Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: pProtector for Windows & Yontoo Layers Runtime1.10.01?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.04.2013, 19:53   #1
noireify
 
pProtector for Windows & Yontoo Layers Runtime1.10.01? - Standard

pProtector for Windows & Yontoo Layers Runtime1.10.01?



Hey, bei dem Aufräumen meines Laptops sind mir zwei komische Programme aufgefallen, nach denen ich anschließend auch gegooglet habe. Dort bin ich dann auf diese Seite hier gestoßen und wollte euch beten wie den anderen hier, auch mir zu helfen.
Die beiden Programme heißen:
- bProtector for Windows
- Yontoo Layers Runtime1.10.01

Anschließend hab ich einen Malwarebytes Anti-Malware Scan gemacht der das ergab:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.04.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Angie :: 4YOU9 [Administrator]

04.04.2013 14:13:38
mbam-log-2013-04-04 (14-13-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 414197
Laufzeit: 4 Stunde(n), 3 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 2020 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.BProtector) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BPROTECTOR (PUP.BProtector) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\bProtector|iexplore homepages (PUP.BProtector) -> Daten: hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050^^ -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\ProgramData\bProtector (PUP.BProtector) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Dateien: 6
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\ProgramData\bProtector\bProtect.settings (PUP.BProtector) -> Keine Aktion durchgeführt.
C:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> Keine Aktion durchgeführt.
C:\ProgramData\bProtector\component_332.decrpt (PUP.BProtector) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.


Daraufhin hab ich OTL benutzt:

OTL.Txt


[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.04.06 19:20:58 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Canneverbe Limited
[2013.02.01 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DVDVideoSoft
[2013.02.01 23:11:41 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.23 19:28:19 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EPSON
[2012.04.06 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\eType
[2013.03.26 14:31:06 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ICQ
[2012.01.06 20:21:47 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Jewel Match 3
[2013.02.01 23:10:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\OpenCandy
[2012.01.08 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\OpenOffice.org
[2012.04.03 01:16:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PhotoScape
[2012.04.12 01:58:16 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PlayFirst
[2012.11.13 18:36:16 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\runic games
[2012.01.06 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Screensaver
[2012.01.14 21:57:56 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SNS
[2013.04.04 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SoftGrid Client
[2012.01.16 23:48:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TP
[2013.02.01 23:13:01 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TuneUp Software
[2012.08.19 22:37:32 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\WildTangent
[2012.01.13 07:15:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013.02.21 01:56:35 | 000,006,464 | ---- | M] ()(C:\Users\Angie\Documents\er ?.rtf) -- C:\Users\Angie\Documents\er ♥.rtf
[2013.02.21 01:56:35 | 000,006,464 | ---- | C] ()(C:\Users\Angie\Documents\er ?.rtf) -- C:\Users\Angie\Documents\er ♥.rtf

< End of report >


Extras.Txt
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.04.2013 18:53:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Angie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,73 Gb Total Physical Memory | 4,13 Gb Available Physical Memory | 72,01% Memory free
11,46 Gb Paging File | 9,84 Gb Available in Paging File | 85,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449,66 Gb Total Space | 389,60 Gb Free Space | 86,64% Space Free | Partition Type: NTFS
 
Computer Name: 4YOU9 | User Name: Angie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5F564D63-3130-4BF7-BD33-9450073698B6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{DBE96087-271E-40C1-8E74-0A518D9F2A95}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DC88F3-0E03-40D1-98F7-04CF26D0948B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{19C88167-6EAC-4381-A221-F61ED5900928}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{1FAAE296-8522-49FB-8FF5-EF2AC9FD6353}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{457671C2-B7AC-4FB3-85AA-10444CAE4981}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{751231CF-8329-423E-946A-5C78901C70B3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{763A9477-0A73-487A-99EF-C2AEC7703AEB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A9D0A112-94D3-4C50-BFA5-AC65527A422C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{C73442B0-55C9-4659-8A30-BD7E84D220F5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{D628C3E0-7A95-49BC-932F-01CA1E43ED61}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{EF05177E-B56B-464C-B5E5-4FB4848A0FB6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2E12FEB9-11CD-5B44-D51B-0837225A6594}" = AMD Media Foundation Decoders
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3605D89A-BD66-F5C5-779B-BE9110B41077}" = ATI Catalyst Install Manager
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{85FF8CA9-FF07-9E8D-DC2A-05CE786C5646}" = ccc-utility64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{11C8528F-630F-1BDF-5208-0E1E665EAEC7}" = Catalyst Control Center InstallProxy
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{122B1825-3F1E-F7AA-157C-033A5286339B}" = Catalyst Control Center Localization All
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{1398F892-730D-C334-E7F1-5584F73F3D9F}" = CCC Help Hungarian
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{1895E5C2-A9F8-4757-AD7B-0E9EA8BA1C46}" = Catalyst Control Center - Branding
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2312197F-544A-0DE9-7E78-2D7BD9C755DE}" = CCC Help Chinese Traditional
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{386AEEC9-0994-0491-E3A8-ECCEB98B693C}" = CCC Help Czech
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A961DEF-D492-D159-05E7-AFEBD23B1443}" = CCC Help Thai
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4686B678-6E39-CBB0-D2AD-753768D9482C}" = Catalyst Control Center Graphics Previews Common
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4FEB120F-8FAE-C079-F90E-69DDDFE5F24A}" = CCC Help Portuguese
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5327C3B7-A2BD-DFF9-9AAA-6B25C205A11B}" = CCC Help Finnish
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{56757C8E-7CD5-70F7-7F70-DED7C0290F17}" = CCC Help Russian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62056544-7C76-36A4-72A2-EE64F1C659E6}" = CCC Help French
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7893F1F4-1A7A-7761-A15B-16248A91F14A}" = CCC Help Polish
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{8356465E-39A3-B863-E66D-79BC03B37879}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{85905B8F-7C26-A6E2-6FE4-AA891ADF474A}" = CCC Help Danish
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89EA0D8A-5115-CB48-4B5A-91F8A2A07CB4}" = CCC Help English
"{8A2BDD89-D2A9-70F1-0F9F-5511B4035F4E}" = CCC Help Italian
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{987FD645-B12E-BCE0-723F-D99EAB70EE0B}" = AMD VISION Engine Control Center
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D67169F-A1FD-18D3-C503-69E0B6E7BD09}" = CCC Help Spanish
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A54C3171-046D-9C8F-EEBA-D78A5927156A}" = CCC Help Korean
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA1958B6-C964-BAE1-259C-DB4239BCEEFC}" = CCC Help German
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B51B7CE6-1BFF-1E08-FAE3-75AD36B9A399}" = CCC Help Japanese
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0B83E1B-9DDD-B169-BFA9-DF46CAB9D528}" = CCC Help Chinese Standard
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D20EB399-E879-EB25-F5B2-1CBCBE8B27AB}" = CCC Help Turkish
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA188C57-85BA-0AB4-D11B-2892B79EDF4D}" = CCC Help Dutch
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDCF6C26-F42B-EEE7-C42F-C5DD7509C1EA}" = CCC Help Norwegian
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2207310-FE8E-CB9D-C44C-3042F966CDAD}" = CCC Help Greek
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"EPSON Scanner" = EPSON Scan
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Identity Card" = Identity Card
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PhotoScape" = PhotoScape
"SpecialSavings" = SpecialSavings
"Updater Service" = Updater Service
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WTA-00e9b429-2c52-4d94-9fa1-2a184d2985a8" = Plants vs. Zombies - Game of the Year
"WTA-1111a4cb-0ffa-43a0-8a3b-73197893b35a" = Bejeweled 2 Deluxe
"WTA-28f6e5ec-e2fe-4510-a2eb-88d720fcb082" = Polar Bowler
"WTA-35dbd0b9-f0ed-4995-99b0-aca1917c78fa" = Agatha Christie - Death on the Nile
"WTA-395a00b7-5a28-49db-b182-63f9f5db4d39" = Insaniquarium Deluxe
"WTA-3c399698-0220-4089-b6bc-291f160286de" = Final Drive: Nitro
"WTA-490111e1-e218-4a1d-9d24-9d2a0cc55af4" = Zuma Deluxe
"WTA-49a0db41-dbb3-406e-a5cb-56971d266bbe" = John Deere Drive Green
"WTA-4ae5f5af-a71f-4190-bace-cb6e11941f9c" = Wedding Dash
"WTA-4bf43000-7aca-4632-909f-179705a26850" = Jewel Quest Solitaire
"WTA-60a52c40-a9f8-4a61-9846-ae16df1e2936" = Virtual Villagers 4 - The Tree of Life
"WTA-6865e4f9-ba63-4827-87d9-ffff8964df7d" = Slingo Deluxe
"WTA-83007eb6-1b93-4e5e-99da-a88ea91fa3d8" = Torchlight
"WTA-935e0af2-d51b-4483-9fde-f1b3cafbbaf4" = Jewel Match 3
"WTA-a2a95b20-7474-4438-aa52-90ccc19e7884" = FATE
"WTA-e1350def-3198-4a31-a998-bd958ed1013b" = Penguins!
"WTA-e4c162e5-23a4-4d98-badb-99c3b073700c" = Chuzzle Deluxe
"WTA-f28d9b06-5fc1-4551-b596-f0674ab446af" = Crazy Chicken Kart 2
"WTA-fb938efe-c8d6-47d7-954f-f8ef8abb70f5" = Mystery of Mortlake Mansion
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.09.2012 08:51:31 | Computer Name = 4you9 | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.09.2012 05:20:31 | Computer Name = 4you9 | Source = System Restore | ID = 8193
Description = 
 
Error - 24.09.2012 08:46:32 | Computer Name = 4you9 | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.09.2012 10:16:17 | Computer Name = 4you9 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 27.09.2012 11:00:57 | Computer Name = 4you9 | Source = System Restore | ID = 8193
Description = 
 
Error - 30.09.2012 07:35:02 | Computer Name = 4you9 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 04.10.2012 11:00:19 | Computer Name = 4you9 | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.10.2012 07:41:58 | Computer Name = 4you9 | Source = System Restore | ID = 8193
Description = 
 
Error - 06.10.2012 12:19:29 | Computer Name = 4you9 | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.10.2012 11:56:44 | Computer Name = 4you9 | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 18.03.2013 02:11:14 | Computer Name = 4you9 | Source = DCOM | ID = 10010
Description = 
 
Error - 18.03.2013 02:18:27 | Computer Name = 4you9 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80242016 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
 9 für Windows 7 für x64-Systeme (KB2809289)
 
Error - 19.03.2013 09:52:44 | Computer Name = 4you9 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 26.03.2013 08:22:29 | Computer Name = 4you9 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?03.?2013 um 00:43:59 unerwartet heruntergefahren.
 
Error - 26.03.2013 16:08:03 | Computer Name = 4you9 | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.147.416.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.9302.0     Fehlercode:
 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
Error - 26.03.2013 18:17:38 | Computer Name = 4you9 | Source = DCOM | ID = 10010
Description = 
 
Error - 31.03.2013 10:54:13 | Computer Name = 4you9 | Source = DCOM | ID = 10010
Description = 
 
Error - 04.04.2013 07:30:51 | Computer Name = 4you9 | Source = DCOM | ID = 10010
Description = 
 
Error - 04.04.2013 08:08:45 | Computer Name = 4you9 | Source = DCOM | ID = 10010
Description = 
 
Error - 04.04.2013 12:48:15 | Computer Name = 4you9 | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---


Ich hoffe jemand kann mir helfen (:
Und schonmal danke im voraus!

Und hier noch schnell die Gmer- Datei:
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-04 21:21:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5059GSXP rev.GN003J 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Angie\AppData\Local\Temp\fxtdypog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                  0000000077291465 2 bytes [29, 77]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                 00000000772914bb 2 bytes [29, 77]
.text  ...                                                                                                                                                                                                                                   * 2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                             0000000077291465 2 bytes [29, 77]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                            00000000772914bb 2 bytes [29, 77]
.text  ...                                                                                                                                                                                                                                   * 2
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                      0000000077291465 2 bytes [29, 77]
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                     00000000772914bb 2 bytes [29, 77]
.text  ...                                                                                                                                                                                                                                   * 2
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[3364] C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960  000000002da65984 4 bytes [6B, 67, 3E, 65]
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                     0000000077291465 2 bytes [29, 77]
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                    00000000772914bb 2 bytes [29, 77]
.text  ...                                                                                                                                                                                                                                   * 2
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                00000000772df9c0 5 bytes JMP 0000000169185f49
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryObject                                                                                          00000000772df9d8 5 bytes JMP 0000000169186411
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey                                                                                              00000000772dfa08 5 bytes JMP 000000016918016d
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey                                                                                    00000000772dfa20 5 bytes JMP 000000016917fbca
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey                                                                                             00000000772dfa70 5 bytes JMP 000000016917fa44
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                                        00000000772dfa88 2 bytes JMP 000000016917fb52
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey + 3                                                                                    00000000772dfa8b 2 bytes [EA, F1]
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey                                                                                            00000000772dfb20 5 bytes JMP 0000000169180424
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                                                   00000000772dfc18 5 bytes JMP 0000000169184369
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey                                                                                         00000000772dfd2c 5 bytes JMP 000000016917f9cc
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                             00000000772dfd44 5 bytes JMP 0000000169184959
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                   00000000772dfd78 5 bytes JMP 00000001691839de
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                      00000000772dfe24 5 bytes JMP 0000000169185fc4
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile                                                                                  00000000772dfe3c 5 bytes JMP 0000000169184adb
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                           00000000772e0094 5 bytes JMP 0000000169184791
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                          00000000772e01a4 5 bytes JMP 000000016917fc42
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile                                                                                           00000000772e09c4 5 bytes JMP 0000000169184584
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey                                                                                            00000000772e09dc 5 bytes JMP 000000016917cc5b
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                                       00000000772e0a24 5 bytes JMP 000000016917cd29
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey                                                                                             00000000772e0b60 5 bytes JMP 000000016917ccc2
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey                                                                                      00000000772e0f50 5 bytes JMP 000000016917fcba
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys                                                                             00000000772e0f68 5 bytes JMP 000000016917ff45
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx                                                                                            00000000772e0ff8 5 bytes JMP 00000001691801fd
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile                                                                              00000000772e131c 5 bytes JMP 0000000169184b6b
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey                                                                                00000000772e145c 5 bytes JMP 000000016917fec9
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject                                                                                  00000000772e1508 5 bytes JMP 0000000169186389
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey                                                                                            00000000772e16f8 1 byte JMP 000000016917d138
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey + 2                                                                                        00000000772e16fa 3 bytes {JMP 0xfffffffff1e9ba40}
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey                                                                                    00000000772e1a38 5 bytes JMP 000000016917facc
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject                                                                                    00000000772e1b7c 5 bytes JMP 000000016918616c
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                      000000007666103d 5 bytes JMP 00000001691593a9
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                      0000000076661072 5 bytes JMP 00000001691594e7
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                000000007668c9b5 5 bytes JMP 000000016915971d
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryW                                                                                    00000000766e00c3 5 bytes JMP 0000000169159efe
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!SetDllDirectoryA                                                                                    00000000766e016b 5 bytes JMP 000000016915a231
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                             00000000766e2c91 5 bytes JMP 0000000169159aa0
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!AllocConsole                                                                                        0000000076706b3e 5 bytes JMP 0000000169187431
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\kernel32.dll!AttachConsole                                                                                       0000000076706c02 5 bytes JMP 0000000169187443
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                    0000000076532aa4 5 bytes JMP 000000016915a43c
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                       0000000075cc8a29 5 bytes JMP 0000000169187419
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                       0000000075ccd22e 5 bytes JMP 0000000169187401
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\GDI32.dll!AddFontResourceW                                                                                       0000000074fcd2b2 5 bytes JMP 0000000169167617
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\GDI32.dll!AddFontResourceA                                                                                       0000000074fcd7bb 5 bytes JMP 00000001691675fb
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesW                                                                              0000000076481e3a 7 bytes JMP 000000016916a3b9
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW                                                                               000000007648b466 7 bytes JMP 000000016916b2da
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW                                                                                  00000000764a78ff 7 bytes JMP 000000016916aa60
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW                                                                              00000000764a79bb 7 bytes JMP 000000016916ac11
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA                                                                               00000000764aa3e2 7 bytes JMP 000000016916b3a0
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                00000000764c2538 5 bytes JMP 000000016915985f
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA                                                                                  00000000764e1b94 7 bytes JMP 000000016916ab18
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA                                                                              00000000764e1c31 7 bytes JMP 000000016916acc9
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusA                                                                                 00000000764e2021 7 bytes JMP 000000016916b21c
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!EnumDependentServicesA                                                                              00000000764e2104 7 bytes JMP 000000016916a470
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ADVAPI32.dll!EnumServicesStatusW                                                                                 00000000764e2221 5 bytes JMP 000000016916b15e
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!ControlService                                                                                       0000000076764d5c 7 bytes JMP 000000016916a1fe
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle                                                                                   0000000076764dc3 7 bytes JMP 000000016916a527
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatus                                                                                   0000000076764e4b 7 bytes JMP 000000016916a28a
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceStatusEx                                                                                 0000000076764eaf 7 bytes JMP 000000016916a31d
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!StartServiceW                                                                                        0000000076764f35 7 bytes JMP 000000016916a079
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!StartServiceA                                                                                        000000007676508d 7 bytes JMP 000000016916a10f
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity                                                                           00000000767650f4 7 bytes JMP 000000016916b02c
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                                             0000000076765181 7 bytes JMP 000000016916b0c8
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                                 0000000076765254 7 bytes JMP 000000016916a728
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                                 00000000767653d5 7 bytes JMP 000000016916a643
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                                00000000767654c2 7 bytes JMP 000000016916a9ca
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                                00000000767655e2 7 bytes JMP 000000016916a934
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                                       000000007676567c 7 bytes JMP 0000000169169e5b
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                                       000000007676589f 7 bytes JMP 0000000169169d85
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                                        0000000076765a22 7 bytes JMP 000000016916a5b5
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigA                                                                                  0000000076765a83 7 bytes JMP 000000016916ae5b
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW                                                                                  0000000076765b29 7 bytes JMP 000000016916adc2
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA                                                                                    0000000076765ca0 7 bytes JMP 0000000169169535
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!ControlServiceExW                                                                                    0000000076765d8c 7 bytes JMP 00000001691694bc
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerW                                                                                       00000000767663ad 7 bytes JMP 0000000169169a83
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!OpenSCManagerA                                                                                       00000000767664f0 7 bytes JMP 0000000169169b0f
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2A                                                                                 0000000076766633 7 bytes JMP 000000016916af90
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfig2W                                                                                 000000007676680c 7 bytes JMP 000000016916aef4
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!OpenServiceW                                                                                         000000007676714b 7 bytes JMP 0000000169169bf8
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\SysWOW64\sechost.dll!OpenServiceA                                                                                         0000000076767245 7 bytes JMP 0000000169169c84
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoRegisterPSClsid                                                                                      0000000075f1c56e 5 bytes JMP 00000001691711c4
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7                                                                               0000000075f1ea09 7 bytes JMP 0000000169171795
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!OleRun                                                                                                 0000000075f207de 5 bytes JMP 0000000169171650
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject                                                                                  0000000075f221e1 5 bytes JMP 00000001691722c5
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!OleUninitialize                                                                                        0000000075f2eba1 6 bytes JMP 000000016917156f
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!OleInitialize                                                                                          0000000075f2efd7 5 bytes JMP 00000001691714ff
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoGetPSClsid                                                                                           0000000075f326b9 5 bytes JMP 000000016917133c
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoGetClassObject                                                                                       0000000075f454ad 5 bytes JMP 0000000169172853
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoInitializeEx                                                                                         0000000075f509ad 5 bytes JMP 00000001691713af
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoUninitialize                                                                                         0000000075f586d3 5 bytes JMP 0000000169171431
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                       0000000075f59d0b 5 bytes JMP 0000000169173b21
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx                                                                                     0000000075f59d4e 5 bytes JMP 0000000169171c5c
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7                                                                              0000000075f7bb09 7 bytes JMP 00000001691716c0
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject                                                                                    0000000075f9eacf 5 bytes JMP 0000000169170c21
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile                                                                                  0000000075fd340b 5 bytes JMP 0000000169172d13
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc                                                                                    000000007601cfd9 5 bytes JMP 00000001691715da
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\OLEAUT32.dll!RegisterActiveObject                                                                                0000000076d2279e 5 bytes JMP 0000000169170eb4
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\OLEAUT32.dll!RevokeActiveObject                                                                                  0000000076d23294 5 bytes JMP 0000000169170fd5
.text  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4340] C:\Windows\syswow64\OLEAUT32.dll!GetActiveObject                                                                                     0000000076d38f40 5 bytes JMP 0000000169171048

---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 05.04.2013, 08:16   #2
t'john
/// Helfer-Team
 
pProtector for Windows & Yontoo Layers Runtime1.10.01? - Standard

pProtector for Windows & Yontoo Layers Runtime1.10.01?





OTL.txt ist unvollstaendig!
__________________

__________________

Alt 05.04.2013, 11:28   #3
noireify
 
pProtector for Windows & Yontoo Layers Runtime1.10.01? - Standard

pProtector for Windows & Yontoo Layers Runtime1.10.01?



Ich hab mich schon gewundert warum das so kurz ist...

Hier nochmals die Datei:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.04.2013 11:07:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Angie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,73 Gb Total Physical Memory | 3,97 Gb Available Physical Memory | 69,31% Memory free
11,46 Gb Paging File | 9,52 Gb Available in Paging File | 83,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449,66 Gb Total Space | 389,18 Gb Free Space | 86,55% Space Free | Partition Type: NTFS
 
Computer Name: 4YOU9 | User Name: Angie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Angie\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation)
PRC - C:\ProgramData\IBUpdaterService\ibsvc.exe ()
PRC - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Angie\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Angie\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll ()
MOD - C:\Users\Angie\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll ()
MOD - C:\Users\Angie\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll ()
MOD - C:\Users\Angie\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ()
MOD - C:\Windows\SysWOW64\protector.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation)
SRV - (IBUpdaterService) -- C:\ProgramData\IBUpdaterService\ibsvc.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (Live Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys (Symantec Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192Ce.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120312.035\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120312.035\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120310.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120302.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = eType Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.etype.com/?smart=1&query={searchTerms}
IE - HKCU\..\SearchScopes\{56A5AA64-DF7D-4DC1-9884-119CF1A88ACC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8607381B-6CA6-487F-8396-BBEC43DCC060&apn_sauid=00FA0CCC-598F-47A8-9ED2-4DADADF2C535
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AD9EC645-4FC6-479E-BF72-EE32E13C5D05}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Angie\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Angie\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2012.02.07 11:28:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2013.04.05 11:05:41 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Angie\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Angie\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Angie\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.6_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Google Mail = C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_S2E7.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81E5D2C8-9D8F-4A56-8347-0AB6447DC22A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (protector.dll) -  File not found
O20 - AppInit_DLLs: (protector.dll) - C:\Windows\SysWow64\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.04 18:47:04 | 000,000,000 | ---D | C] -- C:\Users\Angie\Desktop\Neuer Ordner
[2013.04.04 13:51:57 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Malwarebytes
[2013.04.04 13:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.04 13:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.04 13:51:08 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.04 13:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.04 13:50:51 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Programs
[2013.04.04 12:20:44 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Local\Apps
[2013.03.31 16:45:28 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.03.18 07:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.18 06:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.18 06:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.09 19:00:31 | 000,000,000 | ---D | C] -- C:\Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.05 11:10:36 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 11:10:36 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 11:07:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.05 11:03:17 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.05 11:02:57 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2013.04.05 11:02:44 | 318,164,991 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.05 00:42:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075704344-3783680903-4272080239-1000UA.job
[2013.04.05 00:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.04 23:16:11 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.04 23:16:11 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.04 23:16:11 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.04 23:16:11 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.04 23:16:11 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.04 20:16:42 | 000,377,856 | ---- | M] () -- C:\Users\Angie\Desktop\gmer_2.1.19163.exe
[2013.04.04 15:43:10 | 000,000,000 | ---- | M] () -- C:\Users\Angie\defogger_reenable
[2013.04.04 15:42:41 | 000,050,477 | ---- | M] () -- C:\Users\Angie\Desktop\Defogger.exe
[2013.04.04 15:42:07 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075704344-3783680903-4272080239-1000Core.job
[2013.04.04 14:10:09 | 000,308,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.04 13:51:41 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.04 11:41:49 | 000,002,342 | ---- | M] () -- C:\Users\Angie\Desktop\Google Chrome.lnk
[2013.03.18 07:23:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.18 07:23:03 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.08 16:15:08 | 000,003,341 | ---- | M] () -- C:\Users\Angie\Documents\donnerstag.rtf
[2013.03.06 22:45:39 | 000,003,771 | ---- | M] () -- C:\Users\Angie\Documents\mittwoch.rtf
[2013.03.06 20:00:31 | 000,003,349 | ---- | M] () -- C:\Users\Angie\Documents\dienstag.rtf
 
========== Files Created - No Company Name ==========
 
[2013.04.04 20:16:36 | 000,377,856 | ---- | C] () -- C:\Users\Angie\Desktop\gmer_2.1.19163.exe
[2013.04.04 15:43:10 | 000,000,000 | ---- | C] () -- C:\Users\Angie\defogger_reenable
[2013.04.04 15:42:37 | 000,050,477 | ---- | C] () -- C:\Users\Angie\Desktop\Defogger.exe
[2013.04.04 13:51:40 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.18 07:23:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.18 07:23:03 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.08 16:15:07 | 000,003,341 | ---- | C] () -- C:\Users\Angie\Documents\donnerstag.rtf
[2013.03.06 22:45:38 | 000,003,771 | ---- | C] () -- C:\Users\Angie\Documents\mittwoch.rtf
[2013.03.06 20:00:30 | 000,003,349 | ---- | C] () -- C:\Users\Angie\Documents\dienstag.rtf
[2012.11.13 18:27:40 | 000,001,056 | ---- | C] () -- C:\Users\Angie\Bilder - Verknüpfung.lnk
[2012.04.12 01:31:03 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012.04.06 15:00:42 | 000,793,080 | ---- | C] () -- C:\Windows\SysWow64\protector.dll
[2012.03.10 14:00:16 | 000,000,668 | ---- | C] () -- C:\Users\Angie\Bibliotheken - Verknüpfung.lnk
[2012.01.09 02:03:29 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.01.09 02:03:28 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.01.09 02:03:28 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.01.09 02:03:28 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.01.09 02:03:28 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.01.09 02:03:28 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.01.09 02:03:28 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.01.09 02:03:28 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.01.09 02:03:28 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.01.09 02:03:28 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.01.09 02:03:27 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.01.09 02:03:27 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.01.09 02:03:27 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.01.09 02:03:27 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.01.09 02:03:27 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.01.09 02:03:27 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.01.09 02:03:27 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.01.09 02:03:26 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.01.09 02:03:26 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.01.09 01:44:00 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2012.01.06 21:14:49 | 001,528,460 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.25 09:39:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.12 10:28:15 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.10.12 10:27:42 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.25 00:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.06 19:20:58 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Canneverbe Limited
[2013.02.01 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DVDVideoSoft
[2013.02.01 23:11:41 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.23 19:28:19 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\EPSON
[2012.04.06 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\eType
[2013.03.26 14:31:06 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\ICQ
[2012.01.06 20:21:47 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Jewel Match 3
[2013.02.01 23:10:34 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\OpenCandy
[2012.01.08 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\OpenOffice.org
[2012.04.03 01:16:05 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PhotoScape
[2012.04.12 01:58:16 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PlayFirst
[2012.11.13 18:36:16 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\runic games
[2012.01.06 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Screensaver
[2012.01.14 21:57:56 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SNS
[2013.04.04 23:10:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SoftGrid Client
[2012.01.16 23:48:10 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TP
[2013.02.01 23:13:01 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\TuneUp Software
[2012.08.19 22:37:32 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\WildTangent
[2012.01.13 07:15:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.02.21 01:56:35 | 000,006,464 | ---- | M] ()(C:\Users\Angie\Documents\er ?.rtf) -- C:\Users\Angie\Documents\er ♥.rtf
[2013.02.21 01:56:35 | 000,006,464 | ---- | C] ()(C:\Users\Angie\Documents\er ?.rtf) -- C:\Users\Angie\Documents\er ♥.rtf

< End of report >
         
--- --- ---
__________________

Alt 05.04.2013, 11:57   #4
t'john
/// Helfer-Team
 
pProtector for Windows & Yontoo Layers Runtime1.10.01? - Standard

pProtector for Windows & Yontoo Layers Runtime1.10.01?



Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

MOD - C:\Windows\SysWOW64\protector.dll () 
SRV - (IBUpdaterService) -- C:\ProgramData\IBUpdaterService\ibsvc.exe () 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Angie\*.tmp
C:\Users\Angie\AppData\*.dll
C:\Users\Angie\AppData\*.exe
C:\Users\Angie\AppData\Local\Temp\*.exe
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.04.2013, 12:36   #5
noireify
 
pProtector for Windows & Yontoo Layers Runtime1.10.01? - Standard

pProtector for Windows & Yontoo Layers Runtime1.10.01?



1. Schritt wurde ausgeführt ohne Probleme:

All processes killed
========== OTL ==========
Service IBUpdaterService stopped successfully!
Service IBUpdaterService deleted successfully!
C:\ProgramData\IBUpdaterService\ibsvc.exe moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{A0382E3C-7384-429A-9BFA-AF5888E5A193} folder moved successfully.
C:\ProgramData\Temp\{64EF903E-D00A-414C-94A4-FBA368FFCDC9} folder moved successfully.
C:\ProgramData\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Angie\*.tmp not found.
File\Folder C:\Users\Angie\AppData\*.dll not found.
File\Folder C:\Users\Angie\AppData\*.exe not found.
C:\Users\Angie\AppData\Local\Temp\APNStub.exe moved successfully.
C:\Users\Angie\AppData\Local\Temp\GoogleUpdateSetup.exebe305b8 moved successfully.
C:\Users\Angie\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe moved successfully.
C:\Users\Angie\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Angie\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Angie\Desktop\cmd.bat deleted successfully.
C:\Users\Angie\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Angie
->Temp folder emptied: 1211013540 bytes
->Temporary Internet Files folder emptied: 1466264097 bytes
->Google Chrome cache emptied: 343024339 bytes
->Flash cache emptied: 100582 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138026761 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78140 bytes
RecycleBin emptied: 602112 bytes

Total Files Cleaned = 3.013,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04052013_120943

Files\Folders moved on Reboot...
C:\Users\Angie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Angie\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

2. Schritt ohne Probleme durchgeführt:


Logfile nach dem 1. Scan :

Malwarebytes Anti-Rootkit BETA 1.01.0.1022
Malwarebytes : Free Anti-Malware download

Database version: v2013.04.05.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Angie :: 4YOU9 [administrator]

05.04.2013 13:04:07
mbar-log-2013-04-05 (13-04-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29825
Time elapsed: 16 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.BProtector) -> Delete on reboot.
HKCU\SOFTWARE\BPROTECTOR (PUP.BProtector) -> Delete on reboot.

Registry Values Detected: 1
HKCU\SOFTWARE\BPROTECTOR|iexplore homepages (PUP.BProtector) -> Data: hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050^^ -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\ProgramData\bProtector (PUP.BProtector) -> Delete on reboot.
c:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.

Files Detected: 4
c:\ProgramData\bProtector\bProtect.settings (PUP.BProtector) -> Delete on reboot.
c:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> Delete on reboot.
c:\ProgramData\bProtector\component_332.decrpt (PUP.BProtector) -> Delete on reboot.
c:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Delete on reboot.

(end)


Logfile nach dem 2. Scan:


Malwarebytes Anti-Rootkit BETA 1.01.0.1022
Malwarebytes : Free Anti-Malware download

Database version: v2013.04.05.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Angie :: 4YOU9 [administrator]

05.04.2013 13:30:48
mbar-log-2013-04-05 (13-30-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29835
Time elapsed: 20 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

3. Schritt ohne Probleme durchlaufen:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 05/04/2013 um 13:35:51 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Angie - 4YOU9
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Angie\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\SpecialSavings
Ordner Gelöscht : C:\Program Files (x86)\Yontoo Layers Runtime
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Angie\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Angie\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Angie\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Angie\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Angie\AppData\Roaming\eType
Ordner Gelöscht : C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings
Ordner Gelöscht : C:\Users\Angie\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SpecialSavings
Schlüssel Gelöscht : HKCU\Software\bProtector
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DSNR Labs
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0230100-3044-43B1-A44E-70DC12FD418C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16521

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Google Chrome v26.0.1410.43

Datei : C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [6530 octets] - [05/04/2013 13:35:51]

########## EOF - C:\AdwCleaner[S1].txt - [6590 octets] ##########
         
--- --- ---


Alt 06.04.2013, 10:48   #6
t'john
/// Helfer-Team
 
pProtector for Windows & Yontoo Layers Runtime1.10.01? - Standard

pProtector for Windows & Yontoo Layers Runtime1.10.01?



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
--> pProtector for Windows & Yontoo Layers Runtime1.10.01?

Alt 07.04.2013, 18:30   #7
noireify
 
pProtector for Windows & Yontoo Layers Runtime1.10.01? - Standard

pProtector for Windows & Yontoo Layers Runtime1.10.01?



aswMBR ohne Probleme durchgeführt:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-07 13:23:49
-----------------------------
13:23:49.038 OS Version: Windows x64 6.1.7601 Service Pack 1
13:23:49.038 Number of processors: 2 586 0x200
13:23:49.038 ComputerName: 4YOU9 UserName: Angie
13:23:51.284 Initialize success
13:27:59.072 AVAST engine defs: 13040700
13:28:05.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:28:05.015 Disk 0 Vendor: TOSHIBA_MK5059GSXP GN003J Size: 476940MB BusType: 11
13:28:05.140 Disk 0 MBR read successfully
13:28:05.140 Disk 0 MBR scan
13:28:05.156 Disk 0 Windows 7 default MBR code
13:28:05.171 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
13:28:05.249 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
13:28:05.327 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 460455 MB offset 33761280
13:28:05.546 Disk 0 scanning C:\Windows\system32\drivers
13:28:30.833 Service scanning
13:29:38.116 Modules scanning
13:29:38.132 Disk 0 trace - called modules:
13:29:38.210 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:29:38.740 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005b9c060]
13:29:38.740 3 CLASSPNP.SYS[fffff88001a5843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800563e680]
13:29:41.049 AVAST engine scan C:\Windows
13:29:48.272 AVAST engine scan C:\Windows\system32
13:38:57.144 AVAST engine scan C:\Windows\system32\drivers
13:39:38.313 AVAST engine scan C:\Users\Angie
13:48:08.418 AVAST engine scan C:\ProgramData
13:54:21.274 Scan finished successfully
18:27:56.798 Disk 0 MBR has been saved successfully to "C:\Users\Angie\Desktop\MBR.dat"
18:27:56.814 The log file has been saved successfully to "C:\Users\Angie\Desktop\aswMBR.txt"

Alt 07.04.2013, 22:08   #8
t'john
/// Helfer-Team
 
pProtector for Windows & Yontoo Layers Runtime1.10.01? - Standard

pProtector for Windows & Yontoo Layers Runtime1.10.01?



Kommt der Rest noch?
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.04.2013, 21:36   #9
noireify
 
pProtector for Windows & Yontoo Layers Runtime1.10.01? - Standard

pProtector for Windows & Yontoo Layers Runtime1.10.01?



ESET Online Scanner durchgeführt:
Hat sehr lange gedauert und am Ende war kein Logfile zu finden, dabei wurde alle Schritte befolgt.

SercurityCheck ohne Probleme durchgeführt:

Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Norton Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.70.0.1100
Java 7 Update 17
Adobe Reader 10.1.6 Adobe Reader out of Date!
Google Chrome 25.0.1364.172
Google Chrome 26.0.1410.43
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Alt 10.04.2013, 01:17   #10
t'john
/// Helfer-Team
 
pProtector for Windows & Yontoo Layers Runtime1.10.01? - Standard

pProtector for Windows & Yontoo Layers Runtime1.10.01?



Schaue hier nach: C:\Programme (x86)\Eset\EsetOnlineScanner\
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.05.2013, 14:34   #11
t'john
/// Helfer-Team
 
pProtector for Windows & Yontoo Layers Runtime1.10.01? - Standard

pProtector for Windows & Yontoo Layers Runtime1.10.01?



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu pProtector for Windows & Yontoo Layers Runtime1.10.01?
.com, .dll, administrator, adware.yontoo, converter, explorer, failed, flash player, format, iexplore.exe, install.exe, launch, microsoft office starter 2010, mp3, ntdll.dll, ntopenkeyex, packard bell, photoshop, problem, problembehandlung, pup.bprotector, pup.bundleinstaller.ib, pup.installbrain, realtek, registry, rundll, security, software, updates, windows, wlansvc



Ähnliche Themen: pProtector for Windows & Yontoo Layers Runtime1.10.01?


  1. Pup.Optional.Yontoo
    Plagegeister aller Art und deren Bekämpfung - 26.10.2015 (15)
  2. Ads By Web Layers entfernen
    Anleitungen, FAQs & Links - 04.08.2015 (2)
  3. Windows 7: Yontoo 1.10.02 - Deinstallieren nicht möglich - Setup initilization error
    Log-Analyse und Auswertung - 16.05.2015 (26)
  4. Yontoo nervt
    Plagegeister aller Art und deren Bekämpfung - 04.04.2015 (16)
  5. Windows 7: BetterSurf, Yontoo und Bandoo haben sich eingenistet
    Plagegeister aller Art und deren Bekämpfung - 20.12.2013 (7)
  6. Yontoo 2.051
    Plagegeister aller Art und deren Bekämpfung - 16.11.2013 (9)
  7. Yontoo entfernen
    Anleitungen, FAQs & Links - 31.10.2013 (2)
  8. Windows 7 : Yontoo 2.052 lässt sich nicht deinstallieren
    Log-Analyse und Auswertung - 10.09.2013 (9)
  9. Windows 7: Entfernen von Spyhunter und Yontoo 2.051
    Log-Analyse und Auswertung - 12.08.2013 (9)
  10. v9.com und adware yontoo.gen
    Log-Analyse und Auswertung - 07.07.2013 (14)
  11. Wie werde ich Yontoo los?
    Log-Analyse und Auswertung - 20.05.2013 (7)
  12. Was ist Yontoo 1.10.02 für ein Programm
    Diskussionsforum - 19.05.2013 (4)
  13. Yontoo 2.051 / YontooDesktop.exe*32
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (17)
  14. Yontoo 2.04 and many more..
    Log-Analyse und Auswertung - 01.03.2013 (6)
  15. Yontoo Layers Adware/Maleware, ist mein System sauber?
    Log-Analyse und Auswertung - 25.01.2013 (1)
  16. Browser und pc sehr langsam. Yontoo Layers Runtime 1.10.01 gefunden
    Log-Analyse und Auswertung - 29.10.2012 (31)
  17. PC und alle Browser extrem langsam -> Yontoo Layers Runtime 1.10.01?
    Plagegeister aller Art und deren Bekämpfung - 18.08.2012 (2)

Zum Thema pProtector for Windows & Yontoo Layers Runtime1.10.01? - Hey, bei dem Aufräumen meines Laptops sind mir zwei komische Programme aufgefallen, nach denen ich anschließend auch gegooglet habe. Dort bin ich dann auf diese Seite hier gestoßen und wollte - pProtector for Windows & Yontoo Layers Runtime1.10.01?...
Archiv
Du betrachtest: pProtector for Windows & Yontoo Layers Runtime1.10.01? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.