Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
nach Trcrypt-xpack-gen8-Entfernen immer noch Probleme

nach Trcrypt-xpack-gen8-Entfernen immer noch Probleme


Log-Analyse und Auswertung: nach Trcrypt-xpack-gen8-Entfernen immer noch Probleme

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.05.2013, 17:36   #1
Artep
 
nach Trcrypt-xpack-gen8-Entfernen immer noch Probleme - Standard

nach Trcrypt-xpack-gen8-Entfernen immer noch Probleme


Hallo,

nachdem Avira Trcrypt-xpack-gen8 entdeckte (und abstüzte)...

Virus or unwanted program 'TR/Crypt.ZPACK.Gen8 [trojan]'
detected in file 'C:\WINDOWS\system32\trkwks6.dll.
Action performed: Deny access

... habe ich die Anweisungen von hxxp://malwaretips.com/blogs/remove-trcrypt-xpack-gen befolgt. Da danach mein Laptop immer noch extrem langsam war/ist, habe ich weiter gesucht und bin auf Eure Seite gestossen.

Hier sind die OTL und gmer-Dateien.

OTL.txt
Code:
ATTFilter
OTL logfile created on: 20.05.2013 13:50:15 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,73% Memory free
3,84 Gb Paging File | 3,38 Gb Available in Paging File | 88,14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,04 Gb Total Space | 13,11 Gb Free Space | 16,80% Space Free | Partition Type: NTFS
Drive E: | 32,35 Gb Total Space | 9,84 Gb Free Space | 30,40% Space Free | Partition Type: NTFS
 
Computer Name: WESTER-1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.20 10:35:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe
PRC - [2013.05.17 11:53:20 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.05.17 11:52:59 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.05.17 11:52:55 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.17 11:52:54 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008.05.20 05:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.09 12:20:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2007.05.10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2005.08.11 16:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
PRC - [2005.07.21 12:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
PRC - [2004.03.05 01:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) -- C:\Programme\UPHClean\uphclean.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.02.21 23:38:12 | 000,094,720 | ---- | M] () -- C:\Programme\FileZillaFTPClient\fzshellext.dll
MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.03.09 12:20:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.17 11:53:20 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.05.17 11:52:55 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.01.16 15:50:39 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.05.20 05:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2008.05.20 05:00:00 | 000,249,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2008.03.09 12:20:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2005.07.21 12:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe -- (MOM)
SRV - [2004.03.05 01:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\UPHClean\uphclean.exe -- (UPHClean)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013.05.17 11:53:21 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.05.17 11:53:21 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.05.17 11:53:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.09.25 07:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008.05.20 05:00:00 | 000,023,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2008.04.08 18:27:04 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2007.06.01 14:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007.05.24 17:56:00 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007.05.23 12:24:30 | 000,056,832 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.05.10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007.03.21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.19 18:41:14 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007.02.19 18:40:36 | 000,209,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.02.19 18:40:32 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007.01.30 13:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007.01.25 17:41:30 | 000,014,416 | ---- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pdihwctl.sys -- (PDIHWCTL)
DRV - [2003.11.27 08:49:46 | 000,026,045 | ---- | M] (GretagMacbeth) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i1.sys -- (i1)
DRV - [1998.01.26 16:48:32 | 000,005,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WSSTARIO.SYS -- (WSStario)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 9D 61 97 95 53 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ukzn.ac.za:8080
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.02 18:34:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.02 18:34:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: c:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2012.07.15 11:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.08.02 18:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.02 18:34:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.02 18:34:00 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.02 18:34:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.02 18:34:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.02 18:34:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (PDFXChange 4.0 IE Plugin) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Programme\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PDFXChange 4.0 IE Plugin) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Programme\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [PMX Daemon] ICO.EXE File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logo Calibration Loader.lnk = C:\Programme\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ProfileReminder.lnk = C:\Programme\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Uni-Mainz.DE
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B888656-E4D8-429B-8831-D1B712C61A9D}: NameServer = 134.99.128.2,134.99.128.5
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.08 14:29:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.07.02 12:00:24 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.10.22 14:48:03 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b99955b8-34ec-11e0-be8a-0015c56f668b}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{b99955b8-34ec-11e0-be8a-0015c56f668b}\Shell\Install\command - "" = F:\Setup.exe
O33 - MountPoints2\{c166ff8b-9a04-11e1-80ac-0015c56f668b}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.20 10:09:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Local Settings
[2013.05.20 10:09:44 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker
[2013.05.20 10:09:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\FilesFrog Update Checker
[2013.05.18 13:43:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2013.05.18 09:47:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2013.05.18 09:44:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2013.05.18 09:44:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.05.17 12:02:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2013.05.17 12:02:54 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2013.05.17 12:02:54 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2013.05.11 09:37:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\für Homepage
[2013.05.10 14:42:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Test VIDEO
[2013.05.06 18:22:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Final report - UKZN
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.20 12:57:00 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.20 10:28:26 | 000,000,462 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2013.05.20 10:18:18 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.20 10:18:12 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\hyawyj.job
[2013.05.20 10:18:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.20 10:17:58 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.20 10:09:45 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Check for Updates.lnk
[2013.05.20 10:04:21 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2013.05.20 09:58:56 | 000,517,610 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.20 09:58:55 | 000,546,072 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.20 09:58:55 | 000,109,312 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.20 09:58:55 | 000,090,550 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.19 10:03:50 | 000,413,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.17 22:14:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.05.17 12:02:56 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2013.05.17 11:59:13 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Google Chrome.lnk
[2013.05.17 11:53:21 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.05.17 11:53:21 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.05.17 11:53:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.05.17 11:15:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.06 18:47:49 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.20 10:09:45 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Check for Updates.lnk
[2013.05.20 10:04:21 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2013.05.17 12:02:56 | 000,001,872 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2013.05.06 18:47:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2013.03.19 23:46:01 | 000,000,498 | ---- | C] () -- C:\WINDOWS\70.INI
[2012.07.15 21:46:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.03.06 14:37:33 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2012.03.06 14:37:33 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011.06.10 23:30:56 | 000,002,260 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\.recently-used.xbel
[2011.03.12 20:19:21 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.03.11 15:12:08 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WWB7_32.DAT
[2010.03.17 14:38:58 | 000,088,576 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.08 14:33:33 | 000,092,653 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2010.01.11 08:49:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.05.11 22:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CDBurnerXP_Soft
[2012.02.08 21:38:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EndNote
[2011.03.13 08:45:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ESRI
[2012.08.02 18:49:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FileZilla
[2010.01.11 16:09:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GretagMacbeth
[2011.06.10 23:30:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0
[2011.04.11 10:18:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2011.04.10 14:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera
[2012.05.29 21:06:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Pixmantec
[2011.05.31 15:12:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Tracker Software
[2012.03.06 15:08:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET
[2013.05.18 13:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2010.03.17 14:34:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic
[2012.03.06 14:40:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2011.03.11 15:12:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StatSoft
 
========== Purity Check ==========
 
 

< End of report >
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 20.05.2013 11:28:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,33% Memory free
3,84 Gb Paging File | 3,21 Gb Available in Paging File | 83,58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,04 Gb Total Space | 13,11 Gb Free Space | 16,80% Space Free | Partition Type: NTFS
Drive E: | 32,35 Gb Total Space | 9,84 Gb Free Space | 30,40% Space Free | Partition Type: NTFS
 
Computer Name: WESTER-1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 513
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%Program Files%\Microsoft Office\Office11\Outlook.exe:134.93.177.2,10.94.6.0/24,10.94.20.0/24:Enabled:Outlook11" = %Program Files%\Microsoft Office\Office11\Outlook.exe:134.93.177.2,10.94.6.0/24,10.94.20.0/24:Enabled:Outlook11
"%Program Files%\Microsoft Office\Office12\Outlook.exe:134.93.177.2,10.94.6.0/24,10.94.20.0/24:Enabled:Outlook12 " = %Program Files%\Microsoft Office\Office12\Outlook.exe:134.93.177.2,10.94.6.0/24,10.94.20.0/24:Enabled:Outlook12 
"%ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Microsoft Messenger" = %ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Microsoft Messenger -- (Microsoft Corporation)
"%ProgramFiles%\Microsoft ActiveSync\Wcescomm.exe:134.93.0.0/16:Enabled:ActiveSync" = %ProgramFiles%\Microsoft ActiveSync\Wcescomm.exe:134.93.0.0/16:Enabled:ActiveSync
"%ProgramFiles%\Microsoft ActiveSync\WCESMGR.EXE:134.93.0.0/16:Enabled:ActiveSync" = %ProgramFiles%\Microsoft ActiveSync\WCESMGR.EXE:134.93.0.0/16:Enabled:ActiveSync
"%ProgramFiles%\Microsoft Virtual PC\Virtual PC.exe:*:Enabled:Virtual PC 2007" = %ProgramFiles%\Microsoft Virtual PC\Virtual PC.exe:*:Enabled:Virtual PC 2007
"%ProgramFiles%\NetMeeting\conf.exe:*:Enabled:Netmeeting" = %ProgramFiles%\NetMeeting\conf.exe:*:Enabled:Netmeeting -- (Microsoft Corporation)
"%ProgramFiles%\Quark\QuarkXPress Passport\QuarkXPress Passport.exe:134.93.0.0/16:Enabled:Quark Express" = %ProgramFiles%\Quark\QuarkXPress Passport\QuarkXPress Passport.exe:134.93.0.0/16:Enabled:Quark Express
"%ProgramFiles%\QuickTime\QuickTimePlayer.exe:*:Enabled:Quicktime Player" = %ProgramFiles%\QuickTime\QuickTimePlayer.exe:*:Enabled:Quicktime Player
"%ProgramFiles%\SharpReader\SharpReader.exe:*:Enabled:Sharpreader" = %ProgramFiles%\SharpReader\SharpReader.exe:*:Enabled:Sharpreader
"%ProgramFiles%\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player" = %ProgramFiles%\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"%ProgramFiles%\X-Win32 5.1\xwin32.exe:134.93.0.0/16:Enabled:X-Win32" = %ProgramFiles%\X-Win32 5.1\xwin32.exe:134.93.0.0/16:Enabled:X-Win32
"%windir%\PCHEALTH\HELPCTR\Binaries\helpsvc.exe:10.94.10.0/24,10.94.28.13,10.94.28.18,10.94.28.17:Enabled:Offer Remote Assistance (helpsvc.exe)" = %windir%\PCHEALTH\HELPCTR\Binaries\helpsvc.exe:10.94.10.0/24,10.94.28.13,10.94.28.18,10.94.28.17:Enabled:Offer Remote Assistance (helpsvc.exe) -- (Microsoft Corporation)
"%windir%\system32\dmadmin.exe:10.94.10.0/24,10.94.28.13,10.94.28.18,10.94.28.17:Enabled:Diskmanagement" = %windir%\system32\dmadmin.exe:10.94.10.0/24,10.94.28.13,10.94.28.18,10.94.28.17:Enabled:Diskmanagement -- (Microsoft Corp., Veritas Software)
"%windir%\system32\ftp.exe:*:enabled:Microsoft FTP Client" = %windir%\system32\ftp.exe:*:enabled:Microsoft FTP Client -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe:*:Enabled:Remote Assistance" = %windir%\system32\sessmgr.exe:*:Enabled:Remote Assistance -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"10000:TCP:*:enabled:CiscoVPNClient" = 10000:TCP:*:enabled:CiscoVPNClient
"135:TCP:10.94.10.0/24,10.94.28.13,10.94.28.18,10.94.28.17:Enabled:Offer Remote Assistance (Port 135)" = 135:TCP:10.94.10.0/24,10.94.28.13,10.94.28.18,10.94.28.17:Enabled:Offer Remote Assistance (Port 135)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogFileSize" = 20480
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 10.94.10.0/24,10.94.28.13,10.94.28.18,10.94.28.17
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
"Enabled" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"878307c0-ed6e-4f7c-89b5-d6c040e51d5f" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=8:*|Name=ICMPv4 Echo Request|Edge=FALSE|
"81289f72-177f-4821-b681-a6b6611555c2" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=128:*|Name=ICMPv6 Echo Request|Edge=FALSE|
"WINRM-HTTP-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=80|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=System|Name=@FirewallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30252|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"RemoteFwAdmin-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|
"RemoteFwAdmin-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|Name=@FirewallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|
"RVM-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|
"RVM-VDSLDR-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\vdsldr.exe|Name=@FirewallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|
"RVM-VDS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\vds.exe|Svc=vds|Name=@FirewallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|
"RemoteSvcAdmin-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|
"RemoteSvcAdmin-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|
"RemoteSvcAdmin-NP-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=System|Name=@FirewallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|
"RemoteTask-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|Edge=FALSE|
"RemoteTask-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|Name=@FirewallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|Edge=FALSE|
"RemoteEventLogSvc-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|
"RemoteEventLogSvc-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|Name=@FirewallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|
"RemoteEventLogSvc-NP-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=System|Name=@FirewallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAdmin-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|
"RemoteAdmin-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=*|Name=@FirewallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|
"RemoteAdmin-NP-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=System|Name=@FirewallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|
"PerfLogsAlerts-PLASrv-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%systemroot%\system32\plasrv.exe|Name=@PlaSrv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|
"PerfLogsAlerts-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@PlaSrv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
"LogFileSize" = 20096
"LogDroppedPackets" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
"LogFileSize" = 20096
"LogDroppedPackets" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend) 
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2221:TCP" = 2221:TCP:*:Disabled:esetupd
"2222:TCP" = 2222:TCP:*:Disabled:esetra
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\FileZillaFTPClient\filezilla.exe" = C:\Programme\FileZillaFTPClient\filezilla.exe:*:Enabled:filezilla.exe -- (FileZilla Project)
"C:\Programme\FileZillaFTPClient\fzsftp.exe" = C:\Programme\FileZillaFTPClient\fzsftp.exe:*:Enabled:fzsftp.exe -- (FileZilla Project)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\IBM\SPSS\Statistics\19\WinWrapIDE.exe" = C:\Programme\IBM\SPSS\Statistics\19\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Programme\IBM\SPSS\Statistics\19\stats.com" = C:\Programme\IBM\SPSS\Statistics\19\stats.com:*:Disabled:Statistics19:com -- (SPSS Inc.)
"C:\Programme\IBM\SPSS\Statistics\19\stats.exe" = C:\Programme\IBM\SPSS\Statistics\19\stats.exe:*:Disabled:Statistics19:exe -- (SPSS Inc.)
"C:\Programme\IBM\SPSS\Statistics\19\JRE\bin\javaw.exe" = C:\Programme\IBM\SPSS\Statistics\19\JRE\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (IBM)
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:firefox -- (Mozilla Corporation)
"C:\Programme\Avira\AntiVir Desktop\avguard.exe" = C:\Programme\Avira\AntiVir Desktop\avguard.exe:*:Enabled:avguard -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Avira\AntiVir Desktop\avwebloader.exe" = C:\Programme\Avira\AntiVir Desktop\avwebloader.exe:*:Enabled:avwebloader -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe" = C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe:*:Enabled:avwebgrd -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Avira\AntiVir Desktop\avwsc.exe" = C:\Programme\Avira\AntiVir Desktop\avwsc.exe:*:Enabled:avwsc -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Avira\AntiVir Desktop\update.exe" = C:\Programme\Avira\AntiVir Desktop\update.exe:*:Enabled:update -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C3386C-4305-4015-93D4-529C0AB0071F}" = PDF-XChange Pro 4.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DB9FC6E-167B-4F72-89C3-CA600295241C}" = Irfanview 4.20g
"{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}" = Striata Reader
"{191DCDE8-C24A-495D-AEA7-F7F07F4AA70F}" = ArcGIS ArcReader
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23B37933-A331-4876-9687-71F0E6693BCD}" = NIST 11 MS Library and AMDIS v.2.70
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2F1906D8-2109-450A-956E-EDAD982A4F2A}" = Fonts Frutiger Campus
"{31ECBDC2-E368-4808-AF8D-0E4D650F2705}" = FileZilla Client 3.2.2.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BFBC02C-18E3-4B79-B15E-17F456CA7FFD}" = 7-Zip v4.65
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5929A099-B197-413E-9611-D59186CD9154}" = VLC Player
"{5ED69AF4-C38E-11D3-B10A-00500406C16C}" = STATISTICA 7
"{61E8B062-51F9-4BBB-B1FC-E2A4A40944F5}" = Adobe Flash Player 9 Plugin
"{6DEC8220-D239-4114-9376-658FE61558A4}" = PRIMER 6
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7DA83DDA-0EB0-11D6-A937-00C04F091145}" = SigmaPlot 8.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{ADB408D1-03A5-466C-A555-2797B7BBAFCA}" = 
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A503AC1C-2B1F-4EE0-9670-EAA33F0CA9FC}" = CDBurnerXP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B855F446-D560-48AE-8D48-ACF1BA9A4E20}" = Mozilla Firefox
"{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}" = User Profile Hive Cleanup Service
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6A85D8-D6B9-479A-9FE9-A06E56881E61}" = Configuration Manager Client
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F692770D-0E27-4D3F-8386-F04C6F434040}" = Microsoft Operations Manager 2005-Agent
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC4E279C-823A-4CB6-ADF6-D0AA74532E97}" = Varian MS Workstation
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Premiere 6.0" = Adobe Premiere 6.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"Cleaner 5 EZ" = Cleaner 5 EZ
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"EndNote" = EndNote
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eye-One Match_is1" = Eye-One Match 3.6.2
"FilesFrog Update Checker" = FilesFrog Update Checker
"FormatFactory" = FormatFactory 2.95
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"i1_driver_installer_utility_i1Match_is1" = i1_driver_installer_utility_i1Match version 1.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIST 05 MS Library and AMDIS 2.6" = NIST 05 MS Library and AMDIS 2.6
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"qt7lite_is1" = QT Lite 2.8.0
"RDC" = RDC
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.05.2013 03:42:10 | Computer Name = WESTER-1 | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 20.05.2013 03:42:51 | Computer Name = WESTER-1 | Source = UserInit | ID = 1000
Description = Folgendes Skript konnte nicht ausgeführt werden: \\uni-mainz.de\SYSVOL\Uni-Mainz.DE\Setup\ZDVScripts\install.cmd.
 Das Netzlaufwerk ist nicht erreichbar. Weitere Informationen über die Behebung 
von Netzwerkproblemen finden Sie in der Windows-Hilfe.  
 
Error - 20.05.2013 04:05:50 | Computer Name = WESTER-1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung SynTPEnh.exe, Version 10.1.8.0, fehlgeschlagenes
 Modul SynTPEnh.exe, Version 10.1.8.0, Fehleradresse 0x0002975c.
 
Error - 20.05.2013 04:18:26 | Computer Name = WESTER-1 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
 werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
 hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
 
Error - 20.05.2013 04:18:28 | Computer Name = WESTER-1 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
 keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
 ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden.   Die Registrierung
 wird nicht durchgeführt.
 
Error - 20.05.2013 04:20:34 | Computer Name = WESTER-1 | Source = Microsoft Operations Manager | ID = 26008
Description = Vom Agent konnte die IP-Adresse des MOM-Servers "FCS-01" nicht aufgelöst
 werden. Folgender Fehler wurde berichtet: "Der angegebene Host ist unbekannt.".
 
Error - 20.05.2013 04:26:08 | Computer Name = WESTER-1 | Source = UserInit | ID = 1000
Description = Folgendes Skript konnte nicht ausgeführt werden: \\uni-mainz.de\SYSVOL\Uni-Mainz.DE\Setup\ZDVScripts\install.cmd.
 Der Netzwerkpfad wurde nicht gefunden.  
 
Error - 20.05.2013 05:00:09 | Computer Name = WESTER-1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.69.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.05.2013 05:00:40 | Computer Name = WESTER-1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.69.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.05.2013 05:01:03 | Computer Name = WESTER-1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.69.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ OSession Events ]
Error - 14.05.2011 17:11:35 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.06.2011 16:45:57 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 878 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 23.06.2011 07:14:56 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 1727 seconds with 360 seconds of active time.  This session ended with a 
crash.
 
Error - 25.06.2011 14:11:32 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 440 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.08.2011 10:45:03 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 37
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.12.2012 08:35:01 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27965
 seconds with 13620 seconds of active time.  This session ended with a crash.
 
Error - 08.01.2013 15:00:13 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 670
 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error - 24.02.2013 08:22:18 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 630
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.02.2013 07:10:01 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 630
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.03.2013 06:41:58 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 20951 seconds with 11820 seconds of active time.  This session ended with
 a crash.
 
[ System Events ]
Error - 20.05.2013 03:44:42 | Computer Name = WESTER-1 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 20.05.2013 03:50:50 | Computer Name = WESTER-1 | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
 SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)
 für die COM-Serveranwendung mit CLSID   {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}   gewährt.
 Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
 geändert werden.
 
Error - 20.05.2013 03:59:46 | Computer Name = WESTER-1 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 20.05.2013 04:18:25 | Computer Name = WESTER-1 | Source = NETLOGON | ID = 5719
Description = Es steht kein Domänencontroller für die Domäne UNI-MAINZ aus folgendem
 Grund zur  Verfügung:   %%1311.    Stellen Sie sicher, dass der Computer mit dem Netzwerk
 verbunden ist, und  versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator,
 wenn  das Problem weiterhin besteht.
 
Error - 20.05.2013 04:19:39 | Computer Name = WESTER-1 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 20.05.2013 04:19:43 | Computer Name = WESTER-1 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 20.05.2013 04:24:38 | Computer Name = WESTER-1 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
 
Error - 20.05.2013 04:24:38 | Computer Name = WESTER-1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 20.05.2013 04:29:44 | Computer Name = WESTER-1 | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
 SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)
 für die COM-Serveranwendung mit CLSID   {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}   gewährt.
 Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
 geändert werden.
 
Error - 20.05.2013 04:34:46 | Computer Name = WESTER-1 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
 
< End of report >

gmer
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-20 18:08:53
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1234GSX rev.AH001D 110,39GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\uflyqpow.sys


---- System - GMER 2.1 ----

SSDT            BA6CB29C                                         ZwClose
SSDT            BA6CB256                                         ZwCreateKey
SSDT            BA6CB2A6                                         ZwCreateSection
SSDT            BA6CB24C                                         ZwCreateThread
SSDT            BA6CB25B                                         ZwDeleteKey
SSDT            BA6CB265                                         ZwDeleteValueKey
SSDT            BA6CB297                                         ZwDuplicateObject
SSDT            BA6CB26A                                         ZwLoadKey
SSDT            BA6CB238                                         ZwOpenProcess
SSDT            BA6CB23D                                         ZwOpenThread
SSDT            BA6CB2BF                                         ZwQueryValueKey
SSDT            BA6CB274                                         ZwReplaceKey
SSDT            BA6CB2B0                                         ZwRequestWaitReplyPort
SSDT            BA6CB26F                                         ZwRestoreKey
SSDT            BA6CB2AB                                         ZwSetContextThread
SSDT            BA6CB2B5                                         ZwSetSecurityObject
SSDT            BA6CB260                                         ZwSetValueKey
SSDT            BA6CB2BA                                         ZwSystemDebugControl
SSDT            BA6CB247                                         ZwTerminateProcess
SSDT            \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys  ZwUnloadKey [0xBA61463C]

---- Kernel code sections - GMER 2.1 ----

?               C:\WINDOWS\system32\Drivers\uphcleanhlp.sys      Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0          SynTP.sys
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1          SynTP.sys

---- EOF - GMER 2.1 ----


Wäre schön wenn Ihr mir helfen könnt.
Vielen Dank im voraus!

 

Themen zu nach Trcrypt-xpack-gen8-Entfernen immer noch Probleme
7-zip, antivir, antivirus, avira, bho, browser, cdburnerxp, desktop, error, eset nod32, excel, firefox, flash player, format, gruppe, helper, homepage, iexplore.exe, langsam, logfile, plug-in, problem, registry, richtlinie, rundll, scan, security, software, somoto, system, tracker, trojan, windows, windows internet


« Weißer Monitor - Auswertung der OTL-Log | BKA - Paysafe Virus, Windows 7 gesperrt »


Ähnliche Themen: nach Trcrypt-xpack-gen8-Entfernen immer noch Probleme


  1. Nach Scan noch immer Bedrohungen, aber wie entfernen?
    Log-Analyse und Auswertung - 24.06.2015 (9)
  2. immer noch Probleme
    Plagegeister aller Art und deren Bekämpfung - 05.03.2015 (21)
  3. Windows 7: Fundmeldung TR/Crypt.XPACK.Gen8 - Befall noch vorhanden?
    Log-Analyse und Auswertung - 04.03.2014 (7)
  4. Windows 7 , PC stürzt immer wieder ab, nach säuberung mit Vipre immer noch viele verdächtig Datein im Autorun
    Log-Analyse und Auswertung - 15.01.2014 (12)
  5. Dateien verschlüsselt nach Trojanerinfizierung (TR/Crypt.XPACK.Gen8, TR/Matsnu.EB.98)
    Plagegeister aller Art und deren Bekämpfung - 26.01.2013 (1)
  6. Probleme mit .NET Framework, windows update und Systemwiederherstellung, Trojaner TR/Crypt.XPACK.Gen8, TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (11)
  7. TR/VBkrypt TR/Dropper.Gen und viele andere nach mehrmligem entfernen immer noch da
    Plagegeister aller Art und deren Bekämpfung - 05.07.2011 (2)
  8. Neuinstallation nach TR/Cryptet.xpack.gen2 und Rootkit Viren, Schädlinge immer noch vorhanden
    Plagegeister aller Art und deren Bekämpfung - 18.01.2011 (13)
  9. nach formatierung immer noch probleme mit pc
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (13)
  10. Internet Explorer öffnete sich von selbst, nach Löschen des IE immer noch probleme
    Log-Analyse und Auswertung - 07.05.2010 (1)
  11. Immer noch Probleme
    Antiviren-, Firewall- und andere Schutzprogramme - 31.05.2008 (11)
  12. "TRCrypt/XPACK.Gen" von aviraantivir gelöscht, ist er auch wirklich weg?
    Log-Analyse und Auswertung - 03.05.2008 (11)
  13. Immer noch probleme mit IRC\Bot
    Mülltonne - 17.05.2007 (1)
  14. Immer noch Probleme nach Bagle befall
    Log-Analyse und Auswertung - 23.02.2007 (15)
  15. Immer noch zu viele Tasks nach Entfernen von Spy Falcon, Hijacker.Small, win#.tmp.exe
    Log-Analyse und Auswertung - 28.02.2006 (4)
  16. Neu aufgesetzt und immer noch Probleme....
    Plagegeister aller Art und deren Bekämpfung - 06.07.2005 (16)
  17. Immer noch Probleme mit der Startseite!!!
    Plagegeister aller Art und deren Bekämpfung - 27.09.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema nach Trcrypt-xpack-gen8-Entfernen immer noch Probleme - Hallo, nachdem Avira Trcrypt-xpack-gen8 entdeckte (und abstüzte)... Virus or unwanted program 'TR/Crypt.ZPACK.Gen8 [trojan]' detected in file 'C:\WINDOWS\system32\trkwks6.dll. Action performed: Deny access ... habe ich die Anweisungen von hxxp://malwaretips.com/blogs/remove-trcrypt-xpack-gen befolgt. Da - nach Trcrypt-xpack-gen8-Entfernen immer noch Probleme...
Archiv
Du betrachtest: nach Trcrypt-xpack-gen8-Entfernen immer noch Probleme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27