| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.08.2012, 19:40
| #1 | |
| |  Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden Hallo Community, ich habe mir vermutlich beim Download einer Freefont einen Trojaner eingefangen. Für Eure Unterstützung im Voraus besten Dank. Symantec hat gemeldet, dass services.exe von einem Remote Rechner zugeriffen werden möchte. Einen Fullscan mit dem aktualisierten Malwarebytes habe ich gerade erfolgreich abbgeschlossen: Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.08.2012 20:43:24 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\***.***\Desktop 64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 54,34% Memory free 7,60 Gb Paging File | 6,05 Gb Available in Paging File | 79,64% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 145,05 Gb Total Space | 84,25 Gb Free Space | 58,09% Space Free | Partition Type: NTFS Drive Z: | 4,00 Gb Total Space | 3,71 Gb Free Space | 92,86% Space Free | Partition Type: NTFS Computer Name: DEWAL4041163C | User Name: ***.***| NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.13 18:45:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***.***\Desktop\OTL.exe PRC - [2012.06.28 18:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.01.16 10:24:08 | 000,023,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe PRC - [2011.04.14 13:24:26 | 000,410,984 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe PRC - [2011.04.14 13:22:42 | 000,361,832 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2011.04.14 13:22:28 | 000,263,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2011.04.14 13:22:26 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2011.04.05 10:03:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2011.04.05 10:03:32 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe PRC - [2011.04.05 10:03:26 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - [2011.04.05 10:03:24 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe PRC - [2011.03.09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe PRC - [2011.03.09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe PRC - [2010.06.25 13:13:48 | 000,332,536 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\VPNClientx64_5.0.07.0290\cvpnd.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP_4.3.7\NMSAccessU.exe PRC - [2009.12.18 14:21:26 | 000,038,240 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe PRC - [2009.11.25 18:13:24 | 000,939,272 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe PRC - [2009.09.18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe PRC - [2009.07.14 03:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe ========== Modules (No Company Name) ========== MOD - [2009.12.18 14:20:48 | 000,150,856 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 8\zlib.dll MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.04.05 19:51:04 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.08.07 11:47:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.06 11:04:45 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.28 18:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate) SRV - [2012.06.05 15:59:52 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.16 10:24:08 | 000,023,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe -- (CrmSqlStartupSvc) SRV - [2011.11.15 01:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service) SRV - [2011.04.28 06:52:06 | 002,060,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE -- (msoidsvc) SRV - [2011.04.14 13:22:28 | 000,263,528 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2011.04.14 13:22:26 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2011.04.05 10:03:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2011.04.05 10:03:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2011.04.05 10:03:28 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2011.04.05 10:03:28 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC) SRV - [2011.04.05 10:03:26 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.28 00:50:30 | 031,124,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.12.23 09:56:00 | 000,015,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\BearingPoint.AdminReset.ClientService.exe -- (BPAdminReset) SRV - [2010.12.13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.08.05 17:45:38 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.06.25 13:13:48 | 000,332,536 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -- (QDLService2kLenovo) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\VPNClientx64_5.0.07.0290\cvpnd.exe -- (CVPND) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP_4.3.7\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.09.18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec) SRV - [2009.09.18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr) SRV - [2009.07.13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.26 12:19:51 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011.04.05 19:51:04 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2011.04.05 19:50:54 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2011.04.05 19:50:48 | 000,258,560 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.05 19:50:38 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2011.04.05 19:50:00 | 000,230,784 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys -- (qcusbserlno2k) DRV:64bit: - [2011.04.05 19:50:00 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys -- (qcfilterlno2k) DRV:64bit: - [2011.04.05 19:49:54 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.04.05 19:49:54 | 000,151,664 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2011.04.05 19:49:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2011.04.05 19:49:40 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.04.05 19:49:10 | 010,331,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.04.05 19:48:42 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.04.05 10:03:42 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS) DRV:64bit: - [2011.04.05 10:03:36 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL) DRV:64bit: - [2011.04.05 10:03:36 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011.04.05 10:03:36 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2011.04.05 10:03:30 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2) DRV:64bit: - [2011.04.05 10:01:02 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011.04.05 10:01:02 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011.04.05 10:01:02 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011.04.05 10:01:02 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011.03.01 19:10:52 | 000,295,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2011.02.07 15:29:28 | 000,131,160 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dnelwf64.sys -- (DNE) DRV:64bit: - [2011.01.08 01:22:22 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.12.13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2010.09.10 22:38:10 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper) DRV:64bit: - [2010.06.25 10:43:22 | 000,443,392 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys -- (qcusbnetlno2k) DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.04.16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2012.08.12 10:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.08.12 10:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.06.22 11:52:59 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120813.003\ex64.sys -- (NAVEX15) DRV - [2012.06.22 11:52:58 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120813.003\eng64.sys -- (NAVENG) DRV - [2011.04.05 10:03:36 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL) DRV - [2011.04.05 10:03:36 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP) DRV - [2011.04.05 10:03:36 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.09.18 04:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://together.bearingpointconsulting.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://together.bearingpointconsulting.com IE - HKCU\..\SearchScopes,DefaultScope = {F6B6DAF7-6E88-406D-9B38-649C43DEF99B} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{F6B6DAF7-6E88-406D-9B38-649C43DEF99B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaRuntimeEnvironment_6.0.210\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.06 11:04:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.06 11:04:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.15 11:21:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***.***\AppData\Roaming\mozilla\Extensions [2012.08.08 22:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***.***\AppData\Roaming\mozilla\Firefox\Profiles\l923zh4m.default\extensions [2012.05.15 11:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.06 11:04:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.06 11:04:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.06 11:04:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.06 11:04:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.06 11:04:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.06 11:04:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.06 11:04:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (DownloadnSave Class) - {A3A4B18D-B020-3BD6-1D62-DDAF61BCD5ED} - C:\ProgramData\DownloadnSave\bhoclass.dll File not found O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaRuntimeEnvironment_6.0.210\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\ReaderX_10.0.1\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 8\MMReminderService.exe (Mindjet) O4 - HKCU..\Run: [ABBYY Screenshot Reader Bonus] "C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe" -autorun File not found O4 - HKCU..\Run: [EPSON PX830 Series] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHOE.EXE /FU "C:\Users\THOMAS~1.BIE\AppData\Local\Temp\E_SAFA2.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Epson Stylus Photo PX830(Netzwerk)] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHOE.EXE /FU "C:\Users\THOMAS~1.BIE\AppData\Local\Temp\E_SB07D.tmp" /EF "HKCU" File not found O4:64bit: - Startup: C:\Windows\SysNative\GroupPolicy\User\Scripts\logoff\BE_Admin_PSW.vbs () O4:64bit: - Startup: C:\Windows\SysNative\GroupPolicy\User\Scripts\logoff\ResetScrnSvr.bat () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 33554432 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIE74D~1\OFFICE~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: bearingpoint.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: bearingpointconsulting.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: drive1.de ([exchange] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: infonova.at ([servicedesk] * in Vertrauenswürdige Sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} hxxp://mds.management-portal.bearingpointconsulting.com/mds/plugins/gg-activex.cab (GO-Global 4) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {9B57C630-AA6E-440D-8D44-D34542E5531A} https://www144.livemeeting.com/etc/static/NAPrapid2/2012-01-20-21-04-32/MailObjects.cab (SendMail Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.kpmgconsulting.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AF7E71B-3C89-4FFA-9F2A-9B46AD7770A1}: NameServer = 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A78F588F-590E-4FF1-AAC9-8FB966A82CED}: NameServer = 139.7.30.126 139.7.30.125 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msoidssp) - C:\WINDOWS\SysNative\msoidssp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (msoidssp) - C:\WINDOWS\SysWow64\msoidssp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7d03e6a7-447c-11e0-a180-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7d03e6a7-447c-11e0-a180-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SMS\bin\i386\TSMBAutorun.exe O33 - MountPoints2\{ddff53da-1c2f-11e1-af44-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ddff53da-1c2f-11e1-af44-806e6f6e6963}\Shell\AutoRun\command - "" = D:\InstallNavi.exe O33 - MountPoints2\{f7fa876c-4436-11e0-8d88-f0def10e7b20}\Shell - "" = AutoRun O33 - MountPoints2\{f7fa876c-4436-11e0-8d88-f0def10e7b20}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.13 18:45:26 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***.***\Desktop\OTL.exe [2012.08.13 18:23:06 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\FixZeroAccess.sys [2012.08.13 16:27:35 | 000,000,000 | ---D | C] -- C:\Users\***.***\AppData\Local\fontconfig [2012.08.13 16:27:32 | 000,000,000 | ---D | C] -- C:\Users\***.***\AppData\Local\gegl-0.2 [2012.08.13 16:27:32 | 000,000,000 | ---D | C] -- C:\Users\***.***\.gimp-2.8 [2012.08.13 16:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012.08.10 16:25:53 | 000,000,000 | ---D | C] -- C:\Users\***.***\AppData\Roaming\Malwarebytes [2012.08.10 16:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.10 16:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.10 16:25:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys [2012.08.10 16:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.10 12:15:58 | 000,000,000 | ---D | C] -- C:\Users\***.***\Desktop\PM TEam [2012.08.06 10:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2012.07.20 09:22:25 | 000,000,000 | ---D | C] -- C:\CVs [2012.07.18 15:23:26 | 000,000,000 | ---D | C] -- C:\Users\***.***\Documents\Kalender-Excel-8.8.1 [2012.07.18 15:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalender-Excel-8.8.1 [2012.07.17 16:16:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ms [2011.03.01 21:00:44 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Program Files (x86)\Common Files\sapxlhelper.dll [2011.03.01 21:00:44 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files (x86)\Common Files\sapconsr3.dll [2011.03.01 21:00:43 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files (x86)\Common Files\sapconsaccess.dll [2011.03.01 21:00:43 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files (x86)\Common Files\DigitalSignature.ocx [2010.09.07 14:45:08 | 000,242,808 | ---- | C] (UltraVnc) -- C:\Program Files (x86)\BearingPoint_SD_RemoteAssistance_v1.05.exe ========== Files - Modified Within 30 Days ========== [2012.08.13 20:47:02 | 000,012,064 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.13 20:47:02 | 000,012,064 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.13 20:47:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.13 20:37:08 | 000,000,462 | ---- | M] () -- C:\WINDOWS\SMSCFG.INI [2012.08.13 20:31:37 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.13 20:30:29 | 3061,149,696 | -HS- | M] () -- C:\hiberfil.sys [2012.08.13 18:45:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***.***\Desktop\OTL.exe [2012.08.13 18:23:06 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\FixZeroAccess.sys [2012.08.13 18:03:50 | 000,375,992 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2012.08.13 16:20:42 | 000,008,428 | ---- | M] () -- C:\Users\***:***\Desktop\Unbenannt.gif [2012.08.10 16:25:21 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.10 15:08:11 | 000,024,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.08.10 09:22:21 | 000,049,728 | ---- | M] () -- C:\Users\***.***\Desktop\AC.PNG [2012.08.06 10:58:11 | 586,807,442 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2012.07.17 16:18:04 | 004,351,580 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2012.07.17 16:18:04 | 000,744,376 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00C.dat [2012.07.17 16:18:04 | 000,742,090 | ---- | M] () -- C:\WINDOWS\SysNative\perfh013.dat [2012.07.17 16:18:04 | 000,723,444 | ---- | M] () -- C:\WINDOWS\SysNative\perfh019.dat [2012.07.17 16:18:04 | 000,706,596 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2012.07.17 16:18:04 | 000,661,268 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2012.07.17 16:18:04 | 000,155,114 | ---- | M] () -- C:\WINDOWS\SysNative\perfc013.dat [2012.07.17 16:18:04 | 000,152,678 | ---- | M] () -- C:\WINDOWS\SysNative\perfc019.dat [2012.07.17 16:18:04 | 000,151,612 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2012.07.17 16:18:04 | 000,151,490 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00C.dat [2012.07.17 16:18:04 | 000,124,392 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2012.07.17 16:18:04 | 000,004,764 | ---- | M] () -- C:\WINDOWS\SysWow64\CcmFramework.ini [2012.07.17 16:18:04 | 000,000,621 | ---- | M] () -- C:\WINDOWS\SysWow64\CcmFramework.h [2012.07.16 11:56:10 | 004,307,302 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2012.07.16 09:38:43 | 000,320,505 | ---- | M] () -- C:\Users\***.***\Documents\Zeugnis_MIT.pdf [2012.07.16 09:33:51 | 000,508,779 | ---- | M] () -- C:\Users\***.***\Documents\Zeugnis_SMC.pdf ========== Files Created - No Company Name ========== [2012.08.13 20:37:40 | 000,001,712 | ---- | C] () -- C:\WINDOWS\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\00000001.@ [2012.08.13 16:26:13 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.08.13 16:20:41 | 000,008,428 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt.gif [2012.08.10 16:25:21 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.10 09:22:21 | 000,049,728 | ---- | C] () -- C:\Users\***\Desktop\AC.PNG [2012.08.06 10:58:11 | 586,807,442 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP [2012.07.17 16:18:04 | 000,004,764 | ---- | C] () -- C:\WINDOWS\SysWow64\CcmFramework.ini [2012.07.17 16:18:04 | 000,000,621 | ---- | C] () -- C:\WINDOWS\SysWow64\CcmFramework.h [2012.07.16 09:38:43 | 000,320,505 | ---- | C] () -- C:\Users\***\Documents\Zeugnis_MIT.pdf [2012.07.16 09:33:50 | 000,508,779 | ---- | C] () -- C:\Users\***\Documents\Zeugnis_SMC.pdf [2012.03.07 19:35:01 | 000,000,178 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini [2012.02.03 15:31:31 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2012.01.20 13:09:09 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\@ [2012.01.20 13:09:09 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{a84f0772-3012-01ea-63e2-a00bd60e039e}\@ [2012.01.12 17:33:15 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.26 14:54:27 | 000,001,040 | ---- | C] () -- C:\WINDOWS\saplogon.ini.backup2 [2011.10.26 13:01:44 | 000,004,854 | RHS- | C] () -- C:\Users\***\ntuser.pol [2011.10.26 13:01:08 | 000,024,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.10.26 12:26:43 | 000,015,872 | ---- | C] () -- C:\WINDOWS\SysWow64\BearingPoint.AdminReset.ClientService.exe [2011.03.02 12:35:56 | 000,015,872 | ---- | C] () -- C:\WINDOWS\BearingPoint.AdminReset.ClientService.exe [2011.03.01 21:00:48 | 000,001,044 | ---- | C] () -- C:\WINDOWS\saplogon.ini [2011.03.01 21:00:43 | 000,955,904 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL.xlt [2011.03.01 21:00:43 | 000,949,760 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt [2011.03.01 21:00:19 | 001,064,960 | ---- | C] () -- C:\WINDOWS\SysWow64\h5krnl32.dll [2011.03.01 21:00:19 | 000,188,928 | ---- | C] () -- C:\WINDOWS\SysWow64\h5icon32.dll [2011.03.01 21:00:19 | 000,175,616 | ---- | C] () -- C:\WINDOWS\SysWow64\h5menu32.dll [2011.03.01 21:00:19 | 000,095,744 | ---- | C] () -- C:\WINDOWS\SysWow64\h5rtf32.dll [2011.03.01 21:00:19 | 000,051,200 | ---- | C] () -- C:\WINDOWS\SysWow64\h5tool32.dll [2011.03.01 20:08:05 | 000,000,127 | ---- | C] () -- C:\WINDOWS\saproute.ini [2011.03.01 20:08:05 | 000,000,096 | ---- | C] () -- C:\WINDOWS\SAPMSG.INI [2011.03.01 19:30:38 | 004,351,580 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2011.03.01 19:29:02 | 000,000,462 | ---- | C] () -- C:\WINDOWS\SMSCFG.INI ========== LOP Check ========== [2012.05.15 17:17:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arkadin [2012.04.03 16:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.02.23 14:05:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ColorCop [2012.05.10 09:08:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas.Bieth\AppData\Roaming\Dropbox [2012.07.13 13:28:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson [2011.11.07 16:21:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Grig Software [2012.03.08 16:41:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KONICA MINOLTA [2012.01.16 09:04:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mainsoft [2011.12.29 18:19:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RavensburgerTipToi [2012.02.09 09:24:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sling Media [2012.05.10 09:12:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\STRATO [2012.07.04 12:09:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011.12.08 08:48:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WndSync [2012.07.18 11:13:09 | 000,032,616 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.08.2012 20:43:24 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\***\Desktop
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 54,34% Memory free
7,60 Gb Paging File | 6,05 Gb Available in Paging File | 79,64% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 145,05 Gb Total Space | 84,25 Gb Free Space | 58,09% Space Free | Partition Type: NTFS
Drive Z: | 4,00 Gb Total Space | 3,71 Gb Free Space | 92,86% Space Free | Partition Type: NTFS
Computer Name: DEWAL4041163C | User Name: ***| NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC_1.1.4\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC_1.1.4\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC_1.1.4\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC_1.1.4\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = VPN Clientx64
"{4D019E58-46CE-4EE6-86A7-BD75651A99F9}" = BE Simple PowerPoint
"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Endpoint Protection x64
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{8ACFF907-3BBB-4808-B654-E8D1C7837233}" = DNE Update
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{90120000-002A-0419-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Russian) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-0028-0412-1000-0000000FF1CE}" = Microsoft Office IME (Korean) 2010
"{90140000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2010
"{90140000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2010
"{90140000-002A-0419-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Russian) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{BA4DF4C3-196E-4128-969A-00996B5A46F8}" = Canon MP500
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CF2EFAB4-B938-47C6-8426-0FB50D610E92}" = Microsoft Online Services Sign-in Assistant
"{F39076D7-7168-44CD-A2C6-EBC1CDA7DC1C}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Arkadin Outlook AddOn_is1" = Arkadin Outlook AddOn 3.0.3.0
"EPSON PX830 Series" = EPSON PX830 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"PDF-XChange 3_is1" = PDF-XChange 3
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0371DB3D-4C98-4C92-B15B-DEB2BA171DD2}" = CDBurnerXP
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C524D20-0409-0050-8A9E-0C4C490E4E54}" = Microsoft Dynamics CRM 2011 for Microsoft Office Outlook
"{0C524DC1-0409-0050-8121-88490F4D5549}" = Microsoft Dynamics CRM 2011 English (United States) Language Pack
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0FF88DC9-658E-466C-BEEC-5A6C7B53BDC3}" = Qualcomm Gobi 2000 Package for Lenovo
"{13BEAC7C-69C1-4A9E-89A3-D5F311DE2B69}" = Microsoft Live Meeting-Add-In für Microsoft Office Outlook
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java Runtime Environment
"{28DA3304-9EC2-4097-BC64-B59A1958841F}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38cd9ed5-113f-4564-8b0a-f3fdd53e778d}" = harmon.ie for SharePoint
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{419B5580-42FE-4A10-B34F-827D858B0EF0}" = StarMoney 8.0
"{44228375-A198-489B-B90F-F88A1A78D5F5}" = Microsoft Lync 2010 Attendee
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{58A3F175-7146-4411-8712-17A734B922BB}" = VLC
"{60D45390-F748-4D0F-B65E-4869CC46AAF1}" = Remote Assistance Tool
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PMUI.fr-fr_{5A2F65A4-808F-4A1E-973E-92E17824982D}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PMUI.nl-nl_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PMUI.de-de_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PMUI.nl-nl_{B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}_PMUI.ru-ru_{D7CE14BC-96D9-41C5-822D-F5B1C2C35AA2}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2007
"{90120000-001F-0422-0000-0000000FF1CE}_PMUI.ru-ru_{DC154E48-5278-423A-80A1-B93247E38A1A}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJSTD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PMUI.de-de_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_PRJSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-002A-040C-1000-0000000FF1CE}_PMUI.fr-fr_{EC50B538-CBE1-42E6-B7FE-87AA540AADFB}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-002A-0413-1000-0000000FF1CE}_PMUI.nl-nl_{1120A001-69F4-43D2-83CE-716B2DC4366F}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-002A-0419-1000-0000000FF1CE}_PMUI.ru-ru_{23653CA5-BFB5-4B52-B2DA-045D7ABEB874}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-002C-0419-0000-0000000FF1CE}" = Microsoft Office Proofing (Russian) 2007
"{90120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PMUI.de-de_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PMUI.fr-fr_{EC50B538-CBE1-42E6-B7FE-87AA540AADFB}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PMUI.nl-nl_{1120A001-69F4-43D2-83CE-716B2DC4366F}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-006E-0419-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Russian) 2007
"{90120000-006E-0419-0000-0000000FF1CE}_PMUI.ru-ru_{23653CA5-BFB5-4B52-B2DA-045D7ABEB874}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PMUI.de-de_{F163ED12-46EE-41FC-8A3A-2679331C7055}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTD_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00B4-040C-0000-0000000FF1CE}" = Microsoft Office Project MUI (French) 2007
"{90120000-00B4-040C-0000-0000000FF1CE}_PMUI.fr-fr_{77A1E93A-2EE6-414B-A972-71D7C2B77E84}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B4-0413-0000-0000000FF1CE}" = Microsoft Office Project MUI (Dutch) 2007
"{90120000-00B4-0413-0000-0000000FF1CE}_PMUI.nl-nl_{74C62E21-DA95-4C54-8840-DE989162D4DF}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B4-0419-0000-0000000FF1CE}" = Microsoft Office Project MUI (Russian) 2007
"{90120000-00B4-0419-0000-0000000FF1CE}_PMUI.ru-ru_{1B98BEA8-B3A0-44EA-97AA-321437DEA394}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B5-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B5-0407-0000-0000000FF1CE}_PMUI.de-de_{F163ED12-46EE-41FC-8A3A-2679331C7055}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B5-040C-0000-0000000FF1CE}" = Microsoft Office Project MUI (French) 2007
"{90120000-00B5-040C-0000-0000000FF1CE}_PMUI.fr-fr_{77A1E93A-2EE6-414B-A972-71D7C2B77E84}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B5-0413-0000-0000000FF1CE}" = Microsoft Office Project MUI (Dutch) 2007
"{90120000-00B5-0413-0000-0000000FF1CE}_PMUI.nl-nl_{74C62E21-DA95-4C54-8840-DE989162D4DF}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B5-0419-0000-0000000FF1CE}" = Microsoft Office Project MUI (Russian) 2007
"{90120000-00B5-0419-0000-0000000FF1CE}_PMUI.ru-ru_{1B98BEA8-B3A0-44EA-97AA-321437DEA394}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2007
"{90120000-0101-0413-0000-0000000FF1CE}" = Microsoft Office X MUI (Dutch) 2007
"{90120000-0101-0419-0000-0000000FF1CE}" = Microsoft Office X MUI (Russian) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PRJSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{C244DF61-FDE0-4311-88C7-F73D1B3C7916}" =
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
"{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
"{90140000-0015-0419-0000-0000000FF1CE}" = Microsoft Office Access MUI (Russian) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
"{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
"{90140000-0016-0419-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Russian) 2010
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-040C-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (French) 2010
"{90140000-0017-0413-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Dutch) 2010
"{90140000-0017-0419-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Russian) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
"{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
"{90140000-0018-0419-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Russian) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
"{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
"{90140000-0019-0419-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Russian) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
"{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
"{90140000-001A-0419-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Russian) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
"{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
"{90140000-001B-0419-0000-0000000FF1CE}" = Microsoft Office Word MUI (Russian) 2010
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0401-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0401-0000-0000000FF1CE}_Office14.PROOFKIT_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0402-0000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2010
"{90140000-001F-0402-0000-0000000FF1CE}_Office14.PROOFKIT_{0709C35F-CF3B-4B05-8A2D-6FFD8F9A5F67}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0403-0000-0000000FF1CE}_Office14.PROOFKIT_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2010
"{90140000-001F-0404-0000-0000000FF1CE}_Office14.PROOFKIT_{B87E50FB-B8F9-4B81-8D63-F5A3C5A330B3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}_Office14.PROOFKIT_{2304F942-79D2-46F7-A512-269A7F5B7EFC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2010
"{90140000-001F-0406-0000-0000000FF1CE}_Office14.PROOFKIT_{59BCA417-5095-450B-931A-AE6194728386}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.nl-nl_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROOFKIT_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2010
"{90140000-001F-0408-0000-0000000FF1CE}_Office14.PROOFKIT_{15BA4B10-347E-471D-962E-81175ACB51F8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.de-de_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.nl-nl_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROOFKIT_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2010
"{90140000-001F-040B-0000-0000000FF1CE}_Office14.PROOFKIT_{0EF937D0-95B1-42E3-9643-9D49E4323DF9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.nl-nl_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROOFKIT_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-040D-0000-0000000FF1CE}_Office14.PROOFKIT_{16C5AEEC-D632-4FAA-BFDC-BBF36F473E09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-040E-0000-0000000FF1CE}_Office14.PROOFKIT_{71431694-851E-4BC7-92A9-4BB9D196E24F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROOFKIT_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2010
"{90140000-001F-0411-0000-0000000FF1CE}_Office14.PROOFKIT_{9FB78D03-3A34-4A57-B65D-0D7F32C1B603}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2010
"{90140000-001F-0412-0000-0000000FF1CE}_Office14.PROOFKIT_{92B4E762-6E97-4B27-AD3F-DE304D57CCC1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.OMUI.nl-nl_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROOFKIT_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010
"{90140000-001F-0414-0000-0000000FF1CE}_Office14.PROOFKIT_{F3137115-1D72-46BE-9D42-B5DE61971F2A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-0000-0000000FF1CE}_Office14.PROOFKIT_{1D751709-BA6C-49E2-844B-4F4F20F410C9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROOFKIT_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0418-0000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2010
"{90140000-001F-0418-0000-0000000FF1CE}_Office14.PROOFKIT_{B44588C0-5117-481F-B0E2-DAB2D992A6C3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{DD6E7CDF-BDFF-43CF-8CCE-84FBEC5ABB77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0419-0000-0000000FF1CE}_Office14.PROOFKIT_{DD6E7CDF-BDFF-43CF-8CCE-84FBEC5ABB77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2010
"{90140000-001F-041A-0000-0000000FF1CE}_Office14.PROOFKIT_{7466AFF9-D5F9-4184-B476-97202CC48837}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041B-0000-0000000FF1CE}_Office14.PROOFKIT_{A162C5E6-7778-4D5B-9F0A-38F0122DD859}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041D-0000-0000000FF1CE}_Office14.PROOFKIT_{D00E944F-5ECB-42FF-B58E-8FDCF2219DE8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2010
"{90140000-001F-041E-0000-0000000FF1CE}_Office14.PROOFKIT_{A6E7F499-EF2F-41BE-B74D-AEE04EC065B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2010
"{90140000-001F-041F-0000-0000000FF1CE}_Office14.PROOFKIT_{BE459E59-1EAC-4655-94AE-6E0FB408F714}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0420-0000-0000000FF1CE}" = Microsoft Office Proof (Urdu) 2010
"{90140000-001F-0420-0000-0000000FF1CE}_Office14.PROOFKIT_{C6145631-4180-455C-930C-B003F513FC8D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2010
"{90140000-001F-0422-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{C8998656-7C0A-417B-A5AC-5ABF2E34DDD7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0422-0000-0000000FF1CE}_Office14.PROOFKIT_{C8998656-7C0A-417B-A5AC-5ABF2E34DDD7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0424-0000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2010
"{90140000-001F-0424-0000-0000000FF1CE}_Office14.PROOFKIT_{A1752AB9-E44A-4CA4-946E-1B583EF75B67}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0425-0000-0000000FF1CE}" = Microsoft Office Proof (Estonian) 2010
"{90140000-001F-0425-0000-0000000FF1CE}_Office14.PROOFKIT_{1305792F-3892-477F-972E-7A3DFCF0D1D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0426-0000-0000000FF1CE}" = Microsoft Office Proof (Latvian) 2010
"{90140000-001F-0426-0000-0000000FF1CE}_Office14.PROOFKIT_{4D677EF3-C0FE-4726-9C56-3A1530A23BD4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0427-0000-0000000FF1CE}" = Microsoft Office Proof (Lithuanian) 2010
"{90140000-001F-0427-0000-0000000FF1CE}_Office14.PROOFKIT_{D8147A5B-31CD-4300-8204-D93BFDB98E2C}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-042D-0000-0000000FF1CE}_Office14.PROOFKIT_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0439-0000-0000000FF1CE}" = Microsoft Office Proof (Hindi) 2010
"{90140000-001F-0439-0000-0000000FF1CE}_Office14.PROOFKIT_{83525C9D-003C-4B32-9B03-0ED4D21A3E6F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-043F-0000-0000000FF1CE}" = Microsoft Office Proof (Kazakh) 2010
"{90140000-001F-043F-0000-0000000FF1CE}_Office14.PROOFKIT_{D40D144A-EEBA-4538-92BA-4C95DAC100AD}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0446-0000-0000000FF1CE}" = Microsoft Office Proof (Punjabi) 2010
"{90140000-001F-0446-0000-0000000FF1CE}_Office14.PROOFKIT_{A3543719-9180-4465-9A46-7452A413CD6A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0447-0000-0000000FF1CE}" = Microsoft Office Proof (Gujarati) 2010
"{90140000-001F-0447-0000-0000000FF1CE}_Office14.PROOFKIT_{5E44BC48-F996-4AD3-AA33-345E2F83D753}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0449-0000-0000000FF1CE}" = Microsoft Office Proof (Tamil) 2010
"{90140000-001F-0449-0000-0000000FF1CE}_Office14.PROOFKIT_{9B0C53A1-64B2-4FEC-9043-0850F6ECDE04}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044A-0000-0000000FF1CE}" = Microsoft Office Proof (Telugu) 2010
"{90140000-001F-044A-0000-0000000FF1CE}_Office14.PROOFKIT_{98DEF7A2-EB26-4C27-B4EB-06AB4E3BF95E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044B-0000-0000000FF1CE}" = Microsoft Office Proof (Kannada) 2010
"{90140000-001F-044B-0000-0000000FF1CE}_Office14.PROOFKIT_{45B439F9-F6BD-4DE6-852A-0F5D21742B72}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044E-0000-0000000FF1CE}" = Microsoft Office Proof (Marathi) 2010
"{90140000-001F-044E-0000-0000000FF1CE}_Office14.PROOFKIT_{52C4A160-60CE-4134-89F5-A3C40AACB2AE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0456-0000-0000000FF1CE}_Office14.PROOFKIT_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2010
"{90140000-001F-0804-0000-0000000FF1CE}_Office14.PROOFKIT_{A620ACD4-585E-40D3-80B9-FD31766D1E2A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010
"{90140000-001F-0814-0000-0000000FF1CE}_Office14.PROOFKIT_{751049E8-D99F-4DE1-9FC2-71DE06655678}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2010
"{90140000-001F-0816-0000-0000000FF1CE}_Office14.PROOFKIT_{958B705D-0E1E-4E39-94C7-2F9B52DA3283}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2010
"{90140000-001F-081A-0000-0000000FF1CE}_Office14.PROOFKIT_{404CFC48-ADF5-4BD1-A88B-9FFE981DA110}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROOFKIT_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0028-0404-0000-0000000FF1CE}_Office14.PROOFKIT_{3ECE53A5-4BA5-49EA-828F-FD071F2652F0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0404-1000-0000000FF1CE}_Office14.PROOFKIT_{51739025-3F28-46D2-9BB2-4E2A130C8C4C}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-0028-0411-0000-0000000FF1CE}_Office14.PROOFKIT_{5E056779-9F4B-4593-86D3-28E5548A8B64}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0411-1000-0000000FF1CE}_Office14.PROOFKIT_{440C6702-6509-47F1-B01F-9169CEB09DFA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2010
"{90140000-0028-0412-0000-0000000FF1CE}_Office14.PROOFKIT_{856E89AF-50C7-4FD2-8300-EA2805BB24F8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0412-1000-0000000FF1CE}_Office14.PROOFKIT_{7E3F22B7-F58D-4CC1-9B49-779C88CD6A36}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-0028-0804-0000-0000000FF1CE}_Office14.PROOFKIT_{394CF546-9CD3-4C0A-B380-F4CCFD44C873}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0804-1000-0000000FF1CE}_Office14.PROOFKIT_{FC0CF8F8-B41D-40F0-8341-1E377D771CE4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
"{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
"{90140000-002C-0419-0000-0000000FF1CE}" = Microsoft Office Proofing (Russian) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010
"{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
"{90140000-0044-0419-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Russian) 2010
"{90140000-004A-0409-0000-0000000FF1CE}" = Microsoft Office ProofMUI (English) 2010
"{90140000-004A-0409-0000-0000000FF1CE}_Office14.PROOFKIT_{995800C5-D90E-4107-8BF7-7AA4DC8C383D}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
"{90140000-004B-0000-0000-0000000FF1CE}" = Microsoft Office Proofing Kit 2010
"{90140000-004B-0000-0000-0000000FF1CE}_Office14.PROOFKIT_{253A3CD5-168D-4E9B-B346-6D14220BBE7F}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
"{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
"{90140000-006E-0419-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Russian) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
"{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
"{90140000-00A1-0419-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Russian) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010
"{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
"{90140000-00BA-0419-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Russian) 2010
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-040C-0000-0000000FF1CE}" = Microsoft Office O MUI (French) 2010
"{90140000-0100-0413-0000-0000000FF1CE}" = Microsoft Office O MUI (Dutch) 2010
"{90140000-0100-0419-0000-0000000FF1CE}" = Microsoft Office O MUI (Russian) 2010
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2010
"{90140000-0101-0413-0000-0000000FF1CE}" = Microsoft Office X MUI (Dutch) 2010
"{90140000-0101-0419-0000-0000000FF1CE}" = Microsoft Office X MUI (Russian) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Reader X
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B63321BA-4512-42B2-A312-C1ED194C5761}" = SMS Client Setup Bootstrap
"{BF4DF3F7-5350-4F71-A656-F73E95D82E5F}" = Mindjet MindManager 8
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}" = WebSlingPlayer ActiveX
"{DAE1AFE2-3CEC-4AF8-B522-EEB04BE1EFE6}" = DeliveryFramework
"{DB645E92-9510-4165-82B0-8FB0033BB4B0}" = IT Use Policy & Guidelines
"{DCFC3FA2-DD80-4D1A-8B94-F124A1D78A93}" = Wallpaper
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD2C85E3-B24E-46D8-AEB8-C101FF5B410B}" = Flash Player
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Color Cop_is1" = Color Cop 5.4.3
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Kalender-Excel-8.8.1_is1" = Kalender-Excel-8.8.1
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft CRM Client" = Microsoft Dynamics CRM 2011 for Microsoft Office Outlook
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.0" = Canon MP Navigator 2.0
"Office14.OMUI.de-de" = Office Language Pack DE
"Office14.OMUI.fr-fr" = Office Language Pack FRA-W7 2010
"Office14.OMUI.nl-nl" = Office Language Pack NL-W7 2010
"Office14.OMUI.ru-ru" = Office Language Pack RU-W7 2010
"Office14.PROOFKIT" = Microsoft Office Proofing Tools Kit Compilation 2010
"Office14.PROPLUS" = Office-W7 2010
"PMUI.de-de" = Microsoft Office Project Language Pack 2007 - German/Deutsch
"PMUI.fr-fr" = Microsoft Office Project Language Pack 2007 - French/Français
"PMUI.nl-nl" = Microsoft Office Project Language Pack 2007 - Dutch/Nederlands
"PMUI.ru-ru" = Microsoft Office Project Language Pack 2007 - Russian/русский
"PRJSTD" = Microsoft Office Project Standard 2007
"SAPGUI710" = SAP GUI
"SkillSoft Course Manager" = SkillSoft Course Manager
"STRATO HiDrive" = STRATO HiDrive (remove only)
"Synchronize It!_is1" = Synchronize It!
"TeamViewer 7" = TeamViewer 7
"WinLiveSuite" = Windows Live Essentials
"XING Connector" = XING Connector 1.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2012 14:26:30 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\800000cb.@
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 13.08.2012 14:34:17 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = AutoEnrollment | ID = 6
Description =
Error - 13.08.2012 14:36:40 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess.B in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\80000000.@
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.
Error - 13.08.2012 14:37:03 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\800000cb.@
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 13.08.2012 14:38:06 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess.B in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\80000000.@
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.
Error - 13.08.2012 14:38:28 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\800000cb.@
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 13.08.2012 14:42:02 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess.B in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\80000000.@
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.
Error - 13.08.2012 14:42:26 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\800000cb.@
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 13.08.2012 14:46:50 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess.B in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\80000000.@
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.
Error - 13.08.2012 14:47:18 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\800000cb.@
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
[ System Events ]
Error - 13.08.2012 12:33:41 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 13.08.2012 12:38:33 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = DCOM | ID = 10016
Description =
Error - 13.08.2012 14:32:05 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne KCIN aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann
zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit
dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das
Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller
der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 13.08.2012 14:32:08 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 13.08.2012 14:32:16 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 13.08.2012 14:32:17 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 13.08.2012 14:32:20 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 13.08.2012 14:33:15 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 13.08.2012 14:33:34 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 13.08.2012 14:37:24 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = DCOM | ID = 10016
Description =
< End of report >
Geändert von bernd1970 (13.08.2012 um 20:05 Uhr) |
|
13.08.2012, 19:59
| #2 |
| | Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden OTL.txt und Extras.txt: Anhang 40714
__________________Geändert von bernd1970 (13.08.2012 um 20:08 Uhr) |
|
22.08.2012, 01:04
| #3 |
| /// Helfer-Team  | Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden Schlechte Nachrichten! Du hast mehr als eine schwere Infektion auf Deinem Rechner. http://www.trojaner-board.de/56634-rootkits.html Er ist kompromittiert und ist nicht mehr vertrauenswuerdig. Du solletest von einem sauberen System aus alle deine Passwoerter aendern. Ich empfehle dir dringendst den PC vom Netz zu trennen und neu aufzusetzen. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________ |
|
| Themen zu Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden |
| administrator, anti-malware, appdata, askbar, autostart, beste, besten, cdburnerxp, dateien, document, download, erfolgreich, explorer, gelöscht, gruppe, install.exe, installer, lenovo, malwarebytes, melde, meldet, minute, nodrives, plug-in, quarantäne, registrierung, richtlinie, services.exe, speicher, starmoney, symantec, temp, thomas, trojan.phex.thagen, trojaner, unterstützung, version, visual studio |
Linear-Darstellung
