Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.08.2012, 19:40   #1
bernd1970
 
Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden - Standard

Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden



Hallo Community,
ich habe mir vermutlich beim Download einer Freefont einen Trojaner eingefangen. Für Eure Unterstützung im Voraus besten Dank.
Symantec hat gemeldet, dass services.exe von einem Remote Rechner zugeriffen werden möchte.

Einen Fullscan mit dem aktualisierten Malwarebytes habe ich gerade erfolgreich abbgeschlossen:

Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.13.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
**** :: DEWAL4041163C [Administrator]

13.08.2012 18:46:48
mbam-log-2012-08-13 (18-46-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Z:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 431293
Laufzeit: 1 Stunde(n), 39 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\***.***\AppData\Local\Temp\29156555.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\00000001.@ (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.08.2012 20:43:24 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\***.***\Desktop
64bit- Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 54,34% Memory free
7,60 Gb Paging File | 6,05 Gb Available in Paging File | 79,64% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 145,05 Gb Total Space | 84,25 Gb Free Space | 58,09% Space Free | Partition Type: NTFS
Drive Z: | 4,00 Gb Total Space | 3,71 Gb Free Space | 92,86% Space Free | Partition Type: NTFS
 
Computer Name: DEWAL4041163C | User Name: ***.***| NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.13 18:45:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***.***\Desktop\OTL.exe
PRC - [2012.06.28 18:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.16 10:24:08 | 000,023,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
PRC - [2011.04.14 13:24:26 | 000,410,984 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2011.04.14 13:22:42 | 000,361,832 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011.04.14 13:22:28 | 000,263,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2011.04.14 13:22:26 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011.04.05 10:03:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011.04.05 10:03:32 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2011.04.05 10:03:26 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011.04.05 10:03:24 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2011.03.09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
PRC - [2011.03.09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2010.06.25 13:13:48 | 000,332,536 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\VPNClientx64_5.0.07.0290\cvpnd.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP_4.3.7\NMSAccessU.exe
PRC - [2009.12.18 14:21:26 | 000,038,240 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe
PRC - [2009.11.25 18:13:24 | 000,939,272 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe
PRC - [2009.09.18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe
PRC - [2009.07.14 03:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.12.18 14:20:48 | 000,150,856 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 8\zlib.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.04.05 19:51:04 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.07 11:47:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.06 11:04:45 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.28 18:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.06.05 15:59:52 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.16 10:24:08 | 000,023,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe -- (CrmSqlStartupSvc)
SRV - [2011.11.15 01:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service)
SRV - [2011.04.28 06:52:06 | 002,060,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE -- (msoidsvc)
SRV - [2011.04.14 13:22:28 | 000,263,528 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011.04.14 13:22:26 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011.04.05 10:03:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011.04.05 10:03:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011.04.05 10:03:28 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011.04.05 10:03:28 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2011.04.05 10:03:26 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.28 00:50:30 | 031,124,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.12.23 09:56:00 | 000,015,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\BearingPoint.AdminReset.ClientService.exe -- (BPAdminReset)
SRV - [2010.12.13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.08.05 17:45:38 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.06.25 13:13:48 | 000,332,536 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -- (QDLService2kLenovo)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\VPNClientx64_5.0.07.0290\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP_4.3.7\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.09.18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009.09.18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009.07.13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.26 12:19:51 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.04.05 19:51:04 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011.04.05 19:50:54 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011.04.05 19:50:48 | 000,258,560 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.05 19:50:38 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2011.04.05 19:50:00 | 000,230,784 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys -- (qcusbserlno2k)
DRV:64bit: - [2011.04.05 19:50:00 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys -- (qcfilterlno2k)
DRV:64bit: - [2011.04.05 19:49:54 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.04.05 19:49:54 | 000,151,664 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011.04.05 19:49:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2011.04.05 19:49:40 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.05 19:49:10 | 010,331,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.04.05 19:48:42 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.04.05 10:03:42 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2011.04.05 10:03:36 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2011.04.05 10:03:36 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.04.05 10:03:36 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011.04.05 10:03:30 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2011.04.05 10:01:02 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.04.05 10:01:02 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.04.05 10:01:02 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.04.05 10:01:02 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.03.01 19:10:52 | 000,295,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2011.02.07 15:29:28 | 000,131,160 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dnelwf64.sys -- (DNE)
DRV:64bit: - [2011.01.08 01:22:22 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.12.13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010.09.10 22:38:10 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2010.06.25 10:43:22 | 000,443,392 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys -- (qcusbnetlno2k)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.04.16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012.08.12 10:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.12 10:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.06.22 11:52:59 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120813.003\ex64.sys -- (NAVEX15)
DRV - [2012.06.22 11:52:58 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120813.003\eng64.sys -- (NAVENG)
DRV - [2011.04.05 10:03:36 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2011.04.05 10:03:36 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2011.04.05 10:03:36 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.09.18 04:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://together.bearingpointconsulting.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://together.bearingpointconsulting.com
IE - HKCU\..\SearchScopes,DefaultScope = {F6B6DAF7-6E88-406D-9B38-649C43DEF99B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F6B6DAF7-6E88-406D-9B38-649C43DEF99B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaRuntimeEnvironment_6.0.210\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.06 11:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.06 11:04:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.15 11:21:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***.***\AppData\Roaming\mozilla\Extensions
[2012.08.08 22:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***.***\AppData\Roaming\mozilla\Firefox\Profiles\l923zh4m.default\extensions
[2012.05.15 11:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.06 11:04:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.06 11:04:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.06 11:04:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.06 11:04:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.06 11:04:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.06 11:04:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.06 11:04:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DownloadnSave Class) - {A3A4B18D-B020-3BD6-1D62-DDAF61BCD5ED} - C:\ProgramData\DownloadnSave\bhoclass.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaRuntimeEnvironment_6.0.210\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\ReaderX_10.0.1\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 8\MMReminderService.exe (Mindjet)
O4 - HKCU..\Run: [ABBYY Screenshot Reader Bonus] "C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe" -autorun File not found
O4 - HKCU..\Run: [EPSON PX830 Series] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHOE.EXE /FU "C:\Users\THOMAS~1.BIE\AppData\Local\Temp\E_SAFA2.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Epson Stylus Photo PX830(Netzwerk)] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHOE.EXE /FU "C:\Users\THOMAS~1.BIE\AppData\Local\Temp\E_SB07D.tmp" /EF "HKCU" File not found
O4:64bit: - Startup: C:\Windows\SysNative\GroupPolicy\User\Scripts\logoff\BE_Admin_PSW.vbs ()
O4:64bit: - Startup: C:\Windows\SysNative\GroupPolicy\User\Scripts\logoff\ResetScrnSvr.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 33554432
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIE74D~1\OFFICE~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bearingpoint.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: bearingpointconsulting.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: drive1.de ([exchange] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: infonova.at ([servicedesk] * in Vertrauenswürdige Sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} hxxp://mds.management-portal.bearingpointconsulting.com/mds/plugins/gg-activex.cab (GO-Global 4)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9B57C630-AA6E-440D-8D44-D34542E5531A} https://www144.livemeeting.com/etc/static/NAPrapid2/2012-01-20-21-04-32/MailObjects.cab (SendMail Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.kpmgconsulting.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AF7E71B-3C89-4FFA-9F2A-9B46AD7770A1}: NameServer = 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A78F588F-590E-4FF1-AAC9-8FB966A82CED}: NameServer = 139.7.30.126 139.7.30.125
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\WINDOWS\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\WINDOWS\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7d03e6a7-447c-11e0-a180-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7d03e6a7-447c-11e0-a180-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SMS\bin\i386\TSMBAutorun.exe
O33 - MountPoints2\{ddff53da-1c2f-11e1-af44-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ddff53da-1c2f-11e1-af44-806e6f6e6963}\Shell\AutoRun\command - "" = D:\InstallNavi.exe
O33 - MountPoints2\{f7fa876c-4436-11e0-8d88-f0def10e7b20}\Shell - "" = AutoRun
O33 - MountPoints2\{f7fa876c-4436-11e0-8d88-f0def10e7b20}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.13 18:45:26 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***.***\Desktop\OTL.exe
[2012.08.13 18:23:06 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\FixZeroAccess.sys
[2012.08.13 16:27:35 | 000,000,000 | ---D | C] -- C:\Users\***.***\AppData\Local\fontconfig
[2012.08.13 16:27:32 | 000,000,000 | ---D | C] -- C:\Users\***.***\AppData\Local\gegl-0.2
[2012.08.13 16:27:32 | 000,000,000 | ---D | C] -- C:\Users\***.***\.gimp-2.8
[2012.08.13 16:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.08.10 16:25:53 | 000,000,000 | ---D | C] -- C:\Users\***.***\AppData\Roaming\Malwarebytes
[2012.08.10 16:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.10 16:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.10 16:25:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2012.08.10 16:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.10 12:15:58 | 000,000,000 | ---D | C] -- C:\Users\***.***\Desktop\PM TEam
[2012.08.06 10:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012.07.20 09:22:25 | 000,000,000 | ---D | C] -- C:\CVs
[2012.07.18 15:23:26 | 000,000,000 | ---D | C] -- C:\Users\***.***\Documents\Kalender-Excel-8.8.1
[2012.07.18 15:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalender-Excel-8.8.1
[2012.07.17 16:16:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ms
[2011.03.01 21:00:44 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Program Files (x86)\Common Files\sapxlhelper.dll
[2011.03.01 21:00:44 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files (x86)\Common Files\sapconsr3.dll
[2011.03.01 21:00:43 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files (x86)\Common Files\sapconsaccess.dll
[2011.03.01 21:00:43 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files (x86)\Common Files\DigitalSignature.ocx
[2010.09.07 14:45:08 | 000,242,808 | ---- | C] (UltraVnc) -- C:\Program Files (x86)\BearingPoint_SD_RemoteAssistance_v1.05.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.13 20:47:02 | 000,012,064 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.13 20:47:02 | 000,012,064 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.13 20:47:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.08.13 20:37:08 | 000,000,462 | ---- | M] () -- C:\WINDOWS\SMSCFG.INI
[2012.08.13 20:31:37 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.13 20:30:29 | 3061,149,696 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.13 18:45:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***.***\Desktop\OTL.exe
[2012.08.13 18:23:06 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\FixZeroAccess.sys
[2012.08.13 18:03:50 | 000,375,992 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2012.08.13 16:20:42 | 000,008,428 | ---- | M] () -- C:\Users\***:***\Desktop\Unbenannt.gif
[2012.08.10 16:25:21 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.10 15:08:11 | 000,024,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.08.10 09:22:21 | 000,049,728 | ---- | M] () -- C:\Users\***.***\Desktop\AC.PNG
[2012.08.06 10:58:11 | 586,807,442 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012.07.17 16:18:04 | 004,351,580 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012.07.17 16:18:04 | 000,744,376 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00C.dat
[2012.07.17 16:18:04 | 000,742,090 | ---- | M] () -- C:\WINDOWS\SysNative\perfh013.dat
[2012.07.17 16:18:04 | 000,723,444 | ---- | M] () -- C:\WINDOWS\SysNative\perfh019.dat
[2012.07.17 16:18:04 | 000,706,596 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2012.07.17 16:18:04 | 000,661,268 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2012.07.17 16:18:04 | 000,155,114 | ---- | M] () -- C:\WINDOWS\SysNative\perfc013.dat
[2012.07.17 16:18:04 | 000,152,678 | ---- | M] () -- C:\WINDOWS\SysNative\perfc019.dat
[2012.07.17 16:18:04 | 000,151,612 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2012.07.17 16:18:04 | 000,151,490 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00C.dat
[2012.07.17 16:18:04 | 000,124,392 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2012.07.17 16:18:04 | 000,004,764 | ---- | M] () -- C:\WINDOWS\SysWow64\CcmFramework.ini
[2012.07.17 16:18:04 | 000,000,621 | ---- | M] () -- C:\WINDOWS\SysWow64\CcmFramework.h
[2012.07.16 11:56:10 | 004,307,302 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2012.07.16 09:38:43 | 000,320,505 | ---- | M] () -- C:\Users\***.***\Documents\Zeugnis_MIT.pdf
[2012.07.16 09:33:51 | 000,508,779 | ---- | M] () -- C:\Users\***.***\Documents\Zeugnis_SMC.pdf
 
========== Files Created - No Company Name ==========
 
[2012.08.13 20:37:40 | 000,001,712 | ---- | C] () -- C:\WINDOWS\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\00000001.@
[2012.08.13 16:26:13 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.08.13 16:20:41 | 000,008,428 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt.gif
[2012.08.10 16:25:21 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.10 09:22:21 | 000,049,728 | ---- | C] () -- C:\Users\***\Desktop\AC.PNG
[2012.08.06 10:58:11 | 586,807,442 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2012.07.17 16:18:04 | 000,004,764 | ---- | C] () -- C:\WINDOWS\SysWow64\CcmFramework.ini
[2012.07.17 16:18:04 | 000,000,621 | ---- | C] () -- C:\WINDOWS\SysWow64\CcmFramework.h
[2012.07.16 09:38:43 | 000,320,505 | ---- | C] () -- C:\Users\***\Documents\Zeugnis_MIT.pdf
[2012.07.16 09:33:50 | 000,508,779 | ---- | C] () -- C:\Users\***\Documents\Zeugnis_SMC.pdf
[2012.03.07 19:35:01 | 000,000,178 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini
[2012.02.03 15:31:31 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2012.01.20 13:09:09 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\@
[2012.01.20 13:09:09 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{a84f0772-3012-01ea-63e2-a00bd60e039e}\@
[2012.01.12 17:33:15 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.26 14:54:27 | 000,001,040 | ---- | C] () -- C:\WINDOWS\saplogon.ini.backup2
[2011.10.26 13:01:44 | 000,004,854 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2011.10.26 13:01:08 | 000,024,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.10.26 12:26:43 | 000,015,872 | ---- | C] () -- C:\WINDOWS\SysWow64\BearingPoint.AdminReset.ClientService.exe
[2011.03.02 12:35:56 | 000,015,872 | ---- | C] () -- C:\WINDOWS\BearingPoint.AdminReset.ClientService.exe
[2011.03.01 21:00:48 | 000,001,044 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2011.03.01 21:00:43 | 000,955,904 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2011.03.01 21:00:43 | 000,949,760 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
[2011.03.01 21:00:19 | 001,064,960 | ---- | C] () -- C:\WINDOWS\SysWow64\h5krnl32.dll
[2011.03.01 21:00:19 | 000,188,928 | ---- | C] () -- C:\WINDOWS\SysWow64\h5icon32.dll
[2011.03.01 21:00:19 | 000,175,616 | ---- | C] () -- C:\WINDOWS\SysWow64\h5menu32.dll
[2011.03.01 21:00:19 | 000,095,744 | ---- | C] () -- C:\WINDOWS\SysWow64\h5rtf32.dll
[2011.03.01 21:00:19 | 000,051,200 | ---- | C] () -- C:\WINDOWS\SysWow64\h5tool32.dll
[2011.03.01 20:08:05 | 000,000,127 | ---- | C] () -- C:\WINDOWS\saproute.ini
[2011.03.01 20:08:05 | 000,000,096 | ---- | C] () -- C:\WINDOWS\SAPMSG.INI
[2011.03.01 19:30:38 | 004,351,580 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011.03.01 19:29:02 | 000,000,462 | ---- | C] () -- C:\WINDOWS\SMSCFG.INI
 
========== LOP Check ==========
 
[2012.05.15 17:17:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arkadin
[2012.04.03 16:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.02.23 14:05:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ColorCop
[2012.05.10 09:08:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas.Bieth\AppData\Roaming\Dropbox
[2012.07.13 13:28:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson
[2011.11.07 16:21:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Grig Software
[2012.03.08 16:41:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KONICA MINOLTA
[2012.01.16 09:04:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mainsoft
[2011.12.29 18:19:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RavensburgerTipToi
[2012.02.09 09:24:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sling Media
[2012.05.10 09:12:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\STRATO
[2012.07.04 12:09:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.12.08 08:48:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WndSync
[2012.07.18 11:13:09 | 000,032,616 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.08.2012 20:43:24 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\***\Desktop
64bit- Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 54,34% Memory free
7,60 Gb Paging File | 6,05 Gb Available in Paging File | 79,64% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 145,05 Gb Total Space | 84,25 Gb Free Space | 58,09% Space Free | Partition Type: NTFS
Drive Z: | 4,00 Gb Total Space | 3,71 Gb Free Space | 92,86% Space Free | Partition Type: NTFS
 
Computer Name: DEWAL4041163C | User Name: ***| NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC_1.1.4\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC_1.1.4\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC_1.1.4\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC_1.1.4\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = VPN Clientx64
"{4D019E58-46CE-4EE6-86A7-BD75651A99F9}" = BE Simple PowerPoint
"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Endpoint Protection x64
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{8ACFF907-3BBB-4808-B654-E8D1C7837233}" = DNE Update
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{90120000-002A-0419-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Russian) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-0028-0412-1000-0000000FF1CE}" = Microsoft Office IME (Korean) 2010
"{90140000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2010
"{90140000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2010
"{90140000-002A-0419-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Russian) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{BA4DF4C3-196E-4128-969A-00996B5A46F8}" = Canon MP500
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CF2EFAB4-B938-47C6-8426-0FB50D610E92}" = Microsoft Online Services Sign-in Assistant
"{F39076D7-7168-44CD-A2C6-EBC1CDA7DC1C}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Arkadin Outlook AddOn_is1" = Arkadin Outlook AddOn 3.0.3.0
"EPSON PX830 Series" = EPSON PX830 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"PDF-XChange 3_is1" = PDF-XChange 3
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0371DB3D-4C98-4C92-B15B-DEB2BA171DD2}" = CDBurnerXP
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C524D20-0409-0050-8A9E-0C4C490E4E54}" = Microsoft Dynamics CRM 2011 for Microsoft Office Outlook
"{0C524DC1-0409-0050-8121-88490F4D5549}" = Microsoft Dynamics CRM 2011 English (United States) Language Pack
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0FF88DC9-658E-466C-BEEC-5A6C7B53BDC3}" = Qualcomm Gobi 2000 Package for Lenovo
"{13BEAC7C-69C1-4A9E-89A3-D5F311DE2B69}" = Microsoft Live Meeting-Add-In für Microsoft Office Outlook
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java Runtime Environment
"{28DA3304-9EC2-4097-BC64-B59A1958841F}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38cd9ed5-113f-4564-8b0a-f3fdd53e778d}" = harmon.ie for SharePoint
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{419B5580-42FE-4A10-B34F-827D858B0EF0}" = StarMoney 8.0 
"{44228375-A198-489B-B90F-F88A1A78D5F5}" = Microsoft Lync 2010 Attendee
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{58A3F175-7146-4411-8712-17A734B922BB}" = VLC
"{60D45390-F748-4D0F-B65E-4869CC46AAF1}" = Remote Assistance Tool
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PMUI.fr-fr_{5A2F65A4-808F-4A1E-973E-92E17824982D}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PMUI.nl-nl_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PMUI.de-de_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PMUI.nl-nl_{B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}_PMUI.ru-ru_{D7CE14BC-96D9-41C5-822D-F5B1C2C35AA2}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2007
"{90120000-001F-0422-0000-0000000FF1CE}_PMUI.ru-ru_{DC154E48-5278-423A-80A1-B93247E38A1A}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJSTD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PMUI.de-de_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_PRJSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-002A-040C-1000-0000000FF1CE}_PMUI.fr-fr_{EC50B538-CBE1-42E6-B7FE-87AA540AADFB}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-002A-0413-1000-0000000FF1CE}_PMUI.nl-nl_{1120A001-69F4-43D2-83CE-716B2DC4366F}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-002A-0419-1000-0000000FF1CE}_PMUI.ru-ru_{23653CA5-BFB5-4B52-B2DA-045D7ABEB874}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-002C-0419-0000-0000000FF1CE}" = Microsoft Office Proofing (Russian) 2007
"{90120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PMUI.de-de_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PMUI.fr-fr_{EC50B538-CBE1-42E6-B7FE-87AA540AADFB}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PMUI.nl-nl_{1120A001-69F4-43D2-83CE-716B2DC4366F}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-006E-0419-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Russian) 2007
"{90120000-006E-0419-0000-0000000FF1CE}_PMUI.ru-ru_{23653CA5-BFB5-4B52-B2DA-045D7ABEB874}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PMUI.de-de_{F163ED12-46EE-41FC-8A3A-2679331C7055}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTD_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00B4-040C-0000-0000000FF1CE}" = Microsoft Office Project MUI (French) 2007
"{90120000-00B4-040C-0000-0000000FF1CE}_PMUI.fr-fr_{77A1E93A-2EE6-414B-A972-71D7C2B77E84}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B4-0413-0000-0000000FF1CE}" = Microsoft Office Project MUI (Dutch) 2007
"{90120000-00B4-0413-0000-0000000FF1CE}_PMUI.nl-nl_{74C62E21-DA95-4C54-8840-DE989162D4DF}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B4-0419-0000-0000000FF1CE}" = Microsoft Office Project MUI (Russian) 2007
"{90120000-00B4-0419-0000-0000000FF1CE}_PMUI.ru-ru_{1B98BEA8-B3A0-44EA-97AA-321437DEA394}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B5-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B5-0407-0000-0000000FF1CE}_PMUI.de-de_{F163ED12-46EE-41FC-8A3A-2679331C7055}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B5-040C-0000-0000000FF1CE}" = Microsoft Office Project MUI (French) 2007
"{90120000-00B5-040C-0000-0000000FF1CE}_PMUI.fr-fr_{77A1E93A-2EE6-414B-A972-71D7C2B77E84}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B5-0413-0000-0000000FF1CE}" = Microsoft Office Project MUI (Dutch) 2007
"{90120000-00B5-0413-0000-0000000FF1CE}_PMUI.nl-nl_{74C62E21-DA95-4C54-8840-DE989162D4DF}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00B5-0419-0000-0000000FF1CE}" = Microsoft Office Project MUI (Russian) 2007
"{90120000-00B5-0419-0000-0000000FF1CE}_PMUI.ru-ru_{1B98BEA8-B3A0-44EA-97AA-321437DEA394}" = Microsoft Office Project Language Pack 2007 Service Pack 1 (SP1)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2007
"{90120000-0101-0413-0000-0000000FF1CE}" = Microsoft Office X MUI (Dutch) 2007
"{90120000-0101-0419-0000-0000000FF1CE}" = Microsoft Office X MUI (Russian) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PRJSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{C244DF61-FDE0-4311-88C7-F73D1B3C7916}" = 
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
"{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
"{90140000-0015-0419-0000-0000000FF1CE}" = Microsoft Office Access MUI (Russian) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
"{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
"{90140000-0016-0419-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Russian) 2010
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-040C-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (French) 2010
"{90140000-0017-0413-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Dutch) 2010
"{90140000-0017-0419-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Russian) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
"{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
"{90140000-0018-0419-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Russian) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
"{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
"{90140000-0019-0419-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Russian) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
"{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
"{90140000-001A-0419-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Russian) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
"{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
"{90140000-001B-0419-0000-0000000FF1CE}" = Microsoft Office Word MUI (Russian) 2010
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0401-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0401-0000-0000000FF1CE}_Office14.PROOFKIT_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0402-0000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2010
"{90140000-001F-0402-0000-0000000FF1CE}_Office14.PROOFKIT_{0709C35F-CF3B-4B05-8A2D-6FFD8F9A5F67}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0403-0000-0000000FF1CE}_Office14.PROOFKIT_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2010
"{90140000-001F-0404-0000-0000000FF1CE}_Office14.PROOFKIT_{B87E50FB-B8F9-4B81-8D63-F5A3C5A330B3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}_Office14.PROOFKIT_{2304F942-79D2-46F7-A512-269A7F5B7EFC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2010
"{90140000-001F-0406-0000-0000000FF1CE}_Office14.PROOFKIT_{59BCA417-5095-450B-931A-AE6194728386}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.nl-nl_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROOFKIT_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2010
"{90140000-001F-0408-0000-0000000FF1CE}_Office14.PROOFKIT_{15BA4B10-347E-471D-962E-81175ACB51F8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.de-de_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.nl-nl_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROOFKIT_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2010
"{90140000-001F-040B-0000-0000000FF1CE}_Office14.PROOFKIT_{0EF937D0-95B1-42E3-9643-9D49E4323DF9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.nl-nl_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROOFKIT_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-040D-0000-0000000FF1CE}_Office14.PROOFKIT_{16C5AEEC-D632-4FAA-BFDC-BBF36F473E09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-040E-0000-0000000FF1CE}_Office14.PROOFKIT_{71431694-851E-4BC7-92A9-4BB9D196E24F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROOFKIT_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2010
"{90140000-001F-0411-0000-0000000FF1CE}_Office14.PROOFKIT_{9FB78D03-3A34-4A57-B65D-0D7F32C1B603}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2010
"{90140000-001F-0412-0000-0000000FF1CE}_Office14.PROOFKIT_{92B4E762-6E97-4B27-AD3F-DE304D57CCC1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.OMUI.nl-nl_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROOFKIT_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010
"{90140000-001F-0414-0000-0000000FF1CE}_Office14.PROOFKIT_{F3137115-1D72-46BE-9D42-B5DE61971F2A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-0000-0000000FF1CE}_Office14.PROOFKIT_{1D751709-BA6C-49E2-844B-4F4F20F410C9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROOFKIT_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0418-0000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2010
"{90140000-001F-0418-0000-0000000FF1CE}_Office14.PROOFKIT_{B44588C0-5117-481F-B0E2-DAB2D992A6C3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{DD6E7CDF-BDFF-43CF-8CCE-84FBEC5ABB77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0419-0000-0000000FF1CE}_Office14.PROOFKIT_{DD6E7CDF-BDFF-43CF-8CCE-84FBEC5ABB77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2010
"{90140000-001F-041A-0000-0000000FF1CE}_Office14.PROOFKIT_{7466AFF9-D5F9-4184-B476-97202CC48837}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041B-0000-0000000FF1CE}_Office14.PROOFKIT_{A162C5E6-7778-4D5B-9F0A-38F0122DD859}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041D-0000-0000000FF1CE}_Office14.PROOFKIT_{D00E944F-5ECB-42FF-B58E-8FDCF2219DE8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2010
"{90140000-001F-041E-0000-0000000FF1CE}_Office14.PROOFKIT_{A6E7F499-EF2F-41BE-B74D-AEE04EC065B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2010
"{90140000-001F-041F-0000-0000000FF1CE}_Office14.PROOFKIT_{BE459E59-1EAC-4655-94AE-6E0FB408F714}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0420-0000-0000000FF1CE}" = Microsoft Office Proof (Urdu) 2010
"{90140000-001F-0420-0000-0000000FF1CE}_Office14.PROOFKIT_{C6145631-4180-455C-930C-B003F513FC8D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2010
"{90140000-001F-0422-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{C8998656-7C0A-417B-A5AC-5ABF2E34DDD7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0422-0000-0000000FF1CE}_Office14.PROOFKIT_{C8998656-7C0A-417B-A5AC-5ABF2E34DDD7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0424-0000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2010
"{90140000-001F-0424-0000-0000000FF1CE}_Office14.PROOFKIT_{A1752AB9-E44A-4CA4-946E-1B583EF75B67}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0425-0000-0000000FF1CE}" = Microsoft Office Proof (Estonian) 2010
"{90140000-001F-0425-0000-0000000FF1CE}_Office14.PROOFKIT_{1305792F-3892-477F-972E-7A3DFCF0D1D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0426-0000-0000000FF1CE}" = Microsoft Office Proof (Latvian) 2010
"{90140000-001F-0426-0000-0000000FF1CE}_Office14.PROOFKIT_{4D677EF3-C0FE-4726-9C56-3A1530A23BD4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0427-0000-0000000FF1CE}" = Microsoft Office Proof (Lithuanian) 2010
"{90140000-001F-0427-0000-0000000FF1CE}_Office14.PROOFKIT_{D8147A5B-31CD-4300-8204-D93BFDB98E2C}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-042D-0000-0000000FF1CE}_Office14.PROOFKIT_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0439-0000-0000000FF1CE}" = Microsoft Office Proof (Hindi) 2010
"{90140000-001F-0439-0000-0000000FF1CE}_Office14.PROOFKIT_{83525C9D-003C-4B32-9B03-0ED4D21A3E6F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-043F-0000-0000000FF1CE}" = Microsoft Office Proof (Kazakh) 2010
"{90140000-001F-043F-0000-0000000FF1CE}_Office14.PROOFKIT_{D40D144A-EEBA-4538-92BA-4C95DAC100AD}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0446-0000-0000000FF1CE}" = Microsoft Office Proof (Punjabi) 2010
"{90140000-001F-0446-0000-0000000FF1CE}_Office14.PROOFKIT_{A3543719-9180-4465-9A46-7452A413CD6A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0447-0000-0000000FF1CE}" = Microsoft Office Proof (Gujarati) 2010
"{90140000-001F-0447-0000-0000000FF1CE}_Office14.PROOFKIT_{5E44BC48-F996-4AD3-AA33-345E2F83D753}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0449-0000-0000000FF1CE}" = Microsoft Office Proof (Tamil) 2010
"{90140000-001F-0449-0000-0000000FF1CE}_Office14.PROOFKIT_{9B0C53A1-64B2-4FEC-9043-0850F6ECDE04}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044A-0000-0000000FF1CE}" = Microsoft Office Proof (Telugu) 2010
"{90140000-001F-044A-0000-0000000FF1CE}_Office14.PROOFKIT_{98DEF7A2-EB26-4C27-B4EB-06AB4E3BF95E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044B-0000-0000000FF1CE}" = Microsoft Office Proof (Kannada) 2010
"{90140000-001F-044B-0000-0000000FF1CE}_Office14.PROOFKIT_{45B439F9-F6BD-4DE6-852A-0F5D21742B72}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044E-0000-0000000FF1CE}" = Microsoft Office Proof (Marathi) 2010
"{90140000-001F-044E-0000-0000000FF1CE}_Office14.PROOFKIT_{52C4A160-60CE-4134-89F5-A3C40AACB2AE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0456-0000-0000000FF1CE}_Office14.PROOFKIT_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2010
"{90140000-001F-0804-0000-0000000FF1CE}_Office14.PROOFKIT_{A620ACD4-585E-40D3-80B9-FD31766D1E2A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010
"{90140000-001F-0814-0000-0000000FF1CE}_Office14.PROOFKIT_{751049E8-D99F-4DE1-9FC2-71DE06655678}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2010
"{90140000-001F-0816-0000-0000000FF1CE}_Office14.PROOFKIT_{958B705D-0E1E-4E39-94C7-2F9B52DA3283}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2010
"{90140000-001F-081A-0000-0000000FF1CE}_Office14.PROOFKIT_{404CFC48-ADF5-4BD1-A88B-9FFE981DA110}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROOFKIT_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0028-0404-0000-0000000FF1CE}_Office14.PROOFKIT_{3ECE53A5-4BA5-49EA-828F-FD071F2652F0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0404-1000-0000000FF1CE}_Office14.PROOFKIT_{51739025-3F28-46D2-9BB2-4E2A130C8C4C}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-0028-0411-0000-0000000FF1CE}_Office14.PROOFKIT_{5E056779-9F4B-4593-86D3-28E5548A8B64}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0411-1000-0000000FF1CE}_Office14.PROOFKIT_{440C6702-6509-47F1-B01F-9169CEB09DFA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2010
"{90140000-0028-0412-0000-0000000FF1CE}_Office14.PROOFKIT_{856E89AF-50C7-4FD2-8300-EA2805BB24F8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0412-1000-0000000FF1CE}_Office14.PROOFKIT_{7E3F22B7-F58D-4CC1-9B49-779C88CD6A36}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-0028-0804-0000-0000000FF1CE}_Office14.PROOFKIT_{394CF546-9CD3-4C0A-B380-F4CCFD44C873}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0804-1000-0000000FF1CE}_Office14.PROOFKIT_{FC0CF8F8-B41D-40F0-8341-1E377D771CE4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
"{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
"{90140000-002C-0419-0000-0000000FF1CE}" = Microsoft Office Proofing (Russian) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010
"{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
"{90140000-0044-0419-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Russian) 2010
"{90140000-004A-0409-0000-0000000FF1CE}" = Microsoft Office ProofMUI (English) 2010
"{90140000-004A-0409-0000-0000000FF1CE}_Office14.PROOFKIT_{995800C5-D90E-4107-8BF7-7AA4DC8C383D}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
"{90140000-004B-0000-0000-0000000FF1CE}" = Microsoft Office Proofing Kit 2010
"{90140000-004B-0000-0000-0000000FF1CE}_Office14.PROOFKIT_{253A3CD5-168D-4E9B-B346-6D14220BBE7F}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
"{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
"{90140000-006E-0419-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Russian) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
"{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
"{90140000-00A1-0419-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Russian) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010
"{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
"{90140000-00BA-0419-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Russian) 2010
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-040C-0000-0000000FF1CE}" = Microsoft Office O MUI (French) 2010
"{90140000-0100-0413-0000-0000000FF1CE}" = Microsoft Office O MUI (Dutch) 2010
"{90140000-0100-0419-0000-0000000FF1CE}" = Microsoft Office O MUI (Russian) 2010
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2010
"{90140000-0101-0413-0000-0000000FF1CE}" = Microsoft Office X MUI (Dutch) 2010
"{90140000-0101-0419-0000-0000000FF1CE}" = Microsoft Office X MUI (Russian) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Reader X
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B63321BA-4512-42B2-A312-C1ED194C5761}" = SMS Client Setup Bootstrap
"{BF4DF3F7-5350-4F71-A656-F73E95D82E5F}" = Mindjet MindManager 8
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}" = WebSlingPlayer ActiveX
"{DAE1AFE2-3CEC-4AF8-B522-EEB04BE1EFE6}" = DeliveryFramework
"{DB645E92-9510-4165-82B0-8FB0033BB4B0}" = IT Use Policy & Guidelines
"{DCFC3FA2-DD80-4D1A-8B94-F124A1D78A93}" = Wallpaper
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD2C85E3-B24E-46D8-AEB8-C101FF5B410B}" = Flash Player
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Color Cop_is1" = Color Cop 5.4.3
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Kalender-Excel-8.8.1_is1" = Kalender-Excel-8.8.1
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft CRM Client" = Microsoft Dynamics CRM 2011 for Microsoft Office Outlook
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.0" = Canon MP Navigator 2.0
"Office14.OMUI.de-de" = Office Language Pack DE
"Office14.OMUI.fr-fr" = Office Language Pack FRA-W7 2010
"Office14.OMUI.nl-nl" = Office Language Pack NL-W7 2010
"Office14.OMUI.ru-ru" = Office Language Pack RU-W7 2010
"Office14.PROOFKIT" = Microsoft Office Proofing Tools Kit Compilation 2010
"Office14.PROPLUS" = Office-W7 2010
"PMUI.de-de" = Microsoft Office Project Language Pack 2007 - German/Deutsch
"PMUI.fr-fr" = Microsoft Office Project Language Pack 2007 - French/Français
"PMUI.nl-nl" = Microsoft Office Project Language Pack 2007 - Dutch/Nederlands
"PMUI.ru-ru" = Microsoft Office Project Language Pack 2007 - Russian/русский
"PRJSTD" = Microsoft Office Project Standard 2007
"SAPGUI710" = SAP GUI
"SkillSoft Course Manager" = SkillSoft Course Manager
"STRATO HiDrive" = STRATO HiDrive (remove only)
"Synchronize It!_is1" = Synchronize It!
"TeamViewer 7" = TeamViewer 7
"WinLiveSuite" = Windows Live Essentials
"XING Connector" = XING Connector 1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.08.2012 14:26:30 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Trojan.Gen.2 in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\800000cb.@
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.    
 
Error - 13.08.2012 14:34:17 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = AutoEnrollment | ID = 6
Description = 
 
Error - 13.08.2012 14:36:40 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Trojan.Zeroaccess.B in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\80000000.@
 by: Auto-Protect scan.  Action: Clean failed : Quarantine failed : Access denied.
  Action Description: The file was left unchanged.    
 
Error - 13.08.2012 14:37:03 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Trojan.Gen.2 in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\800000cb.@
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.    
 
Error - 13.08.2012 14:38:06 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Trojan.Zeroaccess.B in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\80000000.@
 by: Auto-Protect scan.  Action: Clean failed : Quarantine failed : Access denied.
  Action Description: The file was left unchanged.    
 
Error - 13.08.2012 14:38:28 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Trojan.Gen.2 in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\800000cb.@
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.    
 
Error - 13.08.2012 14:42:02 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Trojan.Zeroaccess.B in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\80000000.@
 by: Auto-Protect scan.  Action: Clean failed : Quarantine failed : Access denied.
  Action Description: The file was left unchanged.    
 
Error - 13.08.2012 14:42:26 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Trojan.Gen.2 in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\800000cb.@
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.    
 
Error - 13.08.2012 14:46:50 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Trojan.Zeroaccess.B in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\80000000.@
 by: Auto-Protect scan.  Action: Clean failed : Quarantine failed : Access denied.
  Action Description: The file was left unchanged.    
 
Error - 13.08.2012 14:47:18 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Trojan.Gen.2 in File: C:\Windows\Installer\{a84f0772-3012-01ea-63e2-a00bd60e039e}\U\800000cb.@
 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:
 The file was quarantined successfully.    
 
[ System Events ]
Error - 13.08.2012 12:33:41 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 13.08.2012 12:38:33 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = DCOM | ID = 10016
Description = 
 
Error - 13.08.2012 14:32:05 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne KCIN aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 13.08.2012 14:32:08 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 13.08.2012 14:32:16 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 13.08.2012 14:32:17 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 13.08.2012 14:32:20 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 13.08.2012 14:33:15 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 13.08.2012 14:33:34 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 13.08.2012 14:37:24 | Computer Name = DEWAL4041163C.corp.kpmgconsulting.com | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---

Geändert von bernd1970 (13.08.2012 um 20:05 Uhr)

Alt 13.08.2012, 19:59   #2
bernd1970
 
Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden - Standard

Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden



OTL.txt und Extras.txt: Anhang 40714
__________________


Geändert von bernd1970 (13.08.2012 um 20:08 Uhr)

Alt 22.08.2012, 01:04   #3
t'john
/// Helfer-Team
 
Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden - Standard

Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden





Schlechte Nachrichten!

Du hast mehr als eine schwere Infektion auf Deinem Rechner. http://www.trojaner-board.de/56634-rootkits.html
Er ist kompromittiert und ist nicht mehr vertrauenswuerdig. Du solletest von einem sauberen System aus alle deine Passwoerter aendern.
Ich empfehle dir dringendst den PC vom Netz zu trennen und neu aufzusetzen.


Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

1. Datenrettung:





2. Formatieren, Windows neu instalieren:





3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________
__________________

Antwort

Themen zu Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden
administrator, anti-malware, appdata, askbar, autostart, beste, besten, cdburnerxp, dateien, document, download, erfolgreich, explorer, gelöscht, gruppe, install.exe, installer, lenovo, malwarebytes, melde, meldet, minute, nodrives, plug-in, quarantäne, registrierung, richtlinie, services.exe, speicher, starmoney, symantec, temp, thomas, trojan.phex.thagen, trojaner, unterstützung, version, visual studio




Ähnliche Themen: Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden


  1. Avira meldet: 'TR/Crypt.Xpack.66163' [trojan] gefunden.
    Log-Analyse und Auswertung - 12.06.2014 (15)
  2. Trojan Zeroaccess b,c & Trojan Gen 2
    Plagegeister aller Art und deren Bekämpfung - 14.12.2013 (13)
  3. Habe Trojaner: Trojan.Zeroaccess.C, Trojan.Zeroaccess.B,Trojan.Gen.2
    Log-Analyse und Auswertung - 10.11.2013 (3)
  4. Win 7 /64 - mit Trojan.ZeroAccess.C. + Trojan.Gen.2
    Log-Analyse und Auswertung - 14.10.2013 (20)
  5. Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt?
    Log-Analyse und Auswertung - 26.08.2013 (19)
  6. Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (6)
  7. Trojan Zeroaccess!inf4 C:\windows\system32\services.exe + Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (2)
  8. Trojan.SpyEyes, Trojan.ZbotR.Gen, 2x Trojan.Agent gefunden
    Mülltonne - 14.09.2012 (4)
  9. Norton meldet Trojan.Zeroaccess
    Plagegeister aller Art und deren Bekämpfung - 27.08.2012 (1)
  10. Trojan.Sirefef-411 in services.exe u. Trojan.Patchload in \adsldpc.dll, \aaclient.dll, \adsmsext.dll
    Log-Analyse und Auswertung - 05.08.2012 (12)
  11. ikarus virus utilities meldet Trojan.Win64 und Trojan.Win32.Small
    Plagegeister aller Art und deren Bekämpfung - 20.06.2012 (11)
  12. Avira meldet : 'TR/Crypt.ZPACK.Gen2' (Trojan) gefunden
    Log-Analyse und Auswertung - 01.05.2012 (11)
  13. Trojan.Agent, Trojan.FakeAltert, Trojan.Hiloti.Gen gefunden und gelöscht,aber wirklich weg?
    Log-Analyse und Auswertung - 27.04.2011 (11)
  14. Trojan.BHO, Spyware.Passwords.XGen, Trojan.Dropper und Trojan.Agent mit Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (9)
  15. Malewarebytes meldet 2 verschiedene Trojaner (Trojan.Downloader und Trojan.FakeAlert)
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (0)
  16. Trojan.Dropper gefunden - angebl beseitigt GMER meldet Rootkit
    Plagegeister aller Art und deren Bekämpfung - 10.05.2010 (3)
  17. Trojan Horse im Symantec Verzeichnis
    Plagegeister aller Art und deren Bekämpfung - 17.01.2009 (1)

Zum Thema Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden - Hallo Community, ich habe mir vermutlich beim Download einer Freefont einen Trojaner eingefangen. Für Eure Unterstützung im Voraus besten Dank. Symantec hat gemeldet, dass services.exe von einem Remote Rechner zugeriffen - Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden...
Archiv
Du betrachtest: Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.