|
Plagegeister aller Art und deren Bekämpfung: Google-Link und andere Probleme!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.01.2013, 14:14 | #31 |
| Google-Link und andere Probleme! Oh sry... hier sind die richtigen Logs OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.01.2013 14:00:48 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 83,82% Memory free 4,84 Gb Paging File | 4,53 Gb Available in Paging File | 93,51% Paging File free Paging file location(s): C:\pagefile.sys 2048 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 24,66 Gb Total Space | 2,50 Gb Free Space | 10,12% Space Free | Partition Type: NTFS Drive D: | 70,18 Gb Total Space | 3,22 Gb Free Space | 4,59% Space Free | Partition Type: NTFS Drive E: | 54,20 Gb Total Space | 4,09 Gb Free Space | 7,54% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 2,80 Gb Free Space | 2,86% Space Free | Partition Type: NTFS Drive G: | 51,38 Gb Total Space | 5,23 Gb Free Space | 10,17% Space Free | Partition Type: NTFS Drive H: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIA | User Name: Amadeo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - D:\Process Lasso\ProcessGovernor.exe (Bitsum Technologies) PRC - D:\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) PRC - D:\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Programme\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () ========== Services (SafeList) ========== SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SbieSvc) -- D:\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (Mobile Partner. RunOuc) -- D:\Mobile Partner\UpdateDog\ouc.exe () SRV - (Steam Client Service) -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe (Valve Corporation) SRV - (HWDeviceService.exe) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe () SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (IDT, Inc.) SRV - (pgsql-8.3) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (cpuz132) -- File not found DRV - (cpudrv) -- C:\Programme\SystemRequirementsLab\cpudrv.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (a4o7z9b1) -- File not found DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (SbieDrv) -- D:\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys () DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys () DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices) DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (cmuda3) -- C:\WINDOWS\system32\drivers\cmudax3.sys (C-Media Inc) DRV - (chdrvr02) -- C:\WINDOWS\system32\drivers\chdrvr02.sys (CH Products) DRV - (chdrvr03) -- C:\WINDOWS\system32\drivers\chdrvr03.sys (CH Products) DRV - (chdrvr01) -- C:\WINDOWS\system32\drivers\chdrvr01.sys (CH Products) DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (cmpci) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.tuwien.ac.at IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.tuwien.ac.at IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-57989841-963894560-1606980848-1025\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\S-1-5-21-57989841-963894560-1606980848-1025\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.tuwien.ac.at IE - HKU\S-1-5-21-57989841-963894560-1606980848-1025\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\01035 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.29 10:18:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.12.19 01:47:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A396240B-27B6-4007-9588-064E96278BAD}: C:\WINDOWS\system32\01022 FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\01035 [2010.08.22 10:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Extensions [2012.10.29 10:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions [2012.10.29 10:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\nostmp [2012.10.29 10:19:33 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.10.29 10:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.24 09:24:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - No CLSID value found. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {6764C5ED-CEE4-42ae-8F31-23F02A3A661F} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found. O4 - HKLM..\Run: [ATICustomerCare] C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [ProcessGovernor] D:\Process Lasso\processgovernor.exe (Bitsum Technologies) O4 - HKLM..\Run: [ProcessLassoManagementConsole] D:\Process Lasso\ProcessLasso.exe (Bitsum Technologies) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [DAEMON Tools Lite] F:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [DriverMax] G:\DriverMax\devices.exe (Innovative Solutions) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [DriverMax_RESTART] G:\DriverMax\devices.exe (Innovative Solutions) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [ICQ] F:\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [SandboxieControl] D:\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [Steam] G:\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Amadeo\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = D:\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1025\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1025\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - F:\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - F:\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Dokumente und Einstellungen\Amadeo\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Dokumente und Einstellungen\Amadeo\Desktop\PartyPoker.lnk () O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282521036125 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab (ChessControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66F64D73-0F8A-4367-86D2-17398744B2EC}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.22 10:37:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.09.12 19:11:41 | 000,000,233 | R--- | M] () - H:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.23 12:22:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BAHN 4.00 [2012.12.20 18:58:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\PKR [2012.12.19 16:21:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.12.19 15:52:40 | 000,000,000 | ---D | C] -- C:\Programme\C-Media Oxygen HD Audio Device [2012.12.19 01:47:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\Sun [2012.12.19 01:47:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2012.12.19 01:47:03 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.12.19 01:47:03 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.12.19 01:46:41 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.12.19 01:46:41 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.12.19 01:46:41 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.12.19 01:26:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012.12.19 00:35:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PostgreSQL 8.3 [2012.12.19 00:34:44 | 000,000,000 | ---D | C] -- C:\Programme\PostgreSQL [2012.12.18 23:59:38 | 005,012,571 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\ComboFix.exe [2012.12.17 12:05:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Startmenü\Programme\GeoGebra 4.2 [2012.12.14 11:05:39 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\aswMBR.exe [2012.12.12 14:41:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2012.12.11 21:06:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Amadeo\Recent [2012.12.11 20:50:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner ========== Files - Modified Within 30 Days ========== [2013.01.04 13:41:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.04 13:37:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.01.04 10:37:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.01.04 10:24:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.04 10:22:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.03 18:39:45 | 000,192,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.30 10:08:56 | 000,551,997 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\adwcleaner.exe [2012.12.29 18:00:58 | 000,004,931 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab [2012.12.24 09:24:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2012.12.22 23:39:07 | 000,547,175 | ---- | M] () -- C:\adwcleaner.exe [2012.12.21 20:48:37 | 003,524,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.19 22:48:02 | 000,000,464 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenTTD.lnk [2012.12.19 15:59:35 | 000,000,521 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\PokerTracker 4.lnk [2012.12.19 01:46:08 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.12.19 01:46:00 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.12.19 01:46:00 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.12.19 01:46:00 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.12.19 01:46:00 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.12.19 01:45:59 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.12.19 01:45:58 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012.12.18 23:59:53 | 005,012,571 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\ComboFix.exe [2012.12.17 12:47:36 | 000,069,100 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\matheuebung2.pdf [2012.12.17 12:05:58 | 000,001,890 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\GeoGebra 4.2.lnk [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012.12.14 11:09:27 | 000,012,866 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\pokerstrategie.sxw [2012.12.14 11:06:16 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\aswMBR.exe [2012.12.14 11:03:25 | 000,302,592 | ---- | M] () -- C:\2qp3jtr4.exe [2012.12.13 22:41:08 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.12.13 17:14:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.12.12 14:41:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2012.12.11 21:06:25 | 000,001,910 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_210619.reg [2012.12.11 20:56:24 | 000,551,550 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_205602.reg [2012.12.09 19:37:53 | 000,528,654 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.12.09 19:37:53 | 000,503,532 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.12.09 19:37:53 | 000,106,748 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.12.09 19:37:53 | 000,089,230 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat ========== Files Created - No Company Name ========== [2012.12.30 10:08:55 | 000,551,997 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\adwcleaner.exe [2012.12.29 18:00:58 | 000,004,931 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab [2012.12.22 23:39:06 | 000,547,175 | ---- | C] () -- C:\adwcleaner.exe [2012.12.19 15:53:12 | 000,002,377 | ---- | C] () -- C:\WINDOWS\Cmicnfgp.ini.cfg [2012.12.19 15:53:08 | 000,001,948 | ---- | C] () -- C:\WINDOWS\cmudaxp.ini [2012.12.17 12:47:36 | 000,069,100 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\matheuebung2.pdf [2012.12.17 12:05:58 | 000,001,890 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\GeoGebra 4.2.lnk [2012.12.14 11:09:24 | 000,012,866 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\pokerstrategie.sxw [2012.12.14 11:03:24 | 000,302,592 | ---- | C] () -- C:\2qp3jtr4.exe [2012.12.13 17:14:13 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.12.11 21:06:22 | 000,001,910 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_210619.reg [2012.12.11 20:56:07 | 000,551,550 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_205602.reg [2012.11.22 21:42:30 | 000,005,110 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\IDK [2012.11.16 11:56:18 | 000,141,608 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.05.29 11:22:44 | 000,000,061 | -HS- | C] () -- C:\WINDOWS\cnerolf.bin [2012.05.03 13:27:47 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini [2012.04.21 16:27:21 | 000,001,468 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2012.04.09 10:25:48 | 000,175,104 | ---- | C] () -- C:\WINDOWS\MM_Bahn_V3_Uninstall.exe [2012.04.02 12:11:36 | 000,000,613 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2012.03.21 19:22:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.03.21 19:22:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.03.21 19:22:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.03.21 19:22:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.03.21 19:22:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.01.07 14:15:22 | 003,379,470 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-57989841-963894560-1606980848-1003-0.dat [2012.01.07 14:15:22 | 000,221,466 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.11.26 22:04:54 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe [2011.11.26 22:04:54 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe [2011.11.26 22:04:54 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2011.11.26 22:04:54 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2011.11.26 22:04:54 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2011.11.12 12:09:23 | 000,000,136 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.11.08 21:49:21 | 000,000,056 | ---- | C] () -- C:\WINDOWS\fs9configurator.ini [2011.09.28 15:03:13 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011.04.11 18:38:27 | 000,000,185 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\FSDreamTeam_Honolulu.reg [2011.03.18 11:33:06 | 000,000,180 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\FSDreamTeam_ZurichX.reg [2011.03.18 00:42:15 | 000,086,776 | ---- | C] () -- C:\WINDOWS\System32\CMCalBlk.dll [2011.03.17 15:58:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2011.03.17 15:56:36 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl [2011.03.17 15:56:15 | 000,001,480 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg [2011.03.17 15:56:13 | 000,002,532 | ---- | C] () -- C:\WINDOWS\cmudax3.ini [2011.03.15 23:01:21 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2011.03.14 13:02:20 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.03.14 12:04:57 | 000,000,220 | ---- | C] () -- C:\WINDOWS\AISmooth.INI [2011.03.14 02:21:41 | 000,000,199 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\QualityWings_Ultimate 757 Collection.reg [2011.02.24 12:36:41 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Adobe Targa Format CS5 Prefs [2010.08.23 02:16:48 | 000,192,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2010.08.22 10:54:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.12.20 23:14:52 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.01.2013 14:00:48 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 83,82% Memory free 4,84 Gb Paging File | 4,53 Gb Available in Paging File | 93,51% Paging File free Paging file location(s): C:\pagefile.sys 2048 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 24,66 Gb Total Space | 2,50 Gb Free Space | 10,12% Space Free | Partition Type: NTFS Drive D: | 70,18 Gb Total Space | 3,22 Gb Free Space | 4,59% Space Free | Partition Type: NTFS Drive E: | 54,20 Gb Total Space | 4,09 Gb Free Space | 7,54% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 2,80 Gb Free Space | 2,86% Space Free | Partition Type: NTFS Drive G: | 51,38 Gb Total Space | 5,23 Gb Free Space | 10,17% Space Free | Partition Type: NTFS Drive H: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIA | User Name: Amadeo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "5432:TCP" = 5432:TCP:*:Enabled:postgres ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "F:\ICQ7.5\ICQ.exe" = F:\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "D:\BitTorrent\bittorrent.exe" = D:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "E:\Applications\eMule\emule.exe" = E:\Applications\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net) "F:\Empire Earth\Empire Earth.exe" = F:\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- () "C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "G:\Steam\Steam.exe" = G:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "G:\Jedi Academy\GameData\jamp.exe" = G:\Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- (Activision Inc) "G:\Steam\SteamApps\common\cities in motion\Cities In Motion.exe" = G:\Steam\SteamApps\common\cities in motion\Cities In Motion.exe:*:Enabled:Cities in Motion -- () "C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen -- (Microsoft Corporation) "C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "F:\ICQ7.5\ICQ.exe" = F:\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.) "F:\Flight Simulator X\fsx.exe" = F:\Flight Simulator X\fsx.exe:*:Enabled:Microsoft Flight Simulator® -- (Microsoft Corp.) "F:\Flight Simulator X\Flight One Software\Ultimate Traffic 2\UT2Services.exe" = F:\Flight Simulator X\Flight One Software\Ultimate Traffic 2\UT2Services.exe:*:Enabled:UT2Runtime -- (Flag Mountain Software) "C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player "E:\Games\FIFA Manager 13\Manager13.exe" = E:\Games\FIFA Manager 13\Manager13.exe:*:Enabled:FUSSBALL MANAGER 13 -- (Electronic Arts Inc.) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "D:\PacificPoker\bin\poker.exe" = D:\PacificPoker\bin\poker.exe:*:Enabled:poker -- (random) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B82D6C6-9ECC-4710-97AB-5CE482E72852}_is1" = TableScan Turbo RC4 build 8 "{0C5A665C-EB82-237B-4703-88CACDE22C0C}" = Catalyst Control Center Graphics Previews Common "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab "{0ED98038-0885-F902-C419-669ADE471A46}" = ATI Stream SDK v2 Developer "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{13A74C4A-1AA2-1BAC-99C0-876663ACB9CE}" = ccc-utility "{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}" = EditVoicepack "{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{219F5D37-632B-4EC2-96F4-6AE1B8C39284}" = XLNation User Interface Mod "{22183FFB-C8A7-4740-847A-DD2FAE27B4F3}" = Microsoft Flight Simulator X SP2 SDK "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3B095ED6-8631-4E2A-9F75-3EAD0AA37850}" = ATC Voicepack SDK "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{46559469-7C15-49F4-BB76-21480BE1BEF4}" = Real Environment Xtreme FS2004 "{493687F8-8D57-47C4-87B6-D46D7C5203BF}" = EditVoicepack X "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme "{4D27CE85-F519-42C1-B4AB-C0BD976FB0BA}" = Orbiter 2010-P1 "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{55F78BA4-3D29-4F66-8D89-36E45C3750B6}" = Active Sky Evolution "{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{724D34D5-CC50-49ED-B5A4-587F67EF2B44}" = Overland - World Airlines for FS2004 (Airbus) "{72FC6A11-7165-49D3-9033-061953EFD732}" = Airlines 2 "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7D8EB14A-50BF-493F-A6D6-30656E04937C}" = XPax "{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8F161264-A992-623B-5746-5AD0EF1EA516}" = ATI Catalyst Install Manager "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3 "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{9273AF57-4CE9-48D9-B9D7-6F8B503B1D93}" = Overland - World Airlines for FSX (Boeing) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0C2B76C-DD0E-FC4F-A5D4-C9F7970FB1CD}" = ccc-core-static "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver "{AEA944B7-D9C2-4560-92AE-64BD1D755A37}" = FS Recorder 2.01 for FS2004 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3 "{BA82F3D7-40E0-CB34-B682-ACC63E7E73B6}" = CCC Help English "{BC63C33D-2EA7-4991-8C2E-D9B8A48DD58B}" = PokerStrategy.com Elephant "{BD7CA7F2-FF0A-46C8-8428-38D5BE805C1A}" = Overland - World Airlines for FS2004 (Boeing) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB71DCD9-6D02-4FB4-A81F-27415DA07007}" = Overland - World Airlines for FSX (Airbus) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2 "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked "{EB74294F-B8FC-4387-BEBF-275E36C6076C}" = FS Recorder 2.1 for FSX "{ED654F5D-5DC9-46EA-9D10-621231527F98}" = FS9 Configurator "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F200693E-3746-4CAF-B38B-AD760AC08555}" = ProTrain - Romatisches Rheintal "{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "888poker" = 888poker "Accu-Feel" = Accu-Feel "ADE9xSetup_is1" = Airport Design Editor 9x Version 1.50.18.197 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AeroDesigns A340 - 313 House Livery" = AeroDesigns A340 - 313 House Livery "Airport Simulator" = Airport Simulator "Audacity_is1" = Audacity 2.0 "BAHN384r3a_is1" = BAHN 3.84r3a "BitTorrent" = BitTorrent "bwin Poker_is1" = bwin Poker "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "CHControlManager_is1" = CH Control Manager Software "Cities XL 2011" = Cities XL 2011 "C-Media Oxygen HD Sound" = C-Media Oxygen HD Audio Device "C-Media PCI Sound" = C-Media PCI Audio Device "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CPU-Control_is1" = CPU-Control "DAEMON Tools Lite" = DAEMON Tools Lite "Die Gilde Gold-Edition" = Die Gilde Gold-Edition "DMX5_is1" = DriverMax 5 "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition "eMule" = eMule "EZdok Camera for Microsoft Flight Simulator X" = EZdok Camera for Microsoft Flight Simulator X "F1UT2" = Ultimate Traffic 2 - Summer Schedule Update "F1UT2PP" = Ultimate Traffic 2 Power Pack "Foxit Reader_is1" = Foxit Reader "Fraps" = Fraps (remove only) "FS Water Configurator" = FS Water Configurator 3.15 "Google Chrome" = Google Chrome "HoldemManager2" = Holdem Manager 2 "ie8" = Windows Internet Explorer 8 "ImgBurn" = ImgBurn "Installation Stellwerk Bremen" = Installation Stellwerk Bremen "Installation Stellwerk Hamburg-Altona" = Installation Stellwerk Hamburg-Altona "Installation Stellwerk Hannover" = Installation Stellwerk Hannover "Installation Stellwerk Kempten" = Installation Stellwerk Kempten "Installation Stellwerk Neumünster" = Installation Stellwerk Neumünster "InstallShield_{72FC6A11-7165-49D3-9033-061953EFD732}" = Airlines 2 "InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "JBChtzDrdnBAHN386rel1_is1" = BAHN 3.86r1 "JBChtzDrdnBAHN386rel2_is1" = BAHN 3.86r2 "JBChtzDrdnBAHN400beta1_is1" = BAHN 4.00b1a "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "MM Eisenbahn-Bildschirmschoner V3" = MM Eisenbahn-Bildschirmschoner V3 "Mobile Partner" = Mobile Partner "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English) "NoLimits Coasters full" = NoLimits Coasters 1.7 (remove only) "OpenAL" = OpenAL "OpenTTD" = OpenTTD 1.2.3 "Origin" = Origin "PartyPoker" = PartyPoker "PCI Audio Driver" = PCI Audio Driver "PKR" = PKR "Poker 770" = Poker 770 "PokerStars" = PokerStars "PokerTracker4" = PokerTracker 4 (remove only) "ProcessLasso" = Process Lasso "Real Color KLAX" = Real Color KLAX "Sandboxie" = Sandboxie 3.68 (32-bit) "Shockwave" = Shockwave "SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1 "SS CFM56-7B 700_800" = SS CFM56-7B 700_800 "Star Alliance TravelDesk_is1" = Star Alliance TravelDesk "Steam App 73010" = Cities in Motion "TeamViewer 6" = TeamViewer 6 "TeamViewer 7" = TeamViewer 7 "TrafficGiant-Gold Edition" = TrafficGiant-Gold Edition "tsimsbgrx9" = São Paulo - Guarulhos / SBGR FS9 "TSS Airbus CFM56 5B FS2004" = TSS Airbus CFM56 5B FS2004 "TSS Airbus CFM56 5B FSX" = TSS Airbus CFM56 5B FSX "TSS Boeing 767 GE Sound" = TSS Boeing 767 GE Sound "TSS Boeing 767 PW Sound" = TSS Boeing 767 PW Sound "TSS Boeing 767 RR" = TSS Boeing 767 RR "TSS Fokker 100 RR-Tay" = TSS Fokker 100 RR-Tay "TSS MD11 GE fs2004" = TSS MD11 GE fs2004 "UK2000 Heathrow Xtreme" = Remove UK2000 Heathrow Xtreme files "Vehicle Simulator_is1" = Vehicle Simulator "Virtual Sailor_is1" = Virtual Sailor 7 "VLC media player" = VLC media player 2.0.4 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "80b77bf0c209b804" = Emulator Starter "GeoGebra 4.2" = GeoGebra 4.2 "GeoGebraPrim" = GeoGebraPrim "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20.12.2012 17:22:45 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung pokertracker4.exe, Version 4.5.9.0, fehlgeschlagenes Modul pokertracker4.exe, Version 4.5.9.0, Fehleradresse 0x00280073. Error - 23.12.2012 06:51:57 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e. Error - 25.12.2012 04:41:52 | Computer Name = JULIA | Source = PostgreSQL | ID = 0 Description = pg_ctl: could not start service "pgsql-8.3": error code 1063 Error - 27.12.2012 23:54:58 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e. Error - 29.12.2012 04:20:46 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e. Error - 29.12.2012 19:42:45 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e. Error - 30.12.2012 14:03:54 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb. Error - 30.12.2012 14:08:03 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung ezca.exe, Version 1.1.5.0, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.6293, Fehleradresse 0x00012fd3. Error - 02.01.2013 11:24:44 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung skype.exe, Version 6.0.60.126, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.6293, Fehleradresse 0x0000984e. Error - 03.01.2013 05:40:47 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e. [ Application Events ] Error - 20.12.2012 17:22:45 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung pokertracker4.exe, Version 4.5.9.0, fehlgeschlagenes Modul pokertracker4.exe, Version 4.5.9.0, Fehleradresse 0x00280073. Error - 23.12.2012 06:51:57 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e. Error - 25.12.2012 04:41:52 | Computer Name = JULIA | Source = PostgreSQL | ID = 0 Description = pg_ctl: could not start service "pgsql-8.3": error code 1063 Error - 27.12.2012 23:54:58 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e. Error - 29.12.2012 04:20:46 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e. Error - 29.12.2012 19:42:45 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e. Error - 30.12.2012 14:03:54 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb. Error - 30.12.2012 14:08:03 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung ezca.exe, Version 1.1.5.0, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.6293, Fehleradresse 0x00012fd3. Error - 02.01.2013 11:24:44 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung skype.exe, Version 6.0.60.126, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.6293, Fehleradresse 0x0000984e. Error - 03.01.2013 05:40:47 | Computer Name = JULIA | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e. [ System Events ] Error - 03.01.2013 12:47:47 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034 Description = Dienst "HWDeviceService.exe" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 03.01.2013 12:48:17 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034 Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 04.01.2013 05:22:25 | Computer Name = JULIA | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 62.178.222.171 für die Netzwerkkarte mit der Netzwerkadresse 00E07DDE68F5 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 04.01.2013 05:22:40 | Computer Name = JULIA | Source = a4o7z9b1 | ID = 262148 Description = Error - 04.01.2013 05:22:40 | Computer Name = JULIA | Source = a4o7z9b1 | ID = 262148 Description = Error - 04.01.2013 05:23:55 | Computer Name = JULIA | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Mobile Partner. OUC. Error - 04.01.2013 05:23:55 | Computer Name = JULIA | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 04.01.2013 05:35:07 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034 Description = Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 04.01.2013 05:35:10 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034 Description = Dienst "HWDeviceService.exe" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 04.01.2013 05:35:14 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034 Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > |
04.01.2013, 16:48 | #32 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google-Link und andere Probleme!Fixen mit OTL
Code:
ATTFilter :OTL IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startfenster.com IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-57989841-963894560-1606980848-1025\..\SearchScopes,DefaultScope = O2 - BHO: (no name) - {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {6764C5ED-CEE4-42ae-8F31-23F02A3A661F} - No CLSID value found. O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found. [2012.12.29 18:00:58 | 000,004,931 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab [2012.05.29 11:22:44 | 000,000,061 | -HS- | C] () -- C:\WINDOWS\cnerolf.bin :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]
__________________ |
04.01.2013, 18:05 | #33 |
| Google-Link und andere Probleme!Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-57989841-963894560-1606980848-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. HKEY_USERS\S-1-5-21-57989841-963894560-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-57989841-963894560-1606980848-1025\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6764C5ED-CEE4-42ae-8F31-23F02A3A661F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6764C5ED-CEE4-42ae-8F31-23F02A3A661F}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ not found. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab moved successfully. C:\WINDOWS\cnerolf.bin moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Auflösungscache wurde geleert. C:\cmd.bat deleted successfully. C:\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Administrator.JULIA ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Amadeo ->Temp folder emptied: 4747547 bytes ->Temporary Internet Files folder emptied: 18141956 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 379472376 bytes ->Flash cache emptied: 3137 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: postgres ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 384,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 01042013_175506 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
04.01.2013, 19:21 | #34 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google-Link und andere Probleme! Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Google-Link und andere Probleme! |
acrobat, andere, andere probleme, funktionieren, geleitet, klicke, lösung, natürlich, nicht öffnen, offen, problem, probleme, programme, reader, seite, sämtliche, thread, win, win xp, öffnen |