Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Wie werde ich Delta-search los?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.05.2013, 16:31   #1
delphinidus
 
Wie werde ich Delta-search los? - Standard

Wie werde ich Delta-search los?



Hallo Leute!
Ich habe mir vor ein paar Wochen Delta-search eingefangen. Als ich rausgefunden habe, dass es eine betrügerische Software ist, habe ich den Delta-Toolbar aus meiner Programmliste gelöscht und die Startseite für Firefox geändert. Ich glaube aber, dass das Programm nicht vollständig beseitigt ist. Könnte das sein?
Ich habe auf jeden Fall die vom Trojaner-Board empfohlenen Scans durchgeführt und kopiere die Logfiles hier mal rein. Ich hoffe das wird nicht zu viel.

Ich bedanke mich im Vorraus für eure Hilfe.

Mfg delphinidus

OTL-Logfile:

Code:
ATTFilter
OTL logfile created on: 18/05/2013 2:51:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Besitzer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000C09 | Country: Australien | Language: ENA | Date Format: d/MM/yyyy
 
4.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 60.79% Memory free
8.00 Gb Paging File | 6.31 Gb Available in Paging File | 78.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.44 Gb Total Space | 141.46 Gb Free Space | 49.91% Space Free | Partition Type: NTFS
 
Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/18 14:44:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/24 20:00:06 | 028,499,304 | ---- | M] (Dropbox, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/04/21 20:08:19 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013/02/05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/10/03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/23 19:45:41 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
PRC - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
PRC - [2010/11/20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2009/10/27 14:55:39 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/09/03 19:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/08/27 09:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/07/24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/07/16 19:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/07/07 20:20:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/06/24 21:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009/05/19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/12/23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 05:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/07/19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/04/21 20:08:19 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013/03/22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013/03/13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/06/24 14:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 14:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/03 19:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/07/24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/01/28 06:37:20 | 007,331,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/01/28 06:37:20 | 002,023,424 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/01/28 06:37:10 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2008/08/28 01:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 18:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007/11/30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/02/08 20:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2009/09/28 08:24:00 | 000,610,048 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED)
SRV:64bit: - [2009/09/15 22:21:58 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2013/05/17 20:47:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/04/12 13:00:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/10/03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/23 19:45:41 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2010/03/18 05:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/27 09:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/07 03:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/03 10:17:48 | 000,043,400 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2013/01/03 10:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 10:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/25 20:13:16 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/07/03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 04:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/16 00:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/06/27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/28 00:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/01/27 02:48:06 | 000,121,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/01/27 02:48:06 | 000,121,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/01/27 02:48:06 | 000,121,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/12/28 07:06:06 | 000,135,168 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009/10/27 14:55:09 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/09/28 08:24:14 | 000,030,216 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\OODrvled.sys -- (OODrvled)
DRV:64bit: - [2009/08/12 07:45:29 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:11:41 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 12:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/06/04 12:54:35 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/27 10:25:57 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2008/05/24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/04/29 03:00:48 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2007/07/24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2013/04/13 01:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130502.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/19 19:22:30 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130517.025\ex64.sys -- (NAVEX15)
DRV - [2013/01/19 19:22:30 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130517.025\eng64.sys -- (NAVENG)
DRV - [2012/09/26 22:54:06 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/09/25 20:35:47 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/09/25 15:37:04 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130517.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "WEB.DE Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage"
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012/09/25 20:14:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2013/05/18 10:21:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/05/04 17:41:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 13:00:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 13:00:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/10/05 11:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions
[2013/05/18 14:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\9v9djbr0.default\extensions
[2013/05/18 14:29:48 | 000,620,130 | ---- | M] () (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\9v9djbr0.default\extensions\toolbar@web.de.xpi
[2012/12/13 08:08:29 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\9v9djbr0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/05/18 14:29:51 | 000,001,050 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\9v9djbr0.default\searchplugins\11-suche.xml
[2013/05/01 20:37:06 | 000,006,473 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\9v9djbr0.default\searchplugins\babylon.xml
[2013/05/01 20:37:05 | 000,001,294 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\9v9djbr0.default\searchplugins\delta.xml
[2013/05/18 14:29:51 | 000,002,418 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\9v9djbr0.default\searchplugins\englische-ergebnisse.xml
[2013/05/18 14:29:51 | 000,010,701 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\9v9djbr0.default\searchplugins\gmx-suche.xml
[2013/05/18 14:29:51 | 000,002,432 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\9v9djbr0.default\searchplugins\lastminute.xml
[2013/05/18 14:29:51 | 000,005,682 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\9v9djbr0.default\searchplugins\webde-suche-1.xml
[2013/03/22 18:12:45 | 000,005,682 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\9v9djbr0.default\searchplugins\webde-suche.xml
[2013/04/12 19:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/04/12 13:00:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/05/04 17:41:50 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT
[2013/04/12 13:00:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/21 23:37:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/05/01 20:36:17 | 000,006,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/09/06 19:32:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/21 23:37:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/21 23:37:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/21 23:37:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/21 23:37:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RegWork] C:\Program Files (x86)\RegWork\RegWork.exe File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Besitzer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1898DFD3-24A6-498B-BB5A-815BE047178B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F12642CB-8809-42DD-A2F6-EA401FBCC9C7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d4aede43-d110-11df-847b-90e6ba8e8413}\Shell - "" = AutoRun
O33 - MountPoints2\{d4aede43-d110-11df-847b-90e6ba8e8413}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/18 14:44:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe
[2013/05/18 11:02:26 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/05/18 11:02:25 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/05/18 11:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/05/18 10:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/05/14 18:42:34 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\ElevatedDiagnostics
[2013/05/09 13:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\POP3Profiles
[2013/05/09 13:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013/05/07 19:49:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/05/07 19:49:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/05/04 17:53:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
[2013/05/04 17:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2013/05/04 17:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013/05/04 17:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2013/05/04 17:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2013/05/04 17:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013/05/04 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2013/05/04 17:38:32 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Logitech
[2013/05/04 17:38:32 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Logishrd
[2013/05/04 12:25:37 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\PCCUStubInstaller
[2013/05/01 20:36:52 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/05/01 20:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013/05/01 20:35:44 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Babylon
[2013/05/01 20:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/05/01 20:35:07 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\OpenCandy
[2013/05/01 20:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/05/01 20:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013/04/29 18:32:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sciface
[2013/04/28 22:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013/04/28 21:59:40 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Origin
[2013/04/28 21:59:39 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Origin
[2013/04/28 21:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013/04/28 21:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/04/28 21:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013/04/28 21:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013/04/28 16:04:33 | 000,000,000 | R--D | C] -- C:\Users\Besitzer\Dropbox
[2013/04/28 15:57:52 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/04/28 15:56:53 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Dropbox
[2013/04/27 16:00:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2013/04/27 15:42:43 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Downloaded Installations
[2013/04/24 17:25:47 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013/04/24 17:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1
[2013/04/24 15:58:03 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\League of Legends
[2013/04/21 20:06:34 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\PMB Files
[2013/04/21 20:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/18 14:46:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/18 14:44:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe
[2013/05/18 14:42:55 | 000,000,000 | ---- | M] () -- C:\Users\Besitzer\defogger_reenable
[2013/05/18 14:29:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/18 11:02:28 | 000,002,262 | ---- | M] () -- C:\Users\Besitzer\Desktop\SpyHunter.lnk
[2013/05/18 10:25:33 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/18 10:25:33 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/18 10:17:50 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/17 20:51:56 | 000,541,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/17 20:22:41 | 001,538,936 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/17 20:22:41 | 000,654,538 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/05/17 20:22:41 | 000,625,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/17 20:22:41 | 000,134,538 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/05/17 20:22:41 | 000,110,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/09 23:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\Regwork.job
[2013/05/09 13:43:19 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\Prince of Persia T2T.lnk
[2013/05/09 13:11:08 | 000,002,420 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/05/05 13:11:57 | 000,001,655 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013/05/04 18:36:59 | 001,229,669 | ---- | M] () -- C:\Users\Besitzer\Desktop\Volibear build.png
[2013/05/04 17:54:53 | 000,001,356 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2013/05/04 12:24:22 | 000,002,325 | ---- | M] () -- C:\Users\Public\Desktop\Driver Restore.lnk
[2013/05/02 16:34:47 | 001,302,586 | ---- | M] () -- C:\Users\Besitzer\Desktop\Nidalee.png
[2013/05/01 21:59:27 | 000,007,168 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/01 20:35:34 | 000,001,304 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2013/04/30 21:41:39 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/30 21:41:39 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/28 21:54:31 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/04/28 16:04:33 | 000,001,049 | ---- | M] () -- C:\Users\Besitzer\Desktop\Dropbox.lnk
[2013/04/28 15:58:17 | 000,001,059 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/27 15:44:08 | 000,002,087 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2013/04/27 15:43:34 | 000,003,976 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2013/04/24 17:34:46 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/18 14:42:55 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\defogger_reenable
[2013/05/18 11:02:28 | 000,002,262 | ---- | C] () -- C:\Users\Besitzer\Desktop\SpyHunter.lnk
[2013/05/09 13:43:19 | 000,000,714 | ---- | C] () -- C:\Users\Public\Desktop\Prince of Persia T2T.lnk
[2013/05/04 18:36:59 | 001,229,669 | ---- | C] () -- C:\Users\Besitzer\Desktop\Volibear build.png
[2013/05/04 17:54:53 | 000,001,356 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2013/05/04 12:24:22 | 000,002,325 | ---- | C] () -- C:\Users\Public\Desktop\Driver Restore.lnk
[2013/05/02 16:34:47 | 001,302,586 | ---- | C] () -- C:\Users\Besitzer\Desktop\Nidalee.png
[2013/05/01 20:35:34 | 000,001,304 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2013/04/30 21:41:39 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/30 21:41:39 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/28 21:54:31 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/04/28 16:04:33 | 000,001,049 | ---- | C] () -- C:\Users\Besitzer\Desktop\Dropbox.lnk
[2013/04/28 15:58:17 | 000,001,059 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/27 15:44:08 | 000,002,087 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2013/04/27 15:43:34 | 000,003,976 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2013/04/24 17:34:46 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/08/21 18:56:10 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/21 18:56:07 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/08/21 18:56:06 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/10/13 22:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/05/29 05:22:03 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI
[2011/05/29 04:47:33 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011/01/10 13:12:27 | 000,000,096 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\fusioncache.dat
[2010/08/05 10:05:56 | 000,007,168 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/03 22:56:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/11/01 12:02:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\.minecraft
[2010/04/07 16:02:04 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ace
[2013/05/01 20:35:44 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Babylon
[2010/02/25 14:38:15 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\digital publishing
[2010/09/03 14:19:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DriverCure
[2013/05/18 10:19:44 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Dropbox
[2013/05/01 20:36:04 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoft
[2012/03/29 15:15:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/29 04:58:36 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\FILEminimizerPictures
[2011/04/03 09:53:41 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\GetRightToGo
[2010/01/31 12:32:38 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Leadertech
[2013/03/18 20:19:02 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\LolClient
[2011/04/03 14:29:24 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\MAGIX
[2013/05/01 20:35:07 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenCandy
[2013/04/28 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Origin
[2013/05/04 12:25:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\PCCUStubInstaller
[2010/11/04 09:34:47 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Sierra Wireless
[2013/05/09 22:54:29 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TS3Client
[2011/12/16 22:58:39 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
         
Die OTL-Extras-Logfile und die Gmer-Logfile werde ich in einen weiteren Beitrag zu diesem Thread schreiben, weil dieser zu groß war.

Alt 18.05.2013, 16:34   #2
delphinidus
 
Wie werde ich Delta-search los? - Standard

Wie werde ich Delta-search los?



hier die OTL-Extras-Logfile:

Code:
ATTFilter
OTL Extras logfile created on: 18/05/2013 2:51:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Besitzer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000C09 | Country: Australien | Language: ENA | Date Format: d/MM/yyyy
 
4.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 60.79% Memory free
8.00 Gb Paging File | 6.31 Gb Available in Paging File | 78.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.44 Gb Total Space | 141.46 Gb Free Space | 49.91% Space Free | Partition Type: NTFS
 
Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056E1B3A-B161-4020-B589-4E4F0F945D56}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0595FF27-BAD0-49DB-AD9C-5ECCE2D129A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{09368C9F-36FF-452E-9AE0-3B7CFDD5DBF4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1A2C506D-9C98-40BA-B17F-1B0B0A11007A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{236C8721-323E-44E9-923F-F6A4C5369F3D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{24CA1BE8-01DC-484B-991E-EE500E8C8D84}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3557A28E-F452-4697-A74C-D0534DFF2230}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{51D67118-BDAE-45C9-8B01-30D060E30A4E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{56AE8D36-40C1-4BD4-BA77-0A3924B03D0E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{59670CEF-6A7F-43A0-8150-183311B522A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{65F586DA-9122-40B8-9AC1-9F30A2B279AD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{79013433-8A1E-46B2-A8A5-BB58534060BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8DC33C48-2763-41AF-92A2-02E0AFD59F60}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9A38977E-93A5-464A-8989-960370CBA935}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9E8CD678-854F-4B04-8A60-9C1751F869B4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A266A350-1FE0-4102-9456-6A6D8E45422E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A3CF193D-593D-40F8-A7A2-F3F8851DCC80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A49F7C41-E427-4552-97E6-77670D8455F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AA7B9439-D359-46B6-B5B4-2A64E1F0A742}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC1323E0-9DD4-412F-8E7A-23E9673150A7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B421FD77-AB00-4807-9D09-FC3F3DCB7360}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B6226DF8-8A4D-4935-A9ED-23D043268C72}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BCF67113-387A-41D4-9D7A-4A9BAE661E4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BD0AE8B9-A9BE-4889-9DDD-624E7888C70C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BD597E38-E302-4FC1-A066-F53A7DA6BD95}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D050AE45-6B0F-4953-82A4-499FEA6DFB15}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{D96D8F39-62EC-4A5B-81BF-EC2BC99A9A4F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E8A2EBF2-CE7D-4AB5-8EB7-0A59B79647CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EAE6DA71-3032-4F3F-A465-E7FED264FC8E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F572F2E7-6FA5-42F5-94A0-83F24BF30CA4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FCEC9833-5F53-4949-BA5B-2B695FECB797}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FFEBDBCB-14C7-4810-BB6F-5BBD861FEA80}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002DCED7-BD8C-47EB-9C10-1D70D11B527F}" = protocol=6 | dir=in | app=c:\users\besitzer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{0740FDB6-BF7D-4B52-9520-C86F5FB6821E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{07E21224-1F1A-422E-B9F3-857EA6F5B004}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{09C243B8-71F1-4593-B9BD-4072946976EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2 deathmatch\hl2.exe | 
"{0B67370B-E5AD-493C-995F-E513F444AD8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C0C32CB-9AAB-41B5-9662-1AB1A0FB09A9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E40DEA8-9515-461E-9131-21F61D6BA384}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{0F0D38A6-0E62-428B-ABDC-A609BC41C8B1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{13AD9F6C-25EA-4F9F-9417-874FD7F75F5C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{169AEB12-E8A0-449C-95E7-2234D68D5BBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mr_stinson\day of defeat source\hl2.exe | 
"{1C3CB3DF-D94F-4061-BCED-9EB4A458B471}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{203E36A4-DDCF-44B2-B6CE-255DBB7181AE}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{29517AAE-47FA-4153-A736-768917022D3D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{2E44024D-248A-434A-B180-757CE4643CF9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mr_stinson\day of defeat source\hl2.exe | 
"{2E7AC3CF-917F-4A96-8D57-E00D3C94CE37}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{323817B6-F533-4317-A153-5086AF97E24B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mr_stinson\counter-strike source\hl2.exe | 
"{328534D5-E12A-4A81-93D6-EF6372541EBD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{347BF58F-50E4-4D75-9E69-492BD0479BA5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3931FC96-BE7D-4C03-B612-457B88D31C8E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3BA274D5-091F-4350-99EF-EBFA02F68DEC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3E24DFF7-7961-4672-B7F2-E84E26AE8C29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3E690728-F400-482A-AD1C-7FCAA724312F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{44383125-7E3E-40DE-943D-5E577460FB55}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4B351ABB-A2C6-464C-AE60-8FF1A23AE5ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5A1F080C-4FD7-4CCC-A72D-75D62E61070D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{62D960FC-24E0-47C0-96AE-381C4A07A621}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6A38C71B-8E78-4AF7-8F73-265387C1A504}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{6F8FD088-E115-4775-866F-D62FB2E36E4A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{72ECAA47-D7EA-4CFE-B21B-A8C94D322FB5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mr_stinson\counter-strike source\hl2.exe | 
"{7D44D85A-2A4C-4917-AC19-44E163E28590}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{7E363D23-82CF-4553-B3EF-650422405326}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{7E4E9B02-B373-4E31-9DD8-3170D4041801}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7E813085-5F05-4AA3-9352-6DA6E81A1205}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E89E0D4-AB96-4329-B7B8-EC934DE91CF4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{86DF060F-A4B3-4429-8CDC-6DF9A2ED67EA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8841C235-92D3-476E-9F81-472CA1C902FE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{88DB2881-5654-48D5-A23D-690920031098}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{984DD04D-700A-4399-B7CC-3BC1E10E8D6D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9B9E23E8-E7E2-4A28-9EB1-C625D743BF3B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{9E494B10-2FE1-44C0-B796-4793F3BDAEB3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2 deathmatch\hl2.exe | 
"{A09CCE0E-15FD-40A6-A6C8-7D81E7B419E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A8E45BEB-E519-415E-9571-4267F5AF13F3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{AD222269-F958-48A8-8EAC-AD2A3F71002F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B49E215B-B922-428C-9888-F0FE621C12C2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B4A44D54-BEB4-4A5C-A5FD-FED8D9C71699}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B602FAA4-133F-48EC-82BD-7CFA1073443C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BF9F741A-0BFF-4779-BFFC-36392C9B1070}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BFC2178B-6774-4692-97B2-CC32C7E2CE11}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C02E141E-FF2C-453A-A17C-3AC40DBB888B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C3858169-38A3-4C51-92EB-58B6721C5A4A}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\the battle for middle-earth (tm)\game.dat | 
"{C3EEBF68-EA12-4D70-90A8-D2E62DAD083C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{C82FE0D7-F9B8-4E81-9AE5-5FBD20DA7481}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CC4EE7F5-2D24-437A-AEDD-1270FB565C50}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CCD3DADE-FF11-436D-9174-4C41D56C0762}" = protocol=6 | dir=out | app=system | 
"{CEB4C47F-F642-4D35-BF99-1ADF1005DF15}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{D78DC070-AF6D-4FD6-9132-B6551C974349}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\the battle for middle-earth (tm)\game.dat | 
"{D8C4A6E6-DEA5-4106-9A07-15ECDA74948E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E0D5BD0C-C1DD-484A-861E-00301414D8E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5534FF3-AB02-4B0B-82CA-A404EA54AC1C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{E640EF9C-5BEF-40C4-86BA-7FEC57C11536}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E6C0ECD9-00D7-4682-975C-1875B4CC5D77}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E6DAB439-8B69-4D71-A667-60D13A45B9FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED6A74E6-7D8C-44F2-9880-6CB6DCB6292B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F1C15204-08FB-4E05-886C-42B2EAA50361}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F6E9E361-ACE3-4945-B158-E7654DBA2B8C}" = protocol=17 | dir=in | app=c:\users\besitzer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F725FB7F-595F-4EF6-A416-F39284FB3235}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{0A7C43BD-85BB-4B6E-A8D4-E30254A928D0}D:\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=d:\far cry 2\bin\farcry2.exe | 
"TCP Query User{139985E3-70F4-4775-9813-D4F4B2B8A3DA}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{F5DE79AA-875E-4A27-9A86-46546AE49E4E}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{8A73CCF4-191B-4823-BEE2-2513ACA0E8DE}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{A054F392-EB85-472C-866A-DBA6F1780FC2}D:\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=d:\far cry 2\bin\farcry2.exe | 
"UDP Query User{FD2473C5-8C22-4789-9C50-3ED2B3997C9E}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCD55450-77AC-4347-B24F-654B1189F8D4}" = SpyHunter
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.52
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1E863F44-2D2D-4BD7-B25B-EDA9FF622267}" = Radiotracker
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216029F0}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69F0CEA4-43E2-4CBB-92DF-41860A40A631}" = Formelrechner
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0408-0000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2007
"{90120000-0015-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2007
"{90120000-0015-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2007
"{90120000-0016-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2007
"{90120000-0018-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0408-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2007
"{90120000-0019-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2007
"{90120000-0019-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0408-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2007
"{90120000-001A-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2007
"{90120000-001A-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2007
"{90120000-001B-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROHYBRIDR_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0408-0000-0000000FF1CE}_PROHYBRIDR_{DB0C1C5A-7998-4B95-8BD5-ACACD18B0B53}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
"{90120000-001F-040D-0000-0000000FF1CE}_PROHYBRIDR_{51590837-F141-43A8-B0EC-AEF16F1CBE78}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}_PROHYBRIDR_{EFE123B8-9F0A-4C50-A67B-0BADF3CB00DC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_PROHYBRIDR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_PROHYBRIDR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_PROHYBRIDR_{C8246FCF-12F8-4212-BC89-6ED049BA2FB8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROHYBRIDR_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-1000-0000000FF1CE}_PROHYBRIDR_{490B52AE-965C-460C-9E0F-EE65C96F7AA1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0404-1000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0408-1000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040D-1000-0000000FF1CE}_PROHYBRIDR_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0410-1000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0413-1000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0816-1000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0C0A-1000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0408-0000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2007
"{90120000-006E-040D-0000-0000000FF1CE}_PROHYBRIDR_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AFC93C3-EEE0-497C-9341-27753FAC7233}" = Prince of Persia The Two Thrones
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter und der Orden des Phönix™
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D42FD0CF-F36F-42D5-A12F-CE58397FD78A}" = Telstra Mobile Broadband Manager
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS_N_Series_Screensaver" = ASUS_N_Series_Screensaver
"ASUS_N71_Screensaver" = ASUS_N71_Screensaver
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.430
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Guild Wars" = Guild Wars
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"Telstra Mobile Broadband Manager" = Telstra Mobile Broadband Manager
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mixxx (1.10.0)" = Mixxx 1.10.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/05/2013 9:11:35 AM | Computer Name = Besitzer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 507300
 
Error - 9/05/2013 9:11:35 AM | Computer Name = Besitzer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 507300
 
Error - 9/05/2013 11:04:31 AM | Computer Name = Besitzer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 9/05/2013 1:26:12 PM | Computer Name = Besitzer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b10e8  ID des fehlerhaften
 Prozesses: 0x18ac  Startzeit der fehlerhaften Anwendung: 0x01ce4cd97751bc0b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 8ac2628e-b8cd-11e2-b52e-90e6ba8e8413
 
Error - 11/05/2013 11:19:48 AM | Computer Name = Besitzer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11/05/2013 11:19:48 AM | Computer Name = Besitzer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1778
 
Error - 11/05/2013 11:19:48 AM | Computer Name = Besitzer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1778
 
Error - 11/05/2013 11:19:49 AM | Computer Name = Besitzer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11/05/2013 11:19:49 AM | Computer Name = Besitzer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2792
 
Error - 11/05/2013 11:19:49 AM | Computer Name = Besitzer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2792
 
[ Media Center Events ]
Error - 1/12/2010 1:39:02 AM | Computer Name = Besitzer-PC | Source = MCUpdate | ID = 0
Description = 15:38:51 - Fehler beim Herstellen der Internetverbindung.  15:38:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/12/2010 2:39:07 AM | Computer Name = Besitzer-PC | Source = MCUpdate | ID = 0
Description = 16:39:07 - Fehler beim Herstellen der Internetverbindung.  16:39:07 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/12/2010 2:39:13 AM | Computer Name = Besitzer-PC | Source = MCUpdate | ID = 0
Description = 16:39:12 - Fehler beim Herstellen der Internetverbindung.  16:39:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10/02/2011 5:09:07 PM | Computer Name = Besitzer-PC | Source = MCUpdate | ID = 0
Description = 07:09:06 - Fehler beim Herstellen der Internetverbindung.  07:09:06 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29/07/2011 5:32:36 AM | Computer Name = Besitzer-PC | Source = MCUpdate | ID = 0
Description = 19:32:36 - Fehler beim Herstellen der Internetverbindung.  19:32:36 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29/07/2011 5:32:48 AM | Computer Name = Besitzer-PC | Source = MCUpdate | ID = 0
Description = 19:32:41 - Fehler beim Herstellen der Internetverbindung.  19:32:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29/07/2011 6:34:02 AM | Computer Name = Besitzer-PC | Source = MCUpdate | ID = 0
Description = 20:34:02 - Fehler beim Herstellen der Internetverbindung.  20:34:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29/07/2011 6:34:09 AM | Computer Name = Besitzer-PC | Source = MCUpdate | ID = 0
Description = 20:34:08 - Fehler beim Herstellen der Internetverbindung.  20:34:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11/05/2013 4:03:59 PM | Computer Name = Besitzer-PC | Source = MCUpdate | ID = 0
Description = 22:03:59 - Fehler beim Herstellen der Internetverbindung.  22:03:59 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11/05/2013 4:04:11 PM | Computer Name = Besitzer-PC | Source = MCUpdate | ID = 0
Description = 22:04:05 - Fehler beim Herstellen der Internetverbindung.  22:04:05 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 30/03/2012 4:10:05 AM | Computer Name = Besitzer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 20 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 9/05/2013 7:01:24 AM | Computer Name = Besitzer-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 9/05/2013 7:01:38 AM | Computer Name = Besitzer-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 9/05/2013 7:01:38 AM | Computer Name = Besitzer-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 9/05/2013 7:01:42 AM | Computer Name = Besitzer-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 9/05/2013 7:01:46 AM | Computer Name = Besitzer-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 9/05/2013 7:01:51 AM | Computer Name = Besitzer-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 9/05/2013 7:10:11 AM | Computer Name = Besitzer-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?05.?2013 um 13:08:32 unerwartet heruntergefahren.
 
Error - 9/05/2013 8:32:07 AM | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 9/05/2013 8:32:07 AM | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 10/05/2013 5:56:58 AM | Computer Name = Besitzer-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
und hier die Gmer-Logfile:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-18 15:53:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0002 298.09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Besitzer\AppData\Local\Temp\fwddikod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                                   fffff800031fb000 45 bytes [00, 10, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                                                   fffff800031fb02f 23 bytes [00, 00, 10, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[796] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                              0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe[1524] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                             0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                    0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                   0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1560] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                          0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                 0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1868] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                    0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1960] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                    0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2044] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076be1465 2 bytes [BE, 76]
.text     C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1460] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                        0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Windows\SysWOW64\schtasks.exe[1720] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Windows\SysWOW64\schtasks.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                       0000000076be1465 2 bytes [BE, 76]
.text     C:\Windows\SysWOW64\schtasks.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                      0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2100] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                              00000000727c1a22 2 bytes [7C, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2100] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                              00000000727c1ad0 2 bytes [7C, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2100] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                              00000000727c1b08 2 bytes [7C, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2100] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                              00000000727c1bba 2 bytes [7C, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2100] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                              00000000727c1bda 2 bytes [7C, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2100] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                       0000000076be1465 2 bytes [BE, 76]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                      0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1228] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076be1465 2 bytes [BE, 76]
.text     C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe[3112] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                             0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                    0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                   0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe[3136] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                             0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                    0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                   0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3368] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                       00000000766f87b1 5 bytes [33, C0, C2, 04, 00]
.text     C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3368] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                     0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                           0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3544] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                             0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Users\Besitzer\AppData\Roaming\Dropbox\bin\Dropbox.exe[3564] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                       0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Users\Besitzer\AppData\Roaming\Dropbox\bin\Dropbox.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000076be1465 2 bytes [BE, 76]
.text     C:\Users\Besitzer\AppData\Roaming\Dropbox\bin\Dropbox.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[3760] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                               0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                      0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                     0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[3788] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                              0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                     0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[3832] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                  0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                         0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe[3868] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                         0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe[3868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                               0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe[3880] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                       0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3892] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                 0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                       0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[3944] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                  0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                         0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3984] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4964] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                     0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[5044] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                              0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe[2580] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                             0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[4516] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                      0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Windows\AsScrPro.exe[2208] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                         0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Windows\AsScrPro.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                0000000076be1465 2 bytes [BE, 76]
.text     C:\Windows\AsScrPro.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                               0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[3028] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                     0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[3028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[3028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                           0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5016] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                           0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                 0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5384] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                        0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe[4704] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                  0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                         0000000076be1465 2 bytes [BE, 76]
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Users\Besitzer\Desktop\gmer_2.1.19163.exe[6176] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                    0000000075f1cfca 5 bytes JMP 0000000175474720
.text     C:\Users\Besitzer\Desktop\gmer_2.1.19163.exe[6176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                           0000000076be1465 2 bytes [BE, 76]
.text     C:\Users\Besitzer\Desktop\gmer_2.1.19163.exe[6176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          0000000076be14bb 2 bytes [BE, 76]
.text     ...                                                                                                                                                                  * 2

---- EOF - GMER 2.1 ----
         
Mfg Delphinidus
__________________


Alt 18.05.2013, 16:36   #3
delphinidus
 
Wie werde ich Delta-search los? - Standard

Wie werde ich Delta-search los?



Ich habe übrigens vor der Benutzung von OTL und GMER mit dem Programm "defogger" die Treiber gewisser Emulatoren deaktiviert.

Mfg delphinidus
__________________

Geändert von delphinidus (18.05.2013 um 17:11 Uhr)

Alt 23.05.2013, 14:27   #4
t'john
/// Helfer-Team
 
Wie werde ich Delta-search los? - Standard

Wie werde ich Delta-search los?





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

SRV - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) 
MOD - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe 
MOD - [2013/03/22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll 
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () 
[2013/05/09 23:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\Regwork.job 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Besitzer\*.tmp
C:\Users\Besitzer\AppData\*.dll
C:\Users\Besitzer\AppData\*.exe
C:\Users\Besitzer\AppData\Local\Temp\*.exe
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
Mfg, t'john
Das TB unterstützen

Alt 23.05.2013, 20:22   #5
delphinidus
 
Wie werde ich Delta-search los? - Standard

Wie werde ich Delta-search los?



Hallo t'john!
Erstmal danke für deine Antwort.

Ich habe den 1. Schritt problemos ausführen können und schreibe die Logfile von dem Fix in diesen Beitrag.
Aber als ich Malwarebytes Anti-Malware als Administrator ausführen wollte, hat sich ein Fenster geöffnet, dass mir den Kauf einer Software angeboten hat, aber nichts mit Malwarebytes Anti-Malware zu tun hat. Ich habe einen Screenshot angehängt. Soll ich das Programm jetzt einfach mit links-klick öffnen?

Hier die OTL-Fix-Logfile:

Code:
ATTFilter
All processes killed
========== OTL ==========
Service BrowserProtect stopped successfully!
Service BrowserProtect deleted successfully!
File move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe scheduled to be moved on reboot.
Releasing module c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
File move failed. c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll scheduled to be moved on reboot.
Releasing module c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
File move failed. c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll deleted successfully.
File move failed. c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll scheduled to be moved on reboot.
C:\Windows\Tasks\Regwork.job moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{E3739848-5329-48E3-8D28-5BBD6E8BE384} folder moved successfully.
C:\ProgramData\Temp\{D36DD326-7280-11D8-97C8-000129760CBE} folder moved successfully.
C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1} folder moved successfully.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Besitzer\*.tmp not found.
File\Folder C:\Users\Besitzer\AppData\*.dll not found.
File\Folder C:\Users\Besitzer\AppData\*.exe not found.
C:\Users\Besitzer\AppData\Local\Temp\AutoRun.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\COMAP.EXE moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\DivXSetup.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\EADD410.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\eauninstall.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\EBU511C.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\EBU55DD.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\EBU5A11.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\FlashPlayerUpdate.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\GLFA2A3.tmp.ConduitEngineSetup.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\GoogleToolbarInstaller.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\LMkRstPt.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\msgA7C5.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\NFS UNDERGROUND_uninst.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\SHSetup.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\softonic-de3.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\softonic_s_de3.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\Uninstall.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_is1AD6.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_is2B54.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_is34DB.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_is5EF2.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_is686.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_is731D.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_is7D3B.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_isB494.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_isC067.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_isCC48.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_isDBEC.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_isDEBF.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_isE62E.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_isEA11.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_isF424.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_isFD13.exe moved successfully.
C:\Users\Besitzer\AppData\Local\Temp\_unps.exe moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Besitzer\Desktop\cmd.bat deleted successfully.
C:\Users\Besitzer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Besitzer
->Temp folder emptied: 1188536960 bytes
->Temporary Internet Files folder emptied: 516699305 bytes
->FireFox cache emptied: 321812206 bytes
->Flash cache emptied: 9431 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Users
->Temp folder emptied: 45997 bytes
->Temporary Internet Files folder emptied: 14166467 bytes
->Flash cache emptied: 973 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 568837135 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304945 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2,530.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05232013_192257

Files\Folders moved on Reboot...
File move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe scheduled to be moved on reboot.
File move failed. c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll scheduled to be moved on reboot.
C:\Users\Besitzer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Mfg delphinidus


Alt 24.05.2013, 10:34   #6
t'john
/// Helfer-Team
 
Wie werde ich Delta-search los? - Standard

Wie werde ich Delta-search los?



Das was du da geladen hast, hat nichts mit Malwarebytes zutun.

Loesche das und befolge die Anweisungen ab Schritt 2!
__________________
--> Wie werde ich Delta-search los?

Alt 31.05.2013, 17:22   #7
delphinidus
 
Wie werde ich Delta-search los? - Standard

Wie werde ich Delta-search los?



So, bin endlich dazu gekommen das ganze zu beenden.

Die Malwarebytes Anti-Malware-Logfile:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.25.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Besitzer :: BESITZER-PC [Administrator]

Schutz: Aktiviert

25/05/2013 3:16:16 PM
mbam-log-2013-05-25 (15-16-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 504037
Laufzeit: 2 Stunde(n), 8 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und die AdwCleaner-Logfile:

Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 31/05/2013 um 18:08:40 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Besitzer - BESITZER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Besitzer\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\9v9djbr0.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\9v9djbr0.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\9v9djbr0.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\9v9djbr0.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\9v9djbr0.default\searchplugins\delta.xml
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Users\Besitzer\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Besitzer\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\5255de8ab13be941
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\Informer Technologies, Inc.\OpenCandy
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5255de8ab13be941
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\9v9djbr0.default\prefs.js

C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\9v9djbr0.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.order.1", "Delta Search");
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "9c0c57500000000000002225d3bfca53");
Gelöscht : user_pref("extensions.delta.instlDay", "15826");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1620:37:04");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
Gelöscht : user_pref("extensions.unitedinternet.search.termsJSON", "[{\"searchterm\":\"yo\",\"visited\":\"2013-[...]

*************************

AdwCleaner[S1].txt - [4813 octets] - [31/05/2013 18:08:40]

########## EOF - C:\AdwCleaner[S1].txt - [4873 octets] ##########
         
Mfg delphinidus

Mir ist vor Kurzem aufgefallen, dass ich bei dem QuickScan mit OTL vergessen hatte "Scan all users", "minimal output" und bei Extra Registry "use SafeList" anzukreuzen. Ich hoffe das stellt kein Problem dar. Dazu ist zu sagen, dass das zweite Benutzerkonto auf meinem PC so gut wie nie benutzt wurde und ich es demnächst löschen werde.

Mfg delphinidus

Antwort

Themen zu Wie werde ich Delta-search los?
adobe, adobe flash player, asus, besitzer, bho, bingbar, bonjour, converter, defender, delta-search, delta-toolbar, enigma, excel, explorer, firefox, flash player, format, helper, installation, mozilla, nvidia, origin, pando media booster, registry, security, senden, sierra, software, symantec, windows



Ähnliche Themen: Wie werde ich Delta-search los?


  1. babylon search und delta search als startseite im browser
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (9)
  2. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  3. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (3)
  4. Delta Search und Babylon search - Malware durch Freeware, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (37)
  5. Delta Search
    Log-Analyse und Auswertung - 19.06.2013 (45)
  6. delta-search.com
    Plagegeister aller Art und deren Bekämpfung - 05.06.2013 (37)
  7. Wie werde ich "Delta-Search " los?
    Log-Analyse und Auswertung - 10.05.2013 (17)
  8. Delta-Search
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (10)
  9. Delta Search die 2te
    Log-Analyse und Auswertung - 03.05.2013 (7)
  10. delta search
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (11)
  11. Delta Search mit Spybot entfernt; Delta Search taucht jedoch in neuen Tab trotzdem auf
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  12. wie werde ich delta search wieder los?
    Plagegeister aller Art und deren Bekämpfung - 08.04.2013 (17)
  13. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (10)
  14. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 22.03.2013 (9)
  15. Delta Search und Babylon Search entfernt - Ist nun alles weg?
    Log-Analyse und Auswertung - 16.03.2013 (18)
  16. Wie werde ich "Delta Search" wieder los?
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (47)
  17. Delta Search
    Log-Analyse und Auswertung - 21.02.2013 (1)

Zum Thema Wie werde ich Delta-search los? - Hallo Leute! Ich habe mir vor ein paar Wochen Delta-search eingefangen. Als ich rausgefunden habe, dass es eine betrügerische Software ist, habe ich den Delta-Toolbar aus meiner Programmliste gelöscht und - Wie werde ich Delta-search los?...
Archiv
Du betrachtest: Wie werde ich Delta-search los? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.