F82-4F2D-BD77-DEB9E8374E0F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B808E352-661E-4F20-96FF-EBE481BE5102}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{BBA9D5B5-AA92-4DCE-9881-06161FE02746}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{BF8FCBC2-D273-4C2F-9BAF-1DF2DC48DE0F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{BFBAF240-23AC-46D4-9588-DA00D111AEF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C4C6A4CE-0085-4737-83CC-A722DEBBADB6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C6881F06-5CE7-4EA6-BB27-7E3F1C0D3799}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{CE9AA842-5C35-4710-B0AD-05AF5983D9AA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{CEEB4898-9342-476E-9433-60D2BC56B855}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{D238A1EF-353B-4B47-BA36-8DA746A20CC4}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{D3CE1B95-5098-429B-A24D-08E69EEB22B3}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{D72B5D06-3E95-466D-9E7A-3803A453D340}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{D7F3644E-B3C7-4A67-8BC4-CD1AD47DC046}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{D93B7042-99CA-433D-B2E6-A26CA68CE88A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{DB265A59-3955-493C-A038-3F4652FFF99F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{DE15297F-015E-46DE-A074-631515EB60D0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{DFF22524-018A-443A-AC13-6F14998EC32A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe | 
"{E2E175B1-9A87-410D-9E6A-7B221581F796}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{E46DBA56-40B0-45BC-94FC-F1FEE034DFDE}" = protocol=17 | dir=in | app=d:\spiele\fifa 14\game\fifa14.exe | 
"{E56E1528-BEAD-4BE8-AA14-98B68267EB7D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E77D10DA-5CDC-44AE-9C46-C30579F712A7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{EF618B5B-1A27-4DBE-BD9C-A2E6E84E7A45}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{F269E9F3-8DBB-493A-BCAA-482B38DD2EC9}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{F539A802-9947-440D-B20B-EF67B7DDDD8B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{F7C0F167-F524-4224-91A5-CFBB97D480A0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe | 
"{F7E3C8F1-A53A-41B6-AC28-637596A9FB85}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"TCP Query User{0D65D120-C204-4FDD-BB50-22C7BBCC458E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{123620F4-52D3-4CED-ACE4-5DA19DA78439}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"TCP Query User{26DB3EA2-5B4E-4F7F-A522-F38F2D3C0E6D}C:\users\admin\desktop\fiji\fiji.app\imagej-win32.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\fiji\fiji.app\imagej-win32.exe | 
"TCP Query User{3463F77B-FC6E-4CF9-934D-DC09735D5CFC}D:\steambuster\steamapps\grandmaster-psi@gmx.de\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\steambuster\steamapps\grandmaster-psi@gmx.de\counter-strike source\hl2.exe | 
"TCP Query User{3A9C71FF-92A9-41E8-B3E7-D796F23A5E43}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{63C65172-F05C-4301-9566-31B21806AB63}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"TCP Query User{6F61AD4A-F01B-4C8A-8E68-812533C731CD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{8220D397-2143-41DD-9432-FC39DF45A2FB}D:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{8C9A88FF-7926-40D4-B1A0-080D30158931}D:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii\war3.exe | 
"TCP Query User{97E51177-C042-4DD3-9103-01D0B9D86082}C:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe | 
"TCP Query User{AC4AAC9A-648F-4EE4-89FA-71406E14A95B}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{B48B642C-5B0A-4AB8-9525-FA646F6EBECC}C:\program files\ubisoft\related designs\anno 2070\anno5.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe | 
"TCP Query User{C9C84D0A-3964-4C38-B96E-BBA1682D69AA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{C9E71F5F-30FF-4FAE-BA74-8357F47EFED7}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"TCP Query User{CA13334F-1AE2-469D-946F-20BB31FA1CD5}D:\spiele\fifa 12\fifa 13\game\fifa13.exe" = protocol=6 | dir=in | app=d:\spiele\fifa 12\fifa 13\game\fifa13.exe | 
"TCP Query User{D71B8691-E87D-4F12-A8F8-F974826D847C}D:\spiele\fifa 12\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\spiele\fifa 12\fifa 12\game\fifa.exe | 
"TCP Query User{E13EA1F2-22F9-4462-8131-C75E50915CE7}D:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii\war3.exe | 
"TCP Query User{E7CDD425-E3C3-44E9-A83D-9A4AB2B1BB76}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{372F6BAE-8476-4C67-9726-899390C0C29E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{40DFE3B5-1840-4435-A691-9FDE598A04A2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{4111157C-966D-42A6-8150-F3C49BE5D98E}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"UDP Query User{4564BB49-453D-41F3-A48D-45CB2418029D}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{5DD7F0D7-0480-4660-884F-4FC25EC3ADB7}D:\spiele\fifa 12\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\spiele\fifa 12\fifa 12\game\fifa.exe | 
"UDP Query User{606B0607-EC14-4E5C-924A-ABABE4A2AFA1}D:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii\war3.exe | 
"UDP Query User{78BD6A81-7DE6-4571-8DB2-EDB9CEE26D0F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{7993E751-ACC6-45BE-A10C-A30914B517D3}D:\steambuster\steamapps\grandmaster-psi@gmx.de\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\steambuster\steamapps\grandmaster-psi@gmx.de\counter-strike source\hl2.exe | 
"UDP Query User{8A856D2D-F50B-4193-A746-CDF9999AFB6C}D:\spiele\fifa 12\fifa 13\game\fifa13.exe" = protocol=17 | dir=in | app=d:\spiele\fifa 12\fifa 13\game\fifa13.exe | 
"UDP Query User{8B01F4BC-BAB2-4615-AF92-663A9BC75F92}D:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{9303F4D0-CF45-479A-A1EC-9D3A40133DDA}C:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe | 
"UDP Query User{9C99C5D3-3DB7-4788-8D77-F43FFFB1D91B}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"UDP Query User{A2FE5248-7069-4E14-8442-C5C09626AB7E}C:\users\admin\desktop\fiji\fiji.app\imagej-win32.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\fiji\fiji.app\imagej-win32.exe | 
"UDP Query User{ADA394E0-5EFA-4B91-81A3-97182A21F298}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"UDP Query User{B161D07B-6AFF-465A-B4C7-A76A4ED81225}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{D465C97C-2D76-4B6B-A897-FE8C1A22C328}C:\program files\ubisoft\related designs\anno 2070\anno5.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe | 
"UDP Query User{EC4D71BD-DB5F-44B0-BF72-2B6ABC59A7E5}D:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii\war3.exe | 
"UDP Query User{F16418DB-982C-4326-8D5A-9C4DD50A9D51}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{29F15D3F-5B37-44DB-BB89-390B3AD1404E}" = IEEE 802.11g Wireless Cardbus/PCI Adapter
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE 
"{4B3AF51F-830F-409F-AE05-FB67040C90B6}" = Cisco AnyConnect Secure Mobility Client
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{759E97EC-9E3D-4F55-C321-7819C93F0887}" = ccc-utility
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2EAE643-8804-9420-5DBE-2752D6957964}" = AMD Catalyst Install Manager
"{AA7A2800-1E75-4240-855B-03AFF8E5171E}" = FIFA 14
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C5828861-B97B-4037-995C-C65E9CC13A3B}" = Sound Blaster Audigy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.64
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"AudioCS" = Creative Audio-Systemsteuerung
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"Der_Deploy_0" = Der Kleine Turnierplaner 6.7.3.1a
"DivX Setup.divx.com" = DivX-Setup
"InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}" = IEEE 802.11g Wireless Cardbus/PCI Adapter
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.4.1028
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 34.0.5 (x86 de)" = Mozilla Firefox 34.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PDF Image Extraction Wizard 1.2_is1" = PDF Image Extraction Wizard 1.2
"Revo Uninstaller" = Revo Uninstaller 1.93
"Steam App 220240" = Far Cry® 3
"Steam App 570" = Dota 2
"USB GAME PAD" = USB GAME PAD
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.01.2015 08:00:49 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.01.2015 15:27:30 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.01.2015 17:56:09 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 34.0.5.5443 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 14a8  Anfangszeit: 01d0285fdbeaf8ef  Zeitpunkt der
 Beendigung: 51
 
Error - 04.01.2015 17:56:09 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 34.0.5.5443, Zeitstempel
 0x5475dd5d, fehlerhaftes Modul mozalloc.dll, Version 34.0.5.5443, Zeitstempel 0x5475d664,
 Ausnahmecode 0x80000003, Fehleroffset 0x00001425,  Prozess-ID 0xfd4, Anwendungsstartzeit
 01d02868a9bee44f.
 
Error - 05.01.2015 06:56:59 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.01.2015 12:58:12 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.01.2015 13:39:06 | Computer Name = Admin-PC | Source = VSS | ID = 8194
Description = 
 
Error - 05.01.2015 13:39:42 | Computer Name = Admin-PC | Source = VSS | ID = 8194
Description = 
 
Error - 06.01.2015 07:31:13 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.01.2015 10:49:39 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 34.0.5.5443, Zeitstempel
 0x5475dd5d, fehlerhaftes Modul mozalloc.dll, Version 34.0.5.5443, Zeitstempel 0x5475d664,
 Ausnahmecode 0x80000003, Fehleroffset 0x00001425,  Prozess-ID 0x1714, Anwendungsstartzeit
 01d029b2e3f26749.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2660 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2169 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2660 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2169 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 8288 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 5936 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5661
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5623
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5377 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 
5312 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
[ System Events ]
Error - 05.01.2015 15:17:28 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 05.01.2015 15:20:43 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 05.01.2015 15:22:54 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 05.01.2015 15:53:43 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 05.01.2015 15:56:08 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 05.01.2015 15:58:10 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 06.01.2015 07:31:14 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.01.2015 11:25:20 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 06.01.2015 12:25:30 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 06.01.2015 12:25:46 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
 
< End of report >

schrauber · 06.01.2015, 22:13

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
DRV - (webinstrNewH) -- C:\Windows\System32\drivers\webinstrNewH.sys (Corsica)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found
:files
C:\Windows\System32\drivers\webinstrNewH.sys
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Finlay · 06.01.2015, 22:40

Du hast ihn erwischt! Keine Ads mehr in jedem Browser nach dem Fix!

Code:

ATTFilter

All processes killed
========== OTL ==========
Service webinstrNewH stopped successfully!
Service webinstrNewH deleted successfully!
C:\Windows\System32\drivers\webinstrNewH.sys moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: false removed from browser.search.isUS
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5 removed from extensions.enabledAddons
========== FILES ==========
File\Folder C:\Windows\System32\drivers\webinstrNewH.sys not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 34144 bytes
->Temporary Internet Files folder emptied: 34413 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 371323386 bytes
->Flash cache emptied: 3805752 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1500503 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6916 bytes
RecycleBin emptied: 18925591 bytes
 
Total Files Cleaned = 377,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01062015_222523

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Vielen, vielen Dank für die Zeit die du dir genommen hast mir zu helfen!
Ihr macht das hier ja alle hobbymäßig, vorallem deswegen weiß ich das sehr zu schätzen! Dankeschön!

Würde rein aus Interesse noch gerne wissen, was es denn nun genau war und warum die vorherigen Scans nichts gefunden haben und warum nun gerade OTL erfolgreich war.
Sofern es nicht zu umständlich ist, die Sache einem komplett Ahnungslosen wie mir zu erklären.

schrauber · 07.01.2015, 09:03

Zitat:

warum die vorherigen Scans nichts gefunden haben und warum nun gerade OTL erfolgreich war

Das ist so nicht ganz korrekt. Ich hab den pööösen Treiber erst im OTL Log gesehen.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Finlay · 07.01.2015, 15:33

Okay, erledigt. Alles geklärt, vielen Dank nochmal!

schrauber · 07.01.2015, 15:34

Gern Geschehen

06.01.2015, 15:47	#32
schrauber /// the machine /// TB-Ausbilder	Ads by BetterMarkIt Ja, geh mal über den Stick online (auch wenn das echt kurios wäre). Ach testbar wäre, wenn möglich, mal mit LAN an den Router zu gehen. Und setz bitte mal Google DNS als DNS am Rechner und teste nochmal. __________________ __________________

07.01.2015, 15:34	#42
schrauber /// the machine /// TB-Ausbilder	Ads by BetterMarkIt Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Ads by BetterMarkIt

Plagegeister aller Art und deren Bekämpfung: Ads by BetterMarkIt