| |
| |||||||
Log-Analyse und Auswertung: pProtector for Windows & Yontoo Layers Runtime1.10.01?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.04.2013, 18:53
| #1 |
| |  pProtector for Windows & Yontoo Layers Runtime1.10.01? Hey, bei dem Aufräumen meines Laptops sind mir zwei komische Programme aufgefallen, nach denen ich anschließend auch gegooglet habe. Dort bin ich dann auf diese Seite hier gestoßen und wollte euch beten wie den anderen hier, auch mir zu helfen. Die beiden Programme heißen: - bProtector for Windows - Yontoo Layers Runtime1.10.01 Anschließend hab ich einen Malwarebytes Anti-Malware Scan gemacht der das ergab: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.04.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 Angie :: 4YOU9 [Administrator] 04.04.2013 14:13:38 mbam-log-2013-04-04 (14-13-38).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 414197 Laufzeit: 4 Stunde(n), 3 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 2020 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.BProtector) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\BPROTECTOR (PUP.BProtector) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\bProtector|iexplore homepages (PUP.BProtector) -> Daten: hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050^^ -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\ProgramData\bProtector (PUP.BProtector) -> Keine Aktion durchgeführt. C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt. Infizierte Dateien: 6 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\ProgramData\bProtector\bProtect.settings (PUP.BProtector) -> Keine Aktion durchgeführt. C:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> Keine Aktion durchgeführt. C:\ProgramData\bProtector\component_332.decrpt (PUP.BProtector) -> Keine Aktion durchgeführt. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. Daraufhin hab ich OTL benutzt: OTL.Txt [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.04.06 19:20:58 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Canneverbe Limited [2013.02.01 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DVDVideoSoft [2013.02.01 23:11:41 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.23 19:28:19 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EPSON [2012.04.06 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\eType [2013.03.26 14:31:06 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ICQ [2012.01.06 20:21:47 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Jewel Match 3 [2013.02.01 23:10:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\OpenCandy [2012.01.08 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\OpenOffice.org [2012.04.03 01:16:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PhotoScape [2012.04.12 01:58:16 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PlayFirst [2012.11.13 18:36:16 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\runic games [2012.01.06 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Screensaver [2012.01.14 21:57:56 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SNS [2013.04.04 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SoftGrid Client [2012.01.16 23:48:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TP [2013.02.01 23:13:01 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TuneUp Software [2012.08.19 22:37:32 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\WildTangent [2012.01.13 07:15:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013.02.21 01:56:35 | 000,006,464 | ---- | M] ()(C:\Users\Angie\Documents\er ?.rtf) -- C:\Users\Angie\Documents\er ♥.rtf [2013.02.21 01:56:35 | 000,006,464 | ---- | C] ()(C:\Users\Angie\Documents\er ?.rtf) -- C:\Users\Angie\Documents\er ♥.rtf < End of report > Extras.TxtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.04.2013 18:53:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Angie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,73 Gb Total Physical Memory | 4,13 Gb Available Physical Memory | 72,01% Memory free
11,46 Gb Paging File | 9,84 Gb Available in Paging File | 85,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449,66 Gb Total Space | 389,60 Gb Free Space | 86,64% Space Free | Partition Type: NTFS
Computer Name: 4YOU9 | User Name: Angie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5F564D63-3130-4BF7-BD33-9450073698B6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DBE96087-271E-40C1-8E74-0A518D9F2A95}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DC88F3-0E03-40D1-98F7-04CF26D0948B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{19C88167-6EAC-4381-A221-F61ED5900928}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1FAAE296-8522-49FB-8FF5-EF2AC9FD6353}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{457671C2-B7AC-4FB3-85AA-10444CAE4981}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{751231CF-8329-423E-946A-5C78901C70B3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{763A9477-0A73-487A-99EF-C2AEC7703AEB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A9D0A112-94D3-4C50-BFA5-AC65527A422C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{C73442B0-55C9-4659-8A30-BD7E84D220F5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D628C3E0-7A95-49BC-932F-01CA1E43ED61}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{EF05177E-B56B-464C-B5E5-4FB4848A0FB6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2E12FEB9-11CD-5B44-D51B-0837225A6594}" = AMD Media Foundation Decoders
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3605D89A-BD66-F5C5-779B-BE9110B41077}" = ATI Catalyst Install Manager
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{85FF8CA9-FF07-9E8D-DC2A-05CE786C5646}" = ccc-utility64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{11C8528F-630F-1BDF-5208-0E1E665EAEC7}" = Catalyst Control Center InstallProxy
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{122B1825-3F1E-F7AA-157C-033A5286339B}" = Catalyst Control Center Localization All
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{1398F892-730D-C334-E7F1-5584F73F3D9F}" = CCC Help Hungarian
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{1895E5C2-A9F8-4757-AD7B-0E9EA8BA1C46}" = Catalyst Control Center - Branding
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2312197F-544A-0DE9-7E78-2D7BD9C755DE}" = CCC Help Chinese Traditional
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{386AEEC9-0994-0491-E3A8-ECCEB98B693C}" = CCC Help Czech
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A961DEF-D492-D159-05E7-AFEBD23B1443}" = CCC Help Thai
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4686B678-6E39-CBB0-D2AD-753768D9482C}" = Catalyst Control Center Graphics Previews Common
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4FEB120F-8FAE-C079-F90E-69DDDFE5F24A}" = CCC Help Portuguese
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5327C3B7-A2BD-DFF9-9AAA-6B25C205A11B}" = CCC Help Finnish
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{56757C8E-7CD5-70F7-7F70-DED7C0290F17}" = CCC Help Russian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62056544-7C76-36A4-72A2-EE64F1C659E6}" = CCC Help French
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7893F1F4-1A7A-7761-A15B-16248A91F14A}" = CCC Help Polish
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{8356465E-39A3-B863-E66D-79BC03B37879}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{85905B8F-7C26-A6E2-6FE4-AA891ADF474A}" = CCC Help Danish
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89EA0D8A-5115-CB48-4B5A-91F8A2A07CB4}" = CCC Help English
"{8A2BDD89-D2A9-70F1-0F9F-5511B4035F4E}" = CCC Help Italian
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{987FD645-B12E-BCE0-723F-D99EAB70EE0B}" = AMD VISION Engine Control Center
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D67169F-A1FD-18D3-C503-69E0B6E7BD09}" = CCC Help Spanish
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A54C3171-046D-9C8F-EEBA-D78A5927156A}" = CCC Help Korean
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA1958B6-C964-BAE1-259C-DB4239BCEEFC}" = CCC Help German
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B51B7CE6-1BFF-1E08-FAE3-75AD36B9A399}" = CCC Help Japanese
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0B83E1B-9DDD-B169-BFA9-DF46CAB9D528}" = CCC Help Chinese Standard
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D20EB399-E879-EB25-F5B2-1CBCBE8B27AB}" = CCC Help Turkish
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA188C57-85BA-0AB4-D11B-2892B79EDF4D}" = CCC Help Dutch
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDCF6C26-F42B-EEE7-C42F-C5DD7509C1EA}" = CCC Help Norwegian
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2207310-FE8E-CB9D-C44C-3042F966CDAD}" = CCC Help Greek
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"EPSON Scanner" = EPSON Scan
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Identity Card" = Identity Card
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PhotoScape" = PhotoScape
"SpecialSavings" = SpecialSavings
"Updater Service" = Updater Service
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WTA-00e9b429-2c52-4d94-9fa1-2a184d2985a8" = Plants vs. Zombies - Game of the Year
"WTA-1111a4cb-0ffa-43a0-8a3b-73197893b35a" = Bejeweled 2 Deluxe
"WTA-28f6e5ec-e2fe-4510-a2eb-88d720fcb082" = Polar Bowler
"WTA-35dbd0b9-f0ed-4995-99b0-aca1917c78fa" = Agatha Christie - Death on the Nile
"WTA-395a00b7-5a28-49db-b182-63f9f5db4d39" = Insaniquarium Deluxe
"WTA-3c399698-0220-4089-b6bc-291f160286de" = Final Drive: Nitro
"WTA-490111e1-e218-4a1d-9d24-9d2a0cc55af4" = Zuma Deluxe
"WTA-49a0db41-dbb3-406e-a5cb-56971d266bbe" = John Deere Drive Green
"WTA-4ae5f5af-a71f-4190-bace-cb6e11941f9c" = Wedding Dash
"WTA-4bf43000-7aca-4632-909f-179705a26850" = Jewel Quest Solitaire
"WTA-60a52c40-a9f8-4a61-9846-ae16df1e2936" = Virtual Villagers 4 - The Tree of Life
"WTA-6865e4f9-ba63-4827-87d9-ffff8964df7d" = Slingo Deluxe
"WTA-83007eb6-1b93-4e5e-99da-a88ea91fa3d8" = Torchlight
"WTA-935e0af2-d51b-4483-9fde-f1b3cafbbaf4" = Jewel Match 3
"WTA-a2a95b20-7474-4438-aa52-90ccc19e7884" = FATE
"WTA-e1350def-3198-4a31-a998-bd958ed1013b" = Penguins!
"WTA-e4c162e5-23a4-4d98-badb-99c3b073700c" = Chuzzle Deluxe
"WTA-f28d9b06-5fc1-4551-b596-f0674ab446af" = Crazy Chicken Kart 2
"WTA-fb938efe-c8d6-47d7-954f-f8ef8abb70f5" = Mystery of Mortlake Mansion
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.09.2012 08:51:31 | Computer Name = 4you9 | Source = WinMgmt | ID = 10
Description =
Error - 23.09.2012 05:20:31 | Computer Name = 4you9 | Source = System Restore | ID = 8193
Description =
Error - 24.09.2012 08:46:32 | Computer Name = 4you9 | Source = WinMgmt | ID = 10
Description =
Error - 26.09.2012 10:16:17 | Computer Name = 4you9 | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 27.09.2012 11:00:57 | Computer Name = 4you9 | Source = System Restore | ID = 8193
Description =
Error - 30.09.2012 07:35:02 | Computer Name = 4you9 | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 04.10.2012 11:00:19 | Computer Name = 4you9 | Source = WinMgmt | ID = 10
Description =
Error - 05.10.2012 07:41:58 | Computer Name = 4you9 | Source = System Restore | ID = 8193
Description =
Error - 06.10.2012 12:19:29 | Computer Name = 4you9 | Source = WinMgmt | ID = 10
Description =
Error - 07.10.2012 11:56:44 | Computer Name = 4you9 | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 18.03.2013 02:11:14 | Computer Name = 4you9 | Source = DCOM | ID = 10010
Description =
Error - 18.03.2013 02:18:27 | Computer Name = 4you9 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
9 für Windows 7 für x64-Systeme (KB2809289)
Error - 19.03.2013 09:52:44 | Computer Name = 4you9 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 26.03.2013 08:22:29 | Computer Name = 4you9 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?03.?2013 um 00:43:59 unerwartet heruntergefahren.
Error - 26.03.2013 16:08:03 | Computer Name = 4you9 | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.147.416.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9302.0 Fehlercode:
0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 26.03.2013 18:17:38 | Computer Name = 4you9 | Source = DCOM | ID = 10010
Description =
Error - 31.03.2013 10:54:13 | Computer Name = 4you9 | Source = DCOM | ID = 10010
Description =
Error - 04.04.2013 07:30:51 | Computer Name = 4you9 | Source = DCOM | ID = 10010
Description =
Error - 04.04.2013 08:08:45 | Computer Name = 4you9 | Source = DCOM | ID = 10010
Description =
Error - 04.04.2013 12:48:15 | Computer Name = 4you9 | Source = DCOM | ID = 10010
Description =
< End of report >
Ich hoffe jemand kann mir helfen (: Und schonmal danke im voraus!  Und hier noch schnell die Gmer- Datei: GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-04 21:21:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5059GSXP rev.GN003J 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Angie\AppData\Local\Temp\fxtdypog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[3364] C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960 000000002da65984 4 bytes [6B, 67, 3E, 65]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077291465 2 bytes [29, 77]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772914bb 2 bytes [29, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000772df9c0 5 bytes JMP 0000000169185f49
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryObject 00000000772df9d8 5 bytes JMP 0000000169186411
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 00000000772dfa08 5 bytes JMP 000000016918016d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 00000000772dfa20 5 bytes JMP 000000016917fbca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 00000000772dfa70 5 bytes JMP 000000016917fa44
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000772dfa88 2 bytes JMP 000000016917fb52
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey + 3 00000000772dfa8b 2 bytes [EA, F1]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 00000000772dfb20 5 bytes JMP 0000000169180424
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 00000000772dfc18 5 bytes JMP 0000000169184369
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 00000000772dfd2c 5 bytes JMP 000000016917f9cc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000772dfd44 5 bytes JMP 0000000169184959
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 00000000772dfd78 5 bytes JMP 00000001691839de
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000772dfe24 5 bytes JMP 0000000169185fc4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 00000000772dfe3c 5 bytes JMP 0000000169184adb
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000772e0094 5 bytes JMP 0000000169184791
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000772e01a4 5 bytes JMP 000000016917fc42
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000772e09c4 5 bytes JMP 0000000169184584
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000772e09dc 5 bytes JMP 000000016917cc5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 00000000772e0a24 5 bytes JMP 000000016917cd29
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 00000000772e0b60 5 bytes JMP 000000016917ccc2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 00000000772e0f50 5 bytes JMP 000000016917fcba
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772e0f68 5 bytes JMP 000000016917ff45
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 00000000772e0ff8 5 bytes JMP 00000001691801fd
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 00000000772e131c 5 bytes JMP 0000000169184b6b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 00000000772e145c 5 bytes JMP 000000016917fec9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 00000000772e1508 5 bytes JMP 0000000169186389
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 00000000772e16f8 1 byte JMP 000000016917d138
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey + 2 00000000772e16fa 3 bytes {JMP 0xfffffffff1e9ba40}
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 00000000772e1a38 5 bytes JMP 000000016917facc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 00000000772e1b7c 5 bytes JMP 000000016918616c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007666103d 5 bytes JMP 00000001691593a9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076661072 5 bytes JMP 00000001691594e7
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007668c9b5 5 bytes JMP 000000016915971d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryW 00000000766e00c3 5 bytes JMP 0000000169159efe
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryA 00000000766e016b 5 bytes JMP 000000016915a231
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!WinExec 00000000766e2c91 5 bytes JMP 0000000169159aa0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!AllocConsole 0000000076706b3e 5 bytes JMP 0000000169187431
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!AttachConsole 0000000076706c02 5 bytes JMP 0000000169187443
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076532aa4 5 bytes JMP 000000016915a43c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075cc8a29 5 bytes JMP 0000000169187419
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075ccd22e 5 bytes JMP 0000000169187401
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 0000000074fcd2b2 5 bytes JMP 0000000169167617
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\GDI32.dll!AddFontResourceA 0000000074fcd7bb 5 bytes JMP 00000001691675fb
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesW 0000000076481e3a 7 bytes JMP 000000016916a3b9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW 000000007648b466 7 bytes JMP 000000016916b2da
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW 00000000764a78ff 7 bytes JMP 000000016916aa60
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW 00000000764a79bb 7 bytes JMP 000000016916ac11
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA 00000000764aa3e2 7 bytes JMP 000000016916b3a0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000764c2538 5 bytes JMP 000000016915985f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA 00000000764e1b94 7 bytes JMP 000000016916ab18
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA 00000000764e1c31 7 bytes JMP 000000016916acc9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusA 00000000764e2021 7 bytes JMP 000000016916b21c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesA 00000000764e2104 7 bytes JMP 000000016916a470
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusW 00000000764e2221 5 bytes JMP 000000016916b15e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!ControlService 0000000076764d5c 7 bytes JMP 000000016916a1fe
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000076764dc3 7 bytes JMP 000000016916a527
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatus 0000000076764e4b 7 bytes JMP 000000016916a28a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatusEx 0000000076764eaf 7 bytes JMP 000000016916a31d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!StartServiceW 0000000076764f35 7 bytes JMP 000000016916a079
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!StartServiceA 000000007676508d 7 bytes JMP 000000016916a10f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity 00000000767650f4 7 bytes JMP 000000016916b02c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076765181 7 bytes JMP 000000016916b0c8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076765254 7 bytes JMP 000000016916a728
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000767653d5 7 bytes JMP 000000016916a643
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000767654c2 7 bytes JMP 000000016916a9ca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000767655e2 7 bytes JMP 000000016916a934
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007676567c 7 bytes JMP 0000000169169e5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007676589f 7 bytes JMP 0000000169169d85
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076765a22 7 bytes JMP 000000016916a5b5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigA 0000000076765a83 7 bytes JMP 000000016916ae5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW 0000000076765b29 7 bytes JMP 000000016916adc2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA 0000000076765ca0 7 bytes JMP 0000000169169535
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!ControlServiceExW 0000000076765d8c 7 bytes JMP 00000001691694bc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerW 00000000767663ad 7 bytes JMP 0000000169169a83
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerA 00000000767664f0 7 bytes JMP 0000000169169b0f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2A 0000000076766633 7 bytes JMP 000000016916af90
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2W 000000007676680c 7 bytes JMP 000000016916aef4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 000000007676714b 7 bytes JMP 0000000169169bf8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 0000000076767245 7 bytes JMP 0000000169169c84
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoRegisterPSClsid 0000000075f1c56e 5 bytes JMP 00000001691711c4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 0000000075f1ea09 7 bytes JMP 0000000169171795
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!OleRun 0000000075f207de 5 bytes JMP 0000000169171650
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 0000000075f221e1 5 bytes JMP 00000001691722c5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!OleUninitialize 0000000075f2eba1 6 bytes JMP 000000016917156f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!OleInitialize 0000000075f2efd7 5 bytes JMP 00000001691714ff
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoGetPSClsid 0000000075f326b9 5 bytes JMP 000000016917133c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000075f454ad 5 bytes JMP 0000000169172853
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoInitializeEx 0000000075f509ad 5 bytes JMP 00000001691713af
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoUninitialize 0000000075f586d3 5 bytes JMP 0000000169171431
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f59d0b 5 bytes JMP 0000000169173b21
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075f59d4e 5 bytes JMP 0000000169171c5c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 0000000075f7bb09 7 bytes JMP 00000001691716c0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 0000000075f9eacf 5 bytes JMP 0000000169170c21
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 0000000075fd340b 5 bytes JMP 0000000169172d13
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 000000007601cfd9 5 bytes JMP 00000001691715da
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\OLEAUT32.dll!RegisterActiveObject 0000000076d2279e 5 bytes JMP 0000000169170eb4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\OLEAUT32.dll!RevokeActiveObject 0000000076d23294 5 bytes JMP 0000000169170fd5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\OLEAUT32.dll!GetActiveObject 0000000076d38f40 5 bytes JMP 0000000169171048
---- EOF - GMER 2.1 ----
|
| Themen zu pProtector for Windows & Yontoo Layers Runtime1.10.01? |
| .com, .dll, administrator, adware.yontoo, converter, explorer, failed, flash player, format, iexplore.exe, install.exe, launch, microsoft office starter 2010, mp3, ntdll.dll, ntopenkeyex, packard bell, photoshop, plug-in, problem, problembehandlung, pup.bprotector, pup.bundleinstaller.ib, pup.installbrain, realtek, registry, rundll, security, software, updates, windows, wlansvc |
Baum-Darstellung