|
Plagegeister aller Art und deren Bekämpfung: Daten auf Externer Festplatte durch Virus unsichtbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.10.2012, 16:53 | #1 |
| Daten auf Externer Festplatte durch Virus unsichtbar Ich habe mir durch einen Kumpel den neuen Skype Virus eingefangen. Bei mir hat er am Laptop selber keinen Schaden verursacht, aber ich komme an meine fast 1 TB große Datensammlung auf meiner Externen Festplatte nicht mehr heran. Da ist nur ein Ordner der wie ein Papierkorb aussieht und der Name von dem Ding ist "Recycle.bin". Den Virus an sich habe ich schon gekillt und das gründlich. Ich habe schon im Administratormodus versucht mir wieder die Rechte zu geben, aber ich bekomme ständig zu lesen "Zugriff verweigert". Meine Daten sind aber noch vorhanden. Das erkenne ich daran dass die Festplatte immernoch halb voll ist und wenn ich Virensuchlauf darauf anwende sehe ich meine ganzen schönen Dateien da durchrattern. Leider bin ich ein ziemlicher Laie und diese Geschichte überfordert mich. Könnt ihr mir bitte helfen? |
01.10.2012, 21:12 | #2 | ||
/// Helfer-Team | Daten auf Externer Festplatte durch Virus unsichtbar Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
02.10.2012, 14:09 | #3 |
| Daten auf Externer Festplatte durch Virus unsichtbar OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 02.10.2012 09:19:50 - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\John Rietdorf\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,74 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 58,93% Memory free 13,50 Gb Paging File | 11,78 Gb Available in Paging File | 87,27% Paging File free Paging file location(s): c:\pagefile.sys 10000 10000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298,09 Gb Total Space | 216,13 Gb Free Space | 72,51% Space Free | Partition Type: NTFS Drive G: | 1863,01 Gb Total Space | 946,35 Gb Free Space | 50,80% Space Free | Partition Type: NTFS Computer Name: JOHNRIETDORF-PC | User Name: John Rietdorf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DisableUnicastResponsesToMulticastBroadcast" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01EBCEA2-1008-4185-9A26-ECFF2D0FF8B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{062E34BE-F6D3-4362-B963-A0DA7E56FB85}" = rport=137 | protocol=17 | dir=out | app=system | "{1589E658-8D25-40FB-88B9-3961A55098B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{21A9930B-3CDE-4A47-8BE9-7454467BBD04}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{23AB00DD-CEAC-4560-8C95-FBA555309D48}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2E172BDF-47D8-496D-8D94-A971DEB49A6D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2E4D9316-1A5E-42CE-99A9-6800A1E488DC}" = lport=139 | protocol=6 | dir=in | app=system | "{2F1BF4C3-331A-42CC-B946-28177A21A7A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{32004E3F-142C-4A2F-89F1-E38866105144}" = lport=10243 | protocol=6 | dir=in | app=system | "{36E97F0A-9142-457E-B411-5077460B5E80}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{393CCE84-B0E5-493B-B136-8BB5ADF789BD}" = lport=2869 | protocol=6 | dir=in | app=system | "{398E3132-C273-44D4-9165-CD8B610FA648}" = rport=2869 | protocol=6 | dir=out | app=system | "{3B19399A-D7BB-4A7D-85BD-05A3824569A2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{4AD66906-3C1E-449D-A99D-E4F47CC065A5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4BC9A105-05DB-42A6-85B9-6A4197439D4C}" = lport=138 | protocol=17 | dir=in | app=system | "{4C6FBDAB-2897-408A-9559-7A1318B17C97}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4DED14EB-0195-4A50-8888-1284F37B7F33}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{58A7C080-E8AC-4B39-91DC-99A55C4CED9A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7039DC59-A8D4-40F1-9FAA-4A4F0D2656B9}" = lport=137 | protocol=17 | dir=in | app=system | "{7B57CADA-9BD1-40FB-8372-3093E1DBBD9B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7D986E05-FB77-4011-BFC4-96EDE512287F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{8250114C-D6B8-46FF-954E-37211BDFA587}" = lport=2869 | protocol=6 | dir=in | app=system | "{868FBB63-932A-4975-B709-B63431F5ECBA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8CDF821E-9E75-482E-9998-9A696A11A797}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8F46E9E2-B47F-40A7-A0C7-5D806F0152F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{99C886EE-AF5F-44B1-B813-2F7A842A8FA8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{9DCEC204-0A81-4FED-AD7F-47DE7540D294}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A41B7389-74F1-4917-B812-4A42901C6936}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A478219F-D4E9-4BDD-B158-058551A627E5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B4E9C2FE-1A17-4E13-881C-6AD84C6ECC24}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B819C933-8A0F-4257-8F92-3FF4595FE8AE}" = rport=139 | protocol=6 | dir=out | app=system | "{BD33A88D-8174-4179-A9C6-F68319558602}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BDC09470-CD94-43B2-8E1E-0784C95122B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BFDDC497-4B1A-4BED-B289-237165D0E1F8}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C6ECF997-B343-4A74-A8C0-7BF1C3E25890}" = rport=10243 | protocol=6 | dir=out | app=system | "{CBF3A1DB-24E5-4B94-8163-36343AAA6010}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF9F045E-C029-4312-9352-2134ABB46002}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D3CF8AF5-573B-48EB-9CE5-9A6CD86D1239}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{D48D9100-F7A6-4600-8A38-C4D069D7433B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D52F2B0D-FEF7-438F-84C0-BDDDBB653CD5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D5B40C12-3312-474A-A080-F7162519389A}" = lport=2869 | protocol=6 | dir=in | app=system | "{DEFFA2E0-F5E2-4E00-A7D8-10CE1F7E24F2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E24B4A3D-50DB-4B96-A10B-905AEFD19C16}" = lport=445 | protocol=6 | dir=in | app=system | "{F0D59D84-E224-422E-BEE2-7A85A94611B3}" = rport=138 | protocol=17 | dir=out | app=system | "{F6F6350F-8AC1-434E-B651-E96835461333}" = lport=2869 | protocol=6 | dir=in | app=system | "{F8296E25-1FAC-4A26-BC65-B74CADFB937C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FF87C18A-E5D7-405E-9FD2-D586EF948CB2}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{013CAF13-A300-4B0F-A968-B9E96AF66023}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{023FB386-D64E-4A0B-B439-431A19A8EAC4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{0A931463-D233-45DE-9B2B-BF78341D50AC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0CE05468-F00B-445E-AD96-57CB4200C8CB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1128FE72-14F0-45FB-ADCC-65CB8AD13E25}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{13F334BC-5F0A-4610-895E-80767E2616FB}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{15F41015-59E6-42BD-A9D3-E3F6BB990B08}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{202155F4-309C-4AEB-95FB-7CFEEF610CE5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{2194F701-1BAC-4033-8092-5ACA7409EFA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{230017BC-79FB-4880-9DEF-2B08239240EB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{231AA75A-092E-446F-B870-11C51897077A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2AE00672-09A3-4044-AEB3-E188514D1070}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{2B9879F4-2D73-4EAC-9A3F-BCBE14F69C0F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{311987B8-FF48-4318-A418-8702953D03A4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{33079DD2-3555-4324-A66E-E0AA8649E7F3}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{3941482A-DE53-44C1-B55D-7FE0524F9F78}" = protocol=6 | dir=out | app=system | "{3ED4A5BD-17DA-4CC2-8BF3-74BAA7BC0DBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3FD9D7B1-799B-4876-A1F1-658D67649F42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{408E09DF-2C58-4038-8944-ED2F716D6D96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{40D72237-A65E-488D-BDC6-F17620949149}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{41E7FE94-5C7F-48A9-9AFF-56FC0C6BFC53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{422B23CD-E013-415B-BDEE-AB73F610CDC7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{49316B64-4FDB-44F8-8247-1C2DA6368A5C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4E9531AF-A3DA-468F-97F4-31E2E51D398D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{5194D582-6D51-4ED7-813F-97D3A91703E2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{55C3A813-4A06-4CF7-AA01-7E605C2201B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{56E9D68D-CE7B-4C58-B95C-4172DD0B8A06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5898D806-4734-4D28-BEF9-9C8789A81981}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{5C2379EE-B1CC-4D20-8669-E6A8389935E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5DD60452-C091-44B7-A515-7BEFF853275B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{605F6AC4-E503-4BD9-B4CF-BFFA12935A1F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{60EC971F-7E4F-43C9-8416-33A8FB111B1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6316A577-D383-40B5-84E1-4095E877B6DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{65AD115F-6D8B-4BAD-9DBB-E824FCB10576}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{712F44D9-92C7-48BF-AE7F-3487EDDAE7BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{721BF72D-28DC-4EBE-B99B-7FFBAE674987}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{74DBEB8B-2FBE-4426-BA7A-78B7711B7479}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{75AF9EBF-7731-4B42-9FC4-0722F6F5FDE0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{7954F69E-658F-4388-84B0-BB27DF364CF3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{7B4633FE-14AF-4DD1-A31C-0FFDD69F00C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7ED456C1-4A78-4F83-B285-40B47EEAE257}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{88AB4EBF-5085-45F5-ADC7-E7FFCA0B8997}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{8AE160E2-DFA1-4EA1-B827-AE5433E6E718}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{8B0CBDFA-47AA-4FCB-B49F-BEA9A3243533}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{93F1F9C1-F660-4D3B-85C8-FF614F4592E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{95A863F2-3424-4794-B114-242984CE68D1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{9F0ECDA4-DA89-4552-8CE2-6ACC60411AAC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A0A52D16-6AA7-4810-87FE-5684A73885E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A4886EF7-008E-4D4B-9599-112A7515977B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{A5893FC0-C622-4C0D-A79E-B242758F4505}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{ACD5E5DD-074A-430F-A43F-AE4A3147031E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AD5D722C-AA73-49E3-A0CD-819BBD9A048E}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{AECB7CDC-5AFF-4453-8BE2-7A5FBF54DB86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{B1A55E7A-0FC4-4767-B8A0-BE3BC7FF0F6F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{B38CDD2B-9F5B-4E99-953D-56C789673CF0}" = protocol=17 | dir=in | app=c:\windows\system32\synchost.exe | "{B64A9256-E5C8-403D-944B-6C996DECBC96}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{B6DB3F45-30E3-4BA8-9AB7-C740AB6E5B7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{B9501061-5FB6-4AF4-A2A4-3875280E5F68}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{BB2E6DCC-CC80-4EA2-B573-C55470A62959}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BB2E94DA-F9A4-4ED6-86F3-7680D46C14C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{C1E83957-E630-4D9B-8C37-4AA29EEDC3E5}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{C3ABE44C-0CBC-4BFD-A873-4CCB57F0E933}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{C473B2F3-5B3D-42CE-8635-921300F70122}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{CF813957-C65F-4803-A6FD-064BAAC1554E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{DEB65F4E-CD46-4B54-B54F-CE2A3812A90C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{E2D855B2-6E32-444C-9CAE-2C0FAD628BC5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{E9CBA195-3AA6-4FA7-9DDE-9E06B7ED0ADF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{EEC383A9-B3D4-4884-BD18-FE65A30B741B}" = protocol=6 | dir=in | app=c:\windows\system32\synchost.exe | "{EFE15DAF-9D76-44B6-8C34-0648B5D254FB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{F4EB379A-B6C3-49E0-AF6B-41B012D580CB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{F4EDFC50-FE88-4D75-83FA-E72CE9CE5E35}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{F731C3C4-DACB-41EB-9BAB-DAEDD9D41EAF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{FFDEFA84-21BC-4729-85A1-3EC1B4736F37}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{77B8DDAA-E2C0-46CD-82F7-22E6ACB086D6}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{D49C1CA0-F695-46E7-A97A-505F668F1B91}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "UDP Query User{10B82349-AD5D-40D4-8098-6FA787C75C56}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{A8C76A5C-68B5-4781-9B32-FEEB884D10DD}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{241E3816-2EF1-A1D1-8811-4478E28E130B}" = ccc-utility64 "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit) "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AFBE654A-4597-89DB-EF5F-7CC7D0475691}" = ATI Catalyst Install Manager "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "sp6" = Logitech SetPoint 6.32 "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{0E9118B6-0191-3642-E743-B69EBE42D4AF}" = Catalyst Control Center Graphics Full Existing "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{19F3712E-BDCF-B1DA-A22E-A67537C8A2F0}" = CCC Help Polish "{1BE1B77F-4307-B5D3-1532-CEE7ECF9CBBB}" = CCC Help Norwegian "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400 "{26D4F3D3-4FD2-420E-959B-D673E1103EA8}" = Remote Keyboard Lite "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3CD5493C-51AF-C805-A197-DC36E8C57784}" = CCC Help Portuguese "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D53090A-CE35-42BD-B377-831000018301}" = Fable III "{4D53090A-CE35-42BD-B377-831000018302}" = Fable III "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{4FEF7A1D-0DAC-F687-E474-AA7A13E3D8CA}" = Catalyst Control Center Graphics Full New "{50B9544E-CA9A-CA08-3BC8-F66A69A4E49F}" = CCC Help Spanish "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{525A74BE-B7F5-94D0-987C-0324FF58FBB1}" = CCC Help French "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{5F0FF70C-5828-2178-4642-206D9F3B681F}" = Catalyst Control Center InstallProxy "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb "{6a4b0a4f-58d0-430c-becc-aa50733cd761}" = Ad-Aware Antivirus "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{74A8E6D0-5E5B-6CAC-F592-8EDA39FC15C0}" = CCC Help Korean "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{780B7CAD-9E59-8986-63EC-D60B8D06D6E6}" = Catalyst Control Center Graphics Light "{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M "{7C1BA7EF-0866-BBDB-129A-F53DB0954F61}" = CCC Help Turkish "{7C621473-99FD-4800-B2F5-4F390AA46E0C}" = Remote-Tastatur Lite "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E2CD483-7D07-BE78-C0C6-DE07057DC551}" = Catalyst Control Center Core Implementation "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{832BC337-E36D-0039-065C-7E4EDC5D45B4}" = CCC Help Greek "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{849EC471-5D3C-59E4-5C52-845C3AC320B3}" = CCC Help Thai "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86021347-6DF2-7015-B152-51A17DCFDB22}" = CCC Help English "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9347A62B-EDAF-AA30-0F68-3EF11B51DCA1}" = CCC Help German "{935E59AB-A56F-6EB5-9BA8-A1FC7A203A77}" = ccc-core-static "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95E4B940-E816-933C-D48F-2E000F2629C8}" = CCC Help Chinese Traditional "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D027EFD-8DA7-474D-FEF9-6302A77BDB27}" = CCC Help Chinese Standard "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8439DCA-AE39-2510-3EC3-730C4EE13473}" = CCC Help Finnish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{AC838E60-C5DB-3127-1743-E6789CC26C74}" = PX Profile Update "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B6F57B2E-1C93-E0B3-4F6A-F5E2118709AA}" = CCC Help Swedish "{B73424BF-A4E9-572B-3FE1-6E7AF172D192}" = Catalyst Control Center Graphics Previews Vista "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C76DD602-F340-0433-87B9-432996F4707A}" = Catalyst Control Center Localization All "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D421F957-7D5B-D409-FA76-7400853952E3}" = CCC Help Czech "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{DBB3F067-D7DF-C159-4224-3DABD84492E1}" = CCC Help Hungarian "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DCDCE4BE-9E4B-BC42-85F6-76D4F0AE7EE0}" = CCC Help Russian "{DF4F714F-5EDA-31FF-F597-317A29B42B8B}" = CCC Help Danish "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1831D71-DBCA-999B-075D-7CC2B9B115C9}" = CCC Help Japanese "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EA562C1C-D6C2-070A-FE8B-B1FF6094ACB8}" = CCC Help Dutch "{EADB1B66-8AAD-BC58-7E6E-33BC314A27D5}" = CCC Help Italian "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "5513-1208-7298-9440" = JDownloader 0.9 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "adawaretb" = Ad-Aware Security Add-on "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AviSynth" = AviSynth 2.5 "dBpoweramp Music Converter" = dBpoweramp Music Converter "DivX Setup" = DivX-Setup "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.17.903 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.30.903 "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader "JetBoost_is1" = JetBoost "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de) "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Tales of Monkey Island" = Tales of Monkey Island "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer 7" = TeamViewer 7 "UltraISO_is1" = UltraISO Premium V9.2 "VLC media player" = VLC media player 2.0.1 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CT2625848" = DVDVideoSoftTB DE Toolbar "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.09.2012 12:27:52 | Computer Name = JohnRietdorf-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.09.2012 15:28:08 | Computer Name = JohnRietdorf-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 11.09.2012 15:30:00 | Computer Name = JohnRietdorf-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.09.2012 15:30:00 | Computer Name = JohnRietdorf-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.09.2012 15:30:00 | Computer Name = JohnRietdorf-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.09.2012 15:30:00 | Computer Name = JohnRietdorf-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 23.09.2012 13:31:18 | Computer Name = JohnRietdorf-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Autorun.exe_unknown, Version: 2010.10.21.48112, Zeitstempel: 0x4cc0de24 Name des fehlerhaften Moduls: Autorun.exe, Version: 2010.10.21.48112, Zeitstempel: 0x4cc0de24 Ausnahmecode: 0xc0000006 Fehleroffset: 0x0039b577 ID des fehlerhaften Prozesses: 0x6dc Startzeit der fehlerhaften Anwendung: 0x01cd99b13c764e21 Pfad der fehlerhaften Anwendung: F:\Autorun.exe Pfad des fehlerhaften Moduls: F:\Autorun.exe Berichtskennung: 7b87e76b-05a4-11e2-a151-78e4003613d6 Error - 23.09.2012 13:31:19 | Computer Name = JohnRietdorf-PC | Source = Application Error | ID = 1005 Description = Aus einem der folgenden Gründe kann nicht auf die Datei "F:\Autorun.exe" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm Autorun.exe wurde wegen dieses Fehlers geschlossen. Programm: Autorun.exe Datei: F:\Autorun.exe Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: C0000023 Datenträgertyp: 5 Error - 24.09.2012 09:44:42 | Computer Name = JohnRietdorf-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MonkeyIsland102.exe, Version: 2010.10.19.48040, Zeitstempel: 0x4cbe5d5b Name des fehlerhaften Moduls: MonkeyIsland102.exe, Version: 2010.10.19.48040, Zeitstempel: 0x4cbe5d5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x001abb58 ID des fehlerhaften Prozesses: 0x1744 Startzeit der fehlerhaften Anwendung: 0x01cd9a571d2610c3 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Daedalic Entertainment\Tales of Monkey Island\The Siege of Spinner Cay\MonkeyIsland102.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Daedalic Entertainment\Tales of Monkey Island\The Siege of Spinner Cay\MonkeyIsland102.exe Berichtskennung: fdd9836d-064d-11e2-9e27-78e4003613d6 Error - 24.09.2012 10:59:17 | Computer Name = JohnRietdorf-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MonkeyIsland102.exe, Version: 2010.10.19.48040, Zeitstempel: 0x4cbe5d5b Name des fehlerhaften Moduls: MonkeyIsland102.exe, Version: 2010.10.19.48040, Zeitstempel: 0x4cbe5d5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x001abb58 ID des fehlerhaften Prozesses: 0x13ec Startzeit der fehlerhaften Anwendung: 0x01cd9a5b565b2547 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Daedalic Entertainment\Tales of Monkey Island\The Siege of Spinner Cay\MonkeyIsland102.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Daedalic Entertainment\Tales of Monkey Island\The Siege of Spinner Cay\MonkeyIsland102.exe Berichtskennung: 69042cea-0658-11e2-9e27-78e4003613d6 [ Media Center Events ] Error - 14.04.2012 17:54:41 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 23:54:37 - Fehler beim Herstellen der Internetverbindung. 23:54:37 - Serververbindung konnte nicht hergestellt werden.. Error - 14.04.2012 18:54:51 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 00:54:51 - Fehler beim Herstellen der Internetverbindung. 00:54:51 - Serververbindung konnte nicht hergestellt werden.. Error - 14.04.2012 18:55:00 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 00:54:56 - Fehler beim Herstellen der Internetverbindung. 00:54:56 - Serververbindung konnte nicht hergestellt werden.. Error - 14.04.2012 19:55:05 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 01:55:05 - Fehler beim Herstellen der Internetverbindung. 01:55:05 - Serververbindung konnte nicht hergestellt werden.. Error - 14.04.2012 19:55:11 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 01:55:10 - Fehler beim Herstellen der Internetverbindung. 01:55:10 - Serververbindung konnte nicht hergestellt werden.. Error - 14.04.2012 20:55:16 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 02:55:16 - Fehler beim Herstellen der Internetverbindung. 02:55:16 - Serververbindung konnte nicht hergestellt werden.. Error - 14.04.2012 20:55:21 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 02:55:21 - Fehler beim Herstellen der Internetverbindung. 02:55:21 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2012 17:11:38 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 23:11:38 - Fehler beim Herstellen der Internetverbindung. 23:11:38 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2012 17:11:48 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 23:11:43 - Fehler beim Herstellen der Internetverbindung. 23:11:43 - Serververbindung konnte nicht hergestellt werden.. Error - 21.04.2012 04:08:01 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 10:07:57 - Fehler beim Herstellen der Internetverbindung. 10:07:57 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 01.10.2012 13:37:55 | Computer Name = JohnRietdorf-PC | Source = bowser | ID = 8003 Description = Error - 01.10.2012 15:17:13 | Computer Name = JohnRietdorf-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SBAMSvc erreicht. Error - 01.10.2012 16:07:01 | Computer Name = JohnRietdorf-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 01.10.2012 16:07:01 | Computer Name = JohnRietdorf-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 01.10.2012 16:07:02 | Computer Name = JohnRietdorf-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 01.10.2012 16:07:03 | Computer Name = JohnRietdorf-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 02.10.2012 02:27:22 | Computer Name = JohnRietdorf-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%14 Error - 02.10.2012 03:06:19 | Computer Name = JohnRietdorf-PC | Source = bowser | ID = 8003 Description = Error - 02.10.2012 03:07:47 | Computer Name = JohnRietdorf-PC | Source = ipnathlp | ID = 31004 Description = Error - 02.10.2012 03:09:19 | Computer Name = JohnRietdorf-PC | Source = bowser | ID = 8003 Description = < End of report > [\code] OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.10.2012 09:19:50 - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\John Rietdorf\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,74 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 58,93% Memory free 13,50 Gb Paging File | 11,78 Gb Available in Paging File | 87,27% Paging File free Paging file location(s): c:\pagefile.sys 10000 10000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298,09 Gb Total Space | 216,13 Gb Free Space | 72,51% Space Free | Partition Type: NTFS Drive G: | 1863,01 Gb Total Space | 946,35 Gb Free Space | 50,80% Space Free | Partition Type: NTFS Computer Name: JOHNRIETDORF-PC | User Name: John Rietdorf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DisableUnicastResponsesToMulticastBroadcast" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01EBCEA2-1008-4185-9A26-ECFF2D0FF8B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{062E34BE-F6D3-4362-B963-A0DA7E56FB85}" = rport=137 | protocol=17 | dir=out | app=system | "{1589E658-8D25-40FB-88B9-3961A55098B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{21A9930B-3CDE-4A47-8BE9-7454467BBD04}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{23AB00DD-CEAC-4560-8C95-FBA555309D48}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2E172BDF-47D8-496D-8D94-A971DEB49A6D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2E4D9316-1A5E-42CE-99A9-6800A1E488DC}" = lport=139 | protocol=6 | dir=in | app=system | "{2F1BF4C3-331A-42CC-B946-28177A21A7A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{32004E3F-142C-4A2F-89F1-E38866105144}" = lport=10243 | protocol=6 | dir=in | app=system | "{36E97F0A-9142-457E-B411-5077460B5E80}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{393CCE84-B0E5-493B-B136-8BB5ADF789BD}" = lport=2869 | protocol=6 | dir=in | app=system | "{398E3132-C273-44D4-9165-CD8B610FA648}" = rport=2869 | protocol=6 | dir=out | app=system | "{3B19399A-D7BB-4A7D-85BD-05A3824569A2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{4AD66906-3C1E-449D-A99D-E4F47CC065A5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4BC9A105-05DB-42A6-85B9-6A4197439D4C}" = lport=138 | protocol=17 | dir=in | app=system | "{4C6FBDAB-2897-408A-9559-7A1318B17C97}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4DED14EB-0195-4A50-8888-1284F37B7F33}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{58A7C080-E8AC-4B39-91DC-99A55C4CED9A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7039DC59-A8D4-40F1-9FAA-4A4F0D2656B9}" = lport=137 | protocol=17 | dir=in | app=system | "{7B57CADA-9BD1-40FB-8372-3093E1DBBD9B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7D986E05-FB77-4011-BFC4-96EDE512287F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{8250114C-D6B8-46FF-954E-37211BDFA587}" = lport=2869 | protocol=6 | dir=in | app=system | "{868FBB63-932A-4975-B709-B63431F5ECBA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8CDF821E-9E75-482E-9998-9A696A11A797}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8F46E9E2-B47F-40A7-A0C7-5D806F0152F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{99C886EE-AF5F-44B1-B813-2F7A842A8FA8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{9DCEC204-0A81-4FED-AD7F-47DE7540D294}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A41B7389-74F1-4917-B812-4A42901C6936}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A478219F-D4E9-4BDD-B158-058551A627E5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B4E9C2FE-1A17-4E13-881C-6AD84C6ECC24}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B819C933-8A0F-4257-8F92-3FF4595FE8AE}" = rport=139 | protocol=6 | dir=out | app=system | "{BD33A88D-8174-4179-A9C6-F68319558602}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BDC09470-CD94-43B2-8E1E-0784C95122B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BFDDC497-4B1A-4BED-B289-237165D0E1F8}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C6ECF997-B343-4A74-A8C0-7BF1C3E25890}" = rport=10243 | protocol=6 | dir=out | app=system | "{CBF3A1DB-24E5-4B94-8163-36343AAA6010}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF9F045E-C029-4312-9352-2134ABB46002}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D3CF8AF5-573B-48EB-9CE5-9A6CD86D1239}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{D48D9100-F7A6-4600-8A38-C4D069D7433B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D52F2B0D-FEF7-438F-84C0-BDDDBB653CD5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D5B40C12-3312-474A-A080-F7162519389A}" = lport=2869 | protocol=6 | dir=in | app=system | "{DEFFA2E0-F5E2-4E00-A7D8-10CE1F7E24F2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E24B4A3D-50DB-4B96-A10B-905AEFD19C16}" = lport=445 | protocol=6 | dir=in | app=system | "{F0D59D84-E224-422E-BEE2-7A85A94611B3}" = rport=138 | protocol=17 | dir=out | app=system | "{F6F6350F-8AC1-434E-B651-E96835461333}" = lport=2869 | protocol=6 | dir=in | app=system | "{F8296E25-1FAC-4A26-BC65-B74CADFB937C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FF87C18A-E5D7-405E-9FD2-D586EF948CB2}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{013CAF13-A300-4B0F-A968-B9E96AF66023}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{023FB386-D64E-4A0B-B439-431A19A8EAC4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{0A931463-D233-45DE-9B2B-BF78341D50AC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0CE05468-F00B-445E-AD96-57CB4200C8CB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1128FE72-14F0-45FB-ADCC-65CB8AD13E25}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{13F334BC-5F0A-4610-895E-80767E2616FB}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{15F41015-59E6-42BD-A9D3-E3F6BB990B08}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{202155F4-309C-4AEB-95FB-7CFEEF610CE5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{2194F701-1BAC-4033-8092-5ACA7409EFA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{230017BC-79FB-4880-9DEF-2B08239240EB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{231AA75A-092E-446F-B870-11C51897077A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2AE00672-09A3-4044-AEB3-E188514D1070}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{2B9879F4-2D73-4EAC-9A3F-BCBE14F69C0F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{311987B8-FF48-4318-A418-8702953D03A4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{33079DD2-3555-4324-A66E-E0AA8649E7F3}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{3941482A-DE53-44C1-B55D-7FE0524F9F78}" = protocol=6 | dir=out | app=system | "{3ED4A5BD-17DA-4CC2-8BF3-74BAA7BC0DBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3FD9D7B1-799B-4876-A1F1-658D67649F42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{408E09DF-2C58-4038-8944-ED2F716D6D96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{40D72237-A65E-488D-BDC6-F17620949149}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{41E7FE94-5C7F-48A9-9AFF-56FC0C6BFC53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{422B23CD-E013-415B-BDEE-AB73F610CDC7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{49316B64-4FDB-44F8-8247-1C2DA6368A5C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4E9531AF-A3DA-468F-97F4-31E2E51D398D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{5194D582-6D51-4ED7-813F-97D3A91703E2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{55C3A813-4A06-4CF7-AA01-7E605C2201B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{56E9D68D-CE7B-4C58-B95C-4172DD0B8A06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5898D806-4734-4D28-BEF9-9C8789A81981}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{5C2379EE-B1CC-4D20-8669-E6A8389935E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5DD60452-C091-44B7-A515-7BEFF853275B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{605F6AC4-E503-4BD9-B4CF-BFFA12935A1F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{60EC971F-7E4F-43C9-8416-33A8FB111B1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6316A577-D383-40B5-84E1-4095E877B6DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{65AD115F-6D8B-4BAD-9DBB-E824FCB10576}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{712F44D9-92C7-48BF-AE7F-3487EDDAE7BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{721BF72D-28DC-4EBE-B99B-7FFBAE674987}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{74DBEB8B-2FBE-4426-BA7A-78B7711B7479}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{75AF9EBF-7731-4B42-9FC4-0722F6F5FDE0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{7954F69E-658F-4388-84B0-BB27DF364CF3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{7B4633FE-14AF-4DD1-A31C-0FFDD69F00C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7ED456C1-4A78-4F83-B285-40B47EEAE257}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{88AB4EBF-5085-45F5-ADC7-E7FFCA0B8997}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{8AE160E2-DFA1-4EA1-B827-AE5433E6E718}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{8B0CBDFA-47AA-4FCB-B49F-BEA9A3243533}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{93F1F9C1-F660-4D3B-85C8-FF614F4592E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{95A863F2-3424-4794-B114-242984CE68D1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{9F0ECDA4-DA89-4552-8CE2-6ACC60411AAC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A0A52D16-6AA7-4810-87FE-5684A73885E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A4886EF7-008E-4D4B-9599-112A7515977B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{A5893FC0-C622-4C0D-A79E-B242758F4505}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{ACD5E5DD-074A-430F-A43F-AE4A3147031E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AD5D722C-AA73-49E3-A0CD-819BBD9A048E}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{AECB7CDC-5AFF-4453-8BE2-7A5FBF54DB86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{B1A55E7A-0FC4-4767-B8A0-BE3BC7FF0F6F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{B38CDD2B-9F5B-4E99-953D-56C789673CF0}" = protocol=17 | dir=in | app=c:\windows\system32\synchost.exe | "{B64A9256-E5C8-403D-944B-6C996DECBC96}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{B6DB3F45-30E3-4BA8-9AB7-C740AB6E5B7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{B9501061-5FB6-4AF4-A2A4-3875280E5F68}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{BB2E6DCC-CC80-4EA2-B573-C55470A62959}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BB2E94DA-F9A4-4ED6-86F3-7680D46C14C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{C1E83957-E630-4D9B-8C37-4AA29EEDC3E5}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{C3ABE44C-0CBC-4BFD-A873-4CCB57F0E933}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{C473B2F3-5B3D-42CE-8635-921300F70122}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{CF813957-C65F-4803-A6FD-064BAAC1554E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{DEB65F4E-CD46-4B54-B54F-CE2A3812A90C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{E2D855B2-6E32-444C-9CAE-2C0FAD628BC5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{E9CBA195-3AA6-4FA7-9DDE-9E06B7ED0ADF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{EEC383A9-B3D4-4884-BD18-FE65A30B741B}" = protocol=6 | dir=in | app=c:\windows\system32\synchost.exe | "{EFE15DAF-9D76-44B6-8C34-0648B5D254FB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{F4EB379A-B6C3-49E0-AF6B-41B012D580CB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{F4EDFC50-FE88-4D75-83FA-E72CE9CE5E35}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{F731C3C4-DACB-41EB-9BAB-DAEDD9D41EAF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{FFDEFA84-21BC-4729-85A1-3EC1B4736F37}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{77B8DDAA-E2C0-46CD-82F7-22E6ACB086D6}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{D49C1CA0-F695-46E7-A97A-505F668F1B91}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "UDP Query User{10B82349-AD5D-40D4-8098-6FA787C75C56}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{A8C76A5C-68B5-4781-9B32-FEEB884D10DD}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{241E3816-2EF1-A1D1-8811-4478E28E130B}" = ccc-utility64 "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit) "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AFBE654A-4597-89DB-EF5F-7CC7D0475691}" = ATI Catalyst Install Manager "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "sp6" = Logitech SetPoint 6.32 "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{0E9118B6-0191-3642-E743-B69EBE42D4AF}" = Catalyst Control Center Graphics Full Existing "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{19F3712E-BDCF-B1DA-A22E-A67537C8A2F0}" = CCC Help Polish "{1BE1B77F-4307-B5D3-1532-CEE7ECF9CBBB}" = CCC Help Norwegian "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400 "{26D4F3D3-4FD2-420E-959B-D673E1103EA8}" = Remote Keyboard Lite "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3CD5493C-51AF-C805-A197-DC36E8C57784}" = CCC Help Portuguese "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D53090A-CE35-42BD-B377-831000018301}" = Fable III "{4D53090A-CE35-42BD-B377-831000018302}" = Fable III "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{4FEF7A1D-0DAC-F687-E474-AA7A13E3D8CA}" = Catalyst Control Center Graphics Full New "{50B9544E-CA9A-CA08-3BC8-F66A69A4E49F}" = CCC Help Spanish "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{525A74BE-B7F5-94D0-987C-0324FF58FBB1}" = CCC Help French "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{5F0FF70C-5828-2178-4642-206D9F3B681F}" = Catalyst Control Center InstallProxy "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb "{6a4b0a4f-58d0-430c-becc-aa50733cd761}" = Ad-Aware Antivirus "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{74A8E6D0-5E5B-6CAC-F592-8EDA39FC15C0}" = CCC Help Korean "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{780B7CAD-9E59-8986-63EC-D60B8D06D6E6}" = Catalyst Control Center Graphics Light "{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M "{7C1BA7EF-0866-BBDB-129A-F53DB0954F61}" = CCC Help Turkish "{7C621473-99FD-4800-B2F5-4F390AA46E0C}" = Remote-Tastatur Lite "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E2CD483-7D07-BE78-C0C6-DE07057DC551}" = Catalyst Control Center Core Implementation "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{832BC337-E36D-0039-065C-7E4EDC5D45B4}" = CCC Help Greek "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{849EC471-5D3C-59E4-5C52-845C3AC320B3}" = CCC Help Thai "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86021347-6DF2-7015-B152-51A17DCFDB22}" = CCC Help English "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9347A62B-EDAF-AA30-0F68-3EF11B51DCA1}" = CCC Help German "{935E59AB-A56F-6EB5-9BA8-A1FC7A203A77}" = ccc-core-static "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95E4B940-E816-933C-D48F-2E000F2629C8}" = CCC Help Chinese Traditional "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D027EFD-8DA7-474D-FEF9-6302A77BDB27}" = CCC Help Chinese Standard "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8439DCA-AE39-2510-3EC3-730C4EE13473}" = CCC Help Finnish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{AC838E60-C5DB-3127-1743-E6789CC26C74}" = PX Profile Update "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B6F57B2E-1C93-E0B3-4F6A-F5E2118709AA}" = CCC Help Swedish "{B73424BF-A4E9-572B-3FE1-6E7AF172D192}" = Catalyst Control Center Graphics Previews Vista "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C76DD602-F340-0433-87B9-432996F4707A}" = Catalyst Control Center Localization All "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D421F957-7D5B-D409-FA76-7400853952E3}" = CCC Help Czech "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{DBB3F067-D7DF-C159-4224-3DABD84492E1}" = CCC Help Hungarian "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DCDCE4BE-9E4B-BC42-85F6-76D4F0AE7EE0}" = CCC Help Russian "{DF4F714F-5EDA-31FF-F597-317A29B42B8B}" = CCC Help Danish "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1831D71-DBCA-999B-075D-7CC2B9B115C9}" = CCC Help Japanese "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EA562C1C-D6C2-070A-FE8B-B1FF6094ACB8}" = CCC Help Dutch "{EADB1B66-8AAD-BC58-7E6E-33BC314A27D5}" = CCC Help Italian "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "5513-1208-7298-9440" = JDownloader 0.9 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "adawaretb" = Ad-Aware Security Add-on "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AviSynth" = AviSynth 2.5 "dBpoweramp Music Converter" = dBpoweramp Music Converter "DivX Setup" = DivX-Setup "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.17.903 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.30.903 "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader "JetBoost_is1" = JetBoost "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de) "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Tales of Monkey Island" = Tales of Monkey Island "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer 7" = TeamViewer 7 "UltraISO_is1" = UltraISO Premium V9.2 "VLC media player" = VLC media player 2.0.1 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CT2625848" = DVDVideoSoftTB DE Toolbar "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.09.2012 12:27:52 | Computer Name = JohnRietdorf-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.09.2012 15:28:08 | Computer Name = JohnRietdorf-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 11.09.2012 15:30:00 | Computer Name = JohnRietdorf-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.09.2012 15:30:00 | Computer Name = JohnRietdorf-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.09.2012 15:30:00 | Computer Name = JohnRietdorf-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.09.2012 15:30:00 | Computer Name = JohnRietdorf-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 23.09.2012 13:31:18 | Computer Name = JohnRietdorf-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Autorun.exe_unknown, Version: 2010.10.21.48112, Zeitstempel: 0x4cc0de24 Name des fehlerhaften Moduls: Autorun.exe, Version: 2010.10.21.48112, Zeitstempel: 0x4cc0de24 Ausnahmecode: 0xc0000006 Fehleroffset: 0x0039b577 ID des fehlerhaften Prozesses: 0x6dc Startzeit der fehlerhaften Anwendung: 0x01cd99b13c764e21 Pfad der fehlerhaften Anwendung: F:\Autorun.exe Pfad des fehlerhaften Moduls: F:\Autorun.exe Berichtskennung: 7b87e76b-05a4-11e2-a151-78e4003613d6 Error - 23.09.2012 13:31:19 | Computer Name = JohnRietdorf-PC | Source = Application Error | ID = 1005 Description = Aus einem der folgenden Gründe kann nicht auf die Datei "F:\Autorun.exe" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm Autorun.exe wurde wegen dieses Fehlers geschlossen. Programm: Autorun.exe Datei: F:\Autorun.exe Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: C0000023 Datenträgertyp: 5 Error - 24.09.2012 09:44:42 | Computer Name = JohnRietdorf-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MonkeyIsland102.exe, Version: 2010.10.19.48040, Zeitstempel: 0x4cbe5d5b Name des fehlerhaften Moduls: MonkeyIsland102.exe, Version: 2010.10.19.48040, Zeitstempel: 0x4cbe5d5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x001abb58 ID des fehlerhaften Prozesses: 0x1744 Startzeit der fehlerhaften Anwendung: 0x01cd9a571d2610c3 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Daedalic Entertainment\Tales of Monkey Island\The Siege of Spinner Cay\MonkeyIsland102.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Daedalic Entertainment\Tales of Monkey Island\The Siege of Spinner Cay\MonkeyIsland102.exe Berichtskennung: fdd9836d-064d-11e2-9e27-78e4003613d6 Error - 24.09.2012 10:59:17 | Computer Name = JohnRietdorf-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MonkeyIsland102.exe, Version: 2010.10.19.48040, Zeitstempel: 0x4cbe5d5b Name des fehlerhaften Moduls: MonkeyIsland102.exe, Version: 2010.10.19.48040, Zeitstempel: 0x4cbe5d5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x001abb58 ID des fehlerhaften Prozesses: 0x13ec Startzeit der fehlerhaften Anwendung: 0x01cd9a5b565b2547 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Daedalic Entertainment\Tales of Monkey Island\The Siege of Spinner Cay\MonkeyIsland102.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Daedalic Entertainment\Tales of Monkey Island\The Siege of Spinner Cay\MonkeyIsland102.exe Berichtskennung: 69042cea-0658-11e2-9e27-78e4003613d6 [ Media Center Events ] Error - 14.04.2012 17:54:41 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 23:54:37 - Fehler beim Herstellen der Internetverbindung. 23:54:37 - Serververbindung konnte nicht hergestellt werden.. Error - 14.04.2012 18:54:51 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 00:54:51 - Fehler beim Herstellen der Internetverbindung. 00:54:51 - Serververbindung konnte nicht hergestellt werden.. Error - 14.04.2012 18:55:00 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 00:54:56 - Fehler beim Herstellen der Internetverbindung. 00:54:56 - Serververbindung konnte nicht hergestellt werden.. Error - 14.04.2012 19:55:05 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 01:55:05 - Fehler beim Herstellen der Internetverbindung. 01:55:05 - Serververbindung konnte nicht hergestellt werden.. Error - 14.04.2012 19:55:11 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 01:55:10 - Fehler beim Herstellen der Internetverbindung. 01:55:10 - Serververbindung konnte nicht hergestellt werden.. Error - 14.04.2012 20:55:16 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 02:55:16 - Fehler beim Herstellen der Internetverbindung. 02:55:16 - Serververbindung konnte nicht hergestellt werden.. Error - 14.04.2012 20:55:21 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 02:55:21 - Fehler beim Herstellen der Internetverbindung. 02:55:21 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2012 17:11:38 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 23:11:38 - Fehler beim Herstellen der Internetverbindung. 23:11:38 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2012 17:11:48 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 23:11:43 - Fehler beim Herstellen der Internetverbindung. 23:11:43 - Serververbindung konnte nicht hergestellt werden.. Error - 21.04.2012 04:08:01 | Computer Name = JohnRietdorf-PC | Source = MCUpdate | ID = 0 Description = 10:07:57 - Fehler beim Herstellen der Internetverbindung. 10:07:57 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 01.10.2012 13:37:55 | Computer Name = JohnRietdorf-PC | Source = bowser | ID = 8003 Description = Error - 01.10.2012 15:17:13 | Computer Name = JohnRietdorf-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SBAMSvc erreicht. Error - 01.10.2012 16:07:01 | Computer Name = JohnRietdorf-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 01.10.2012 16:07:01 | Computer Name = JohnRietdorf-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 01.10.2012 16:07:02 | Computer Name = JohnRietdorf-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 01.10.2012 16:07:03 | Computer Name = JohnRietdorf-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 02.10.2012 02:27:22 | Computer Name = JohnRietdorf-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%14 Error - 02.10.2012 03:06:19 | Computer Name = JohnRietdorf-PC | Source = bowser | ID = 8003 Description = Error - 02.10.2012 03:07:47 | Computer Name = JohnRietdorf-PC | Source = ipnathlp | ID = 31004 Description = Error - 02.10.2012 03:09:19 | Computer Name = JohnRietdorf-PC | Source = bowser | ID = 8003 Description = < End of report > [\code] |
02.10.2012, 14:12 | #4 |
| Daten auf Externer Festplatte durch Virus unsichtbar OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.10.2012 09:19:50 - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\John Rietdorf\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,74 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 58,93% Memory free 13,50 Gb Paging File | 11,78 Gb Available in Paging File | 87,27% Paging File free Paging file location(s): c:\pagefile.sys 10000 10000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298,09 Gb Total Space | 216,13 Gb Free Space | 72,51% Space Free | Partition Type: NTFS Drive G: | 1863,01 Gb Total Space | 946,35 Gb Free Space | 50,80% Space Free | Partition Type: NTFS Computer Name: JOHNRIETDORF-PC | User Name: John Rietdorf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\John Rietdorf\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software) DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software) DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t56l1l522 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t56l1l522 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t56l1l522 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t56l1l522 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\John Rietdorf\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t56l1l522 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=DCF0FC541DCCAB4F963B005068264570 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\John Rietdorf\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = $currentSearchProvider IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=290412_2_ppcb&babsrc=SP_ss&mntrId=302e3670000000000000c80aa99547b2 IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=DCF0FC541DCCAB4F963B005068264570&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE476 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "blekko" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.24.0.9 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledAddons: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.2 FF - prefs.js..keyword.URL: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=DCF0FC541DCCAB4F963B005068264570&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.07 19:02:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.07 23:32:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.30 13:00:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.07 20:50:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.16 22:34:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.07 23:32:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.30 13:00:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.07 20:50:58 | 000,000,000 | ---D | M] [2012.03.23 22:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John Rietdorf\AppData\Roaming\mozilla\Extensions [2012.09.30 13:00:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John Rietdorf\AppData\Roaming\mozilla\Firefox\Profiles\uduq4nkb.default\extensions [2012.09.30 13:00:24 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\John Rietdorf\AppData\Roaming\mozilla\Firefox\Profiles\uduq4nkb.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012.09.26 23:08:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\John Rietdorf\AppData\Roaming\mozilla\Firefox\Profiles\uduq4nkb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.18 10:35:51 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\John Rietdorf\AppData\Roaming\mozilla\Firefox\Profiles\uduq4nkb.default\extensions\DeviceDetection@logitech.com [2012.09.30 13:00:29 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\John Rietdorf\AppData\Roaming\mozilla\Firefox\Profiles\uduq4nkb.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.07.26 11:56:55 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\John Rietdorf\AppData\Roaming\mozilla\firefox\profiles\uduq4nkb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.30 13:02:34 | 000,000,950 | ---- | M] () -- C:\Users\John Rietdorf\AppData\Roaming\mozilla\firefox\profiles\uduq4nkb.default\searchplugins\icqplugin-1.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\John Rietdorf\AppData\Roaming\mozilla\firefox\profiles\uduq4nkb.default\searchplugins\icqplugin.xml [2012.09.07 20:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.07 20:51:00 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.30 13:00:27 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml [2012.06.24 22:00:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.08 19:22:13 | 000,002,356 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.08.30 22:16:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.24 22:00:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.24 22:00:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.24 22:00:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.24 22:00:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\John Rietdorf\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\John Rietdorf\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB_DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Users\John Rietdorf\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\John Rietdorf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\John Rietdorf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{770744FE-5B22-4C17-BCF0-3A01E7D636AE}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\utilman.exe: Debugger - cmd.exe (Microsoft Corporation) O27 - HKLM IFEO\utilman.exe: Debugger - cmd.exe (Microsoft Corporation) O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.01 21:19:51 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.10.01 07:55:00 | 000,000,000 | ---D | C] -- C:\Users\John Rietdorf\Documents\ICQ [2012.09.30 22:31:16 | 000,000,000 | ---D | C] -- C:\Users\John Rietdorf\AppData\Roaming\Malwarebytes [2012.09.30 22:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.30 22:31:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.30 22:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.30 22:11:40 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.09.30 22:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.30 22:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.09.30 13:10:58 | 000,000,000 | ---D | C] -- C:\Users\John Rietdorf\AppData\Roaming\LavasoftStatistics [2012.09.30 13:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2012.09.30 13:02:23 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys [2012.09.30 13:02:22 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys [2012.09.30 13:02:22 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2012.09.30 13:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2012.09.30 13:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2012.09.30 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\John Rietdorf\AppData\Local\Downloaded Installations [2012.09.30 13:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2012.09.30 13:00:34 | 000,000,000 | ---D | C] -- C:\Users\John Rietdorf\AppData\Local\adawarebp [2012.09.30 13:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012.09.30 13:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2012.09.30 13:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2012.09.30 12:56:54 | 000,000,000 | ---D | C] -- C:\Users\John Rietdorf\AppData\Roaming\Ad-Aware Antivirus [2012.09.27 20:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M [2012.09.27 20:16:34 | 000,000,000 | ---D | C] -- C:\Users\John Rietdorf\AppData\Roaming\ICQ [2012.09.27 20:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M [2012.09.27 19:53:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2012.09.26 21:13:11 | 000,000,000 | ---D | C] -- C:\Users\John Rietdorf\AppData\Roaming\ICQ Search [2012.09.26 21:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2012.09.23 19:33:57 | 000,000,000 | ---D | C] -- C:\Users\John Rietdorf\Documents\Telltale Games [2012.09.23 19:28:53 | 000,000,000 | ---D | C] -- C:\Users\John Rietdorf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment [2012.09.23 19:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daedalic Entertainment [2012.09.11 23:08:07 | 000,000,000 | ---D | C] -- C:\Users\John Rietdorf\dwhelper [2012.09.11 19:42:46 | 000,000,000 | ---D | C] -- C:\Users\John Rietdorf\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.11 19:24:58 | 000,000,000 | ---D | C] -- C:\Users\John Rietdorf\AppData\Roaming\ScummVM [2012.09.11 19:23:27 | 000,000,000 | ---D | C] -- C:\Users\John Rietdorf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.09.07 20:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.10.02 08:44:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.02 08:34:42 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.02 08:34:42 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.02 08:32:25 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.10.02 08:32:12 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.02 08:27:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.02 08:27:09 | 3010,842,624 | -HS- | M] () -- C:\hiberfil.sys [2012.10.01 22:14:59 | 000,003,584 | ---- | M] () -- C:\Users\John Rietdorf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.30 22:31:06 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.29 10:36:22 | 000,312,388 | ---- | M] () -- C:\Users\John Rietdorf\Documents\Onlineabschluss_eprimoFamilie_PrimaKlima_14813970.pdf [2012.09.23 19:28:53 | 000,002,333 | ---- | M] () -- C:\Users\John Rietdorf\Desktop\Tales of Monkey Island.lnk [2012.09.11 19:43:15 | 000,000,009 | ---- | M] () -- C:\END [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.10.01 22:14:59 | 000,003,584 | ---- | C] () -- C:\Users\John Rietdorf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.30 22:31:06 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.30 13:02:25 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.09.29 10:36:22 | 000,312,388 | ---- | C] () -- C:\Users\John Rietdorf\Documents\Onlineabschluss_eprimoFamilie_PrimaKlima_14813970.pdf [2012.09.23 19:28:53 | 000,002,333 | ---- | C] () -- C:\Users\John Rietdorf\Desktop\Tales of Monkey Island.lnk [2012.09.11 19:43:15 | 000,000,009 | ---- | C] () -- C:\END [2012.08.30 18:05:42 | 000,511,488 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012.08.30 18:05:42 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2012.08.30 18:05:42 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2012.07.12 20:28:46 | 000,002,790 | ---- | C] () -- C:\Users\John Rietdorf\AppData\Local\recently-used.xbel [2012.07.07 23:29:02 | 000,245,253 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.07.07 23:29:02 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012.05.11 15:29:32 | 006,904,040 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2012.05.11 15:29:32 | 000,017,857 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2012.04.29 14:51:37 | 000,000,017 | ---- | C] () -- C:\Users\John Rietdorf\AppData\Local\resmon.resmoncfg [2012.03.25 23:53:52 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2012.03.23 21:36:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.03.23 21:32:17 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2012.03.22 19:01:32 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.03.15 07:40:28 | 004,826,112 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2012.01.09 20:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.12.07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.04.19 12:36:21 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.30 18:37:14 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\Ad-Aware Antivirus [2012.04.02 17:04:25 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\avidemux [2012.05.08 19:22:08 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\Babylon [2012.04.23 20:07:58 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\Canneverbe Limited [2012.09.30 22:40:21 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\concept design [2012.05.11 15:48:18 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\dBpoweramp [2012.10.01 22:23:08 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\DVDVideoSoft [2012.09.11 19:42:46 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.23 17:21:23 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\FileZilla [2012.10.01 07:55:21 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\ICQ [2012.09.26 21:13:11 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\ICQ Search [2012.07.19 11:56:59 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\Leadertech [2012.04.29 21:05:24 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\LolClient [2012.05.25 20:21:38 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\LolClient2 [2012.04.02 17:07:35 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\mkvtoolnix [2012.04.23 20:14:13 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\mp3DirectCut [2012.09.11 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\ScummVM [2012.03.24 00:39:25 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\Thunderbird [2012.09.30 21:20:45 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\TS3Client [2012.04.20 14:28:53 | 000,000,000 | ---D | M] -- C:\Users\John Rietdorf\AppData\Roaming\Win7codecs ========== Purity Check ========== < End of report > [\code] Ich merke noch an, dass ich diesen Ordner "Recycler" auf Rat eines Freundes hin gelöscht habe. Und jetzt plötzlich wird mein Ordner mit den Dateien Angezeigt (versteckt), dann sind da jetzt noch 2 andere Ordner mit Namen "$RYCYCLE.BIN" und "System Volume Information" (ebenfalls versteckt). Habe aber immernoch keinen Zugang darauf. Jedes Mal wenn ich den Schreibschutz harausnehmen möchte, bekomme ich zu lesen "Zugriff verweigert". |
02.10.2012, 21:16 | #5 |
/// Helfer-Team | Daten auf Externer Festplatte durch Virus unsichtbar Punkt 3. (Softwareliste mit CCleaner erstellen) bitte noch nachreichen!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
02.10.2012, 21:31 | #6 |
| Daten auf Externer Festplatte durch Virus unsichtbar [code] Acer Backup Manager NewTech Infosystems 18.04.2010 27,2MB 2.0.0.60 Acer Crystal Eye webcam Liteon 22.03.2012 2,24MB 1.0.2.0 Acer eRecovery Management Acer Incorporated 18.04.2010 4.05.3011 Acer PowerSmart Manager Acer Incorporated 22.03.2012 5.01.3002 Acer Registration Acer Incorporated 22.03.2012 1.03.3002 Acer ScreenSaver Acer Incorporated 22.03.2012 1.1.0203.2010 Acer Updater Acer Incorporated 18.04.2010 1.02.3001 Acrobat.com Adobe Systems Incorporated 18.04.2010 1,61MB 1.6.65 Ad-Aware Antivirus Lavasoft 29.09.2012 39,1MB 10.3.45.3935 Ad-Aware Security Add-on Lavasoft 29.09.2012 2.2.0.11 Adobe AIR Adobe Systems Inc. 18.04.2010 1.5.0.7220 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 22.03.2012 10.0.45.2 Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 23.03.2012 6,00MB 11.1.102.63 Adobe Reader 9.1 MUI Adobe Systems Incorporated 18.04.2010 650MB 9.1.0 Alcor Micro USB Card Reader Alcor Micro Corp. 18.04.2010 2,88MB 1.3.17.05006 Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 18.04.2010 1.0.0.24 ATI Catalyst Install Manager ATI Technologies, Inc. 22.03.2012 22,1MB 3.0.765.0 AviSynth 2.5 19.04.2012 CCleaner Piriform 23.03.2012 3.16 CDBurnerXP CDBurnerXP 08.05.2012 17,3MB 4.4.1.3099 dBpoweramp Music Converter Illustrate 10.05.2012 16.545MB Release 14.1 DivX-Setup DivX, LLC 06.06.2012 2.6.1.9 DVDVideoSoftTB DE Toolbar DVDVideoSoftTB DE 10.09.2012 10.14.0.69 Free Video to MP3 Converter version 5.0.17.903 DVDVideoSoft Ltd. 30.09.2012 78,3MB 5.0.17.903 Free YouTube to MP3 Converter version 3.11.30.903 DVDVideoSoft Ltd. 10.09.2012 89,6MB 3.11.30.903 HP Customer Participation Program 13.0 HP 06.07.2012 13.0 HP Imaging Device Functions 13.0 HP 06.07.2012 13.0 HP Photosmart Essential 3.5 HP 06.07.2012 3.5 HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP 06.07.2012 13.0 HP Smart Web Printing 4.51 HP 06.07.2012 4.51 HP Solution Center 13.0 HP 06.07.2012 13.0 HP Update Hewlett-Packard 14.07.2012 3,98MB 5.003.001.001 ICQ7M ICQ 26.09.2012 7.8 Identity Card Acer Incorporated 22.03.2012 1.00.3003 Intel(R) Control Center Intel Corporation 19.04.2010 1.2.1.1007 Intel(R) Management Engine Components Intel Corporation 23.03.2012 6.0.0.1179 Intel(R) Rapid Storage Technology Intel Corporation 19.04.2010 9.5.6.1001 Intel(R) Turbo Boost Technology Driver Intel Corporation 23.03.2012 01.01.00.1005 Java(TM) 7 Update 3 (64-bit) Oracle 19.04.2012 93,7MB 7.0.30 JDownloader 0.9 AppWork GmbH 07.05.2012 0.9 JetBoost BlueSprig 18.07.2012 9,86MB 1.1 Launch Manager Acer Inc. 22.03.2012 4.0.7 Logitech SetPoint 6.32 Logitech 18.07.2012 39,1MB 6.32.20 Malwarebytes Anti-Malware Version 1.65.0.1400 Malwarebytes Corporation 29.09.2012 19,3MB 1.65.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.04.2012 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 09.04.2012 2,94MB 4.0.30319 Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 26.06.2012 31,3MB 3.5.92.0 Microsoft Games for Windows Marketplace Microsoft Corporation 26.06.2012 6,04MB 3.5.50.0 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 10.05.2012 19,3MB 12.0.6612.1000 Microsoft Office Professional Plus 2010 Microsoft Corporation 08.04.2012 14.0.6029.1000 Microsoft Office Suite Activation Assistant Microsoft Corporation 18.04.2010 8,37MB 2.9 Microsoft Silverlight Microsoft Corporation 15.05.2012 50,7MB 5.1.10411.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 22.03.2012 1,72MB 3.1.0000 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 23.03.2012 0,29MB 8.0.59193 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 18.07.2012 0,76MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 18.07.2012 0,77MB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 18.04.2010 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 12.04.2012 0,22MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 23.03.2012 0,59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 23.03.2012 16,5MB 10.0.40219 Microsoft Works Microsoft Corporation 11.04.2012 876MB 9.7.0621 Mozilla Firefox 15.0 (x86 de) Mozilla 29.08.2012 38,4MB 15.0 Mozilla Firefox 15.0.1 (x86 de) Mozilla 08.09.2012 38,5MB 15.0.1 Mozilla Maintenance Service Mozilla 08.09.2012 0,32MB 15.0.1 Mozilla Thunderbird 15.0.1 (x86 de) Mozilla 10.09.2012 39,6MB 15.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 23.03.2012 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 23.03.2012 1,33MB 4.20.9876.0 MyWinLocker Suite Egis Technology Inc. 18.04.2010 2,20MB 3.1.206.0 NTI Backup Now 5 NewTech Infosystems 18.04.2010 466MB 5.1.2.628 NVIDIA PhysX NVIDIA Corporation 11.05.2012 80,1MB 9.10.0222 OCR Software by I.R.I.S. 13.0 HP 06.07.2012 13.0 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 22.03.2012 6.0.1.6050 Remote-Tastatur Lite Sony Corporation 27.06.2012 1.2.0.09270 Skype™ 5.10 Skype Technologies S.A. 29.09.2012 19,4MB 5.10.116 Synaptics Pointing Device Driver Synaptics Incorporated 22.03.2012 14.0.6.0 Tales of Monkey Island Daedalic Entertainment 22.09.2012 3.0.0.0 TeamSpeak 3 Client TeamSpeak Systems GmbH 13.07.2012 3.0.7 TeamViewer 7 TeamViewer 01.07.2012 7.0.12979 UltraISO Premium V9.2 24.03.2012 VLC media player 2.0.1 VideoLAN 09.05.2012 2.0.1 Welcome Center Acer Incorporated 22.03.2012 1.01.3002 Win7codecs Shark007 19.04.2012 72,5MB 3.6.0 Windows Live Essentials Microsoft Corporation 11.04.2012 15.4.3502.0922 Windows Live Sync Microsoft Corporation 22.03.2012 2,79MB 14.0.8089.726 Überwachungstool für die Intel® Turbo-Boost-Technik Intel 22.03.2012 1,13MB 1.0.186.6 [\code] Hoffe du hast das so gemeint. Aber anscheinend habe ich mein Problem schon gelöst. Meine Dateien habe ich wieder unter meiner Kontrolle und sie sind alle sichtbar. |
02.10.2012, 22:00 | #7 | ||
/// Helfer-Team | Daten auf Externer Festplatte durch Virus unsichtbar Systemreinigung und Prüfung: ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück! Nur bei Probleme inzwischen melden! 1. Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert: Code:
ATTFilter DVDVideoSoftTB DE Toolbar Ad-Aware Security Add-on <- muss nicht sein! Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars Zitat:
Zitat:
Code:
ATTFilter :OTL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t56l1l522 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t56l1l522 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t56l1l522 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t56l1l522 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\John Rietdorf\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360312v206l0453z145t56l1l522 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\John Rietdorf\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = $currentSearchProvider IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=290412_2_ppcb&babsrc=SP_ss&mntrId=302e3670000000000000c80aa99547b2 IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=DCF0FC541DCCAB4F963B005068264570&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE476 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - prefs.js..browser.search.selectedEngine: "blekko" FF - prefs.js..extensions.enabledAddons: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.2 FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found [2012.10.02 08:44:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.02 08:32:12 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job :Files C:\Users\John Rietdorf\AppData\Roaming\Babylon ipconfig /flushdns /c :Commands [purity] [emptytemp]
3. Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 7 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. Tipp: -> Java-Updates konfigurieren 4. Alle Programme/Fenster schliessen Java-Cache leeren Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK -> Wie leere ich den Java-Cache? -> Java-Cache leeren -> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann. 5. Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!: -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 6. Alle Programme/Fenster schliessen reinige dein System mit CCleaner:
7. Vorbereitung
Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
Themen zu Daten auf Externer Festplatte durch Virus unsichtbar |
dateien, daten, externer, festplatte, gekillt, geschichte, kumpel, laptop, neue, neuen, nicht mehr, ordner, papierkorb, platte, rechte, recycle.bin, schöne, sichtbar, skype, unsichtbar, versucht, verursacht, virus, voll, zugriff, zugriff verweigert |