nach Trcrypt-xpack-gen8-Entfernen immer noch Probleme
Hallo,
nachdem Avira Trcrypt-xpack-gen8 entdeckte (und abstüzte)...
Virus or unwanted program 'TR/Crypt.ZPACK.Gen8 [trojan]'
detected in file 'C:\WINDOWS\system32\trkwks6.dll.
Action performed: Deny access
... habe ich die Anweisungen von hxxp://malwaretips.com/blogs/remove-trcrypt-xpack-gen befolgt. Da danach mein Laptop immer noch extrem langsam war/ist, habe ich weiter gesucht und bin auf Eure Seite gestossen.
Hier sind die OTL und gmer-Dateien.
OTL.txt Code:
OTL logfile created on: 20.05.2013 13:50:15 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,73% Memory free
3,84 Gb Paging File | 3,38 Gb Available in Paging File | 88,14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,04 Gb Total Space | 13,11 Gb Free Space | 16,80% Space Free | Partition Type: NTFS
Drive E: | 32,35 Gb Total Space | 9,84 Gb Free Space | 30,40% Space Free | Partition Type: NTFS
Computer Name: WESTER-1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.20 10:35:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe
PRC - [2013.05.17 11:53:20 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.05.17 11:52:59 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.05.17 11:52:55 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.17 11:52:54 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008.05.20 05:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.09 12:20:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2007.05.10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2005.08.11 16:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
PRC - [2005.07.21 12:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
PRC - [2004.03.05 01:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) -- C:\Programme\UPHClean\uphclean.exe
========== Modules (No Company Name) ==========
MOD - [2012.09.19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.02.21 23:38:12 | 000,094,720 | ---- | M] () -- C:\Programme\FileZillaFTPClient\fzshellext.dll
MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.03.09 12:20:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
========== Services (SafeList) ==========
SRV - [2013.05.17 11:53:20 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.05.17 11:52:55 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.01.16 15:50:39 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.05.20 05:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2008.05.20 05:00:00 | 000,249,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2008.03.09 12:20:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2005.07.21 12:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe -- (MOM)
SRV - [2004.03.05 01:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\UPHClean\uphclean.exe -- (UPHClean)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.05.17 11:53:21 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.05.17 11:53:21 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.05.17 11:53:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.09.25 07:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008.05.20 05:00:00 | 000,023,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2008.04.08 18:27:04 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2007.06.01 14:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007.05.24 17:56:00 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007.05.23 12:24:30 | 000,056,832 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.05.10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007.03.21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.19 18:41:14 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007.02.19 18:40:36 | 000,209,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.02.19 18:40:32 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007.01.30 13:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007.01.25 17:41:30 | 000,014,416 | ---- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pdihwctl.sys -- (PDIHWCTL)
DRV - [2003.11.27 08:49:46 | 000,026,045 | ---- | M] (GretagMacbeth) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i1.sys -- (i1)
DRV - [1998.01.26 16:48:32 | 000,005,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WSSTARIO.SYS -- (WSStario)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 9D 61 97 95 53 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ukzn.ac.za:8080
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.02 18:34:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.02 18:34:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: c:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2012.07.15 11:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.08.02 18:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.02 18:34:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.02 18:34:00 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.02 18:34:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.02 18:34:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.02 18:34:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PDFXChange 4.0 IE Plugin) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Programme\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PDFXChange 4.0 IE Plugin) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Programme\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [PMX Daemon] ICO.EXE File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logo Calibration Loader.lnk = C:\Programme\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ProfileReminder.lnk = C:\Programme\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Uni-Mainz.DE
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B888656-E4D8-429B-8831-D1B712C61A9D}: NameServer = 134.99.128.2,134.99.128.5
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.08 14:29:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.07.02 12:00:24 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.10.22 14:48:03 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b99955b8-34ec-11e0-be8a-0015c56f668b}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{b99955b8-34ec-11e0-be8a-0015c56f668b}\Shell\Install\command - "" = F:\Setup.exe
O33 - MountPoints2\{c166ff8b-9a04-11e1-80ac-0015c56f668b}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.20 10:09:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Local Settings
[2013.05.20 10:09:44 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker
[2013.05.20 10:09:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\FilesFrog Update Checker
[2013.05.18 13:43:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2013.05.18 09:47:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2013.05.18 09:44:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2013.05.18 09:44:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.05.17 12:02:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2013.05.17 12:02:54 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2013.05.17 12:02:54 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2013.05.11 09:37:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\für Homepage
[2013.05.10 14:42:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Test VIDEO
[2013.05.06 18:22:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Final report - UKZN
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.05.20 12:57:00 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.20 10:28:26 | 000,000,462 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2013.05.20 10:18:18 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.20 10:18:12 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\hyawyj.job
[2013.05.20 10:18:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.20 10:17:58 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.20 10:09:45 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Check for Updates.lnk
[2013.05.20 10:04:21 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2013.05.20 09:58:56 | 000,517,610 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.20 09:58:55 | 000,546,072 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.20 09:58:55 | 000,109,312 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.20 09:58:55 | 000,090,550 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.19 10:03:50 | 000,413,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.17 22:14:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.05.17 12:02:56 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2013.05.17 11:59:13 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Google Chrome.lnk
[2013.05.17 11:53:21 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.05.17 11:53:21 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.05.17 11:53:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.05.17 11:15:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.06 18:47:49 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.20 10:09:45 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Check for Updates.lnk
[2013.05.20 10:04:21 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2013.05.17 12:02:56 | 000,001,872 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2013.05.06 18:47:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2013.03.19 23:46:01 | 000,000,498 | ---- | C] () -- C:\WINDOWS\70.INI
[2012.07.15 21:46:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.03.06 14:37:33 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2012.03.06 14:37:33 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011.06.10 23:30:56 | 000,002,260 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\.recently-used.xbel
[2011.03.12 20:19:21 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.03.11 15:12:08 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WWB7_32.DAT
[2010.03.17 14:38:58 | 000,088,576 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.08 14:33:33 | 000,092,653 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
========== ZeroAccess Check ==========
[2010.01.11 08:49:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.05.11 22:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CDBurnerXP_Soft
[2012.02.08 21:38:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EndNote
[2011.03.13 08:45:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ESRI
[2012.08.02 18:49:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FileZilla
[2010.01.11 16:09:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GretagMacbeth
[2011.06.10 23:30:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0
[2011.04.11 10:18:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2011.04.10 14:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera
[2012.05.29 21:06:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Pixmantec
[2011.05.31 15:12:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Tracker Software
[2012.03.06 15:08:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET
[2013.05.18 13:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2010.03.17 14:34:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic
[2012.03.06 14:40:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2011.03.11 15:12:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StatSoft
========== Purity Check ==========
< End of report >
Extras.txt: Code:
OTL Extras logfile created on: 20.05.2013 11:28:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,33% Memory free
3,84 Gb Paging File | 3,21 Gb Available in Paging File | 83,58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,04 Gb Total Space | 13,11 Gb Free Space | 16,80% Space Free | Partition Type: NTFS
Drive E: | 32,35 Gb Total Space | 9,84 Gb Free Space | 30,40% Space Free | Partition Type: NTFS
Computer Name: WESTER-1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 513
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%Program Files%\Microsoft Office\Office11\Outlook.exe:134.93.177.2,10.94.6.0/24,10.94.20.0/24:Enabled:Outlook11" = %Program Files%\Microsoft Office\Office11\Outlook.exe:134.93.177.2,10.94.6.0/24,10.94.20.0/24:Enabled:Outlook11
"%Program Files%\Microsoft Office\Office12\Outlook.exe:134.93.177.2,10.94.6.0/24,10.94.20.0/24:Enabled:Outlook12 " = %Program Files%\Microsoft Office\Office12\Outlook.exe:134.93.177.2,10.94.6.0/24,10.94.20.0/24:Enabled:Outlook12
"%ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Microsoft Messenger" = %ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Microsoft Messenger -- (Microsoft Corporation)
"%ProgramFiles%\Microsoft ActiveSync\Wcescomm.exe:134.93.0.0/16:Enabled:ActiveSync" = %ProgramFiles%\Microsoft ActiveSync\Wcescomm.exe:134.93.0.0/16:Enabled:ActiveSync
"%ProgramFiles%\Microsoft ActiveSync\WCESMGR.EXE:134.93.0.0/16:Enabled:ActiveSync" = %ProgramFiles%\Microsoft ActiveSync\WCESMGR.EXE:134.93.0.0/16:Enabled:ActiveSync
"%ProgramFiles%\Microsoft Virtual PC\Virtual PC.exe:*:Enabled:Virtual PC 2007" = %ProgramFiles%\Microsoft Virtual PC\Virtual PC.exe:*:Enabled:Virtual PC 2007
"%ProgramFiles%\NetMeeting\conf.exe:*:Enabled:Netmeeting" = %ProgramFiles%\NetMeeting\conf.exe:*:Enabled:Netmeeting -- (Microsoft Corporation)
"%ProgramFiles%\Quark\QuarkXPress Passport\QuarkXPress Passport.exe:134.93.0.0/16:Enabled:Quark Express" = %ProgramFiles%\Quark\QuarkXPress Passport\QuarkXPress Passport.exe:134.93.0.0/16:Enabled:Quark Express
"%ProgramFiles%\QuickTime\QuickTimePlayer.exe:*:Enabled:Quicktime Player" = %ProgramFiles%\QuickTime\QuickTimePlayer.exe:*:Enabled:Quicktime Player
"%ProgramFiles%\SharpReader\SharpReader.exe:*:Enabled:Sharpreader" = %ProgramFiles%\SharpReader\SharpReader.exe:*:Enabled:Sharpreader
"%ProgramFiles%\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player" = %ProgramFiles%\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"%ProgramFiles%\X-Win32 5.1\xwin32.exe:134.93.0.0/16:Enabled:X-Win32" = %ProgramFiles%\X-Win32 5.1\xwin32.exe:134.93.0.0/16:Enabled:X-Win32
"%windir%\PCHEALTH\HELPCTR\Binaries\helpsvc.exe:10.94.10.0/24,10.94.28.13,10.94.28.18,10.94.28.17:Enabled:Offer Remote Assistance (helpsvc.exe)" = %windir%\PCHEALTH\HELPCTR\Binaries\helpsvc.exe:10.94.10.0/24,10.94.28.13,10.94.28.18,10.94.28.17:Enabled:Offer Remote Assistance (helpsvc.exe) -- (Microsoft Corporation)
"%windir%\system32\dmadmin.exe:10.94.10.0/24,10.94.28.13,10.94.28.18,10.94.28.17:Enabled:Diskmanagement" = %windir%\system32\dmadmin.exe:10.94.10.0/24,10.94.28.13,10.94.28.18,10.94.28.17:Enabled:Diskmanagement -- (Microsoft Corp., Veritas Software)
"%windir%\system32\ftp.exe:*:enabled:Microsoft FTP Client" = %windir%\system32\ftp.exe:*:enabled:Microsoft FTP Client -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe:*:Enabled:Remote Assistance" = %windir%\system32\sessmgr.exe:*:Enabled:Remote Assistance -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"10000:TCP:*:enabled:CiscoVPNClient" = 10000:TCP:*:enabled:CiscoVPNClient
"135:TCP:10.94.10.0/24,10.94.28.13,10.94.28.18,10.94.28.17:Enabled:Offer Remote Assistance (Port 135)" = 135:TCP:10.94.10.0/24,10.94.28.13,10.94.28.18,10.94.28.17:Enabled:Offer Remote Assistance (Port 135)
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogFileSize" = 20480
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 10.94.10.0/24,10.94.28.13,10.94.28.18,10.94.28.17
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
"Enabled" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"878307c0-ed6e-4f7c-89b5-d6c040e51d5f" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=8:*|Name=ICMPv4 Echo Request|Edge=FALSE|
"81289f72-177f-4821-b681-a6b6611555c2" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=128:*|Name=ICMPv6 Echo Request|Edge=FALSE|
"WINRM-HTTP-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=80|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=System|Name=@FirewallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30252|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"RemoteFwAdmin-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|
"RemoteFwAdmin-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|Name=@FirewallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|
"RVM-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|
"RVM-VDSLDR-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\vdsldr.exe|Name=@FirewallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|
"RVM-VDS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\vds.exe|Svc=vds|Name=@FirewallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|
"RemoteSvcAdmin-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|
"RemoteSvcAdmin-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|
"RemoteSvcAdmin-NP-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=System|Name=@FirewallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|
"RemoteTask-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|Edge=FALSE|
"RemoteTask-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|Name=@FirewallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|Edge=FALSE|
"RemoteEventLogSvc-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|
"RemoteEventLogSvc-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|Name=@FirewallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|
"RemoteEventLogSvc-NP-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=System|Name=@FirewallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAdmin-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|
"RemoteAdmin-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%SystemRoot%\system32\svchost.exe|Svc=*|Name=@FirewallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|
"RemoteAdmin-NP-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=System|Name=@FirewallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|
"PerfLogsAlerts-PLASrv-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%systemroot%\system32\plasrv.exe|Name=@PlaSrv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|
"PerfLogsAlerts-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|RA4=10.94.28.13|RA4=10.94.28.18|RA4=10.94.28.17|RA4=10.94.10.0/255.255.255.0|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c18|RA6=2001:4c80:40:61c:21d:d8ff:feb7:1c17|RA6=2001:4c80:40:60a::/64|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@PlaSrv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
"LogFileSize" = 20096
"LogDroppedPackets" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
"LogFileSize" = 20096
"LogDroppedPackets" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2221:TCP" = 2221:TCP:*:Disabled:esetupd
"2222:TCP" = 2222:TCP:*:Disabled:esetra
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\FileZillaFTPClient\filezilla.exe" = C:\Programme\FileZillaFTPClient\filezilla.exe:*:Enabled:filezilla.exe -- (FileZilla Project)
"C:\Programme\FileZillaFTPClient\fzsftp.exe" = C:\Programme\FileZillaFTPClient\fzsftp.exe:*:Enabled:fzsftp.exe -- (FileZilla Project)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\IBM\SPSS\Statistics\19\WinWrapIDE.exe" = C:\Programme\IBM\SPSS\Statistics\19\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Programme\IBM\SPSS\Statistics\19\stats.com" = C:\Programme\IBM\SPSS\Statistics\19\stats.com:*:Disabled:Statistics19:com -- (SPSS Inc.)
"C:\Programme\IBM\SPSS\Statistics\19\stats.exe" = C:\Programme\IBM\SPSS\Statistics\19\stats.exe:*:Disabled:Statistics19:exe -- (SPSS Inc.)
"C:\Programme\IBM\SPSS\Statistics\19\JRE\bin\javaw.exe" = C:\Programme\IBM\SPSS\Statistics\19\JRE\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (IBM)
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:firefox -- (Mozilla Corporation)
"C:\Programme\Avira\AntiVir Desktop\avguard.exe" = C:\Programme\Avira\AntiVir Desktop\avguard.exe:*:Enabled:avguard -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Avira\AntiVir Desktop\avwebloader.exe" = C:\Programme\Avira\AntiVir Desktop\avwebloader.exe:*:Enabled:avwebloader -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe" = C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe:*:Enabled:avwebgrd -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Avira\AntiVir Desktop\avwsc.exe" = C:\Programme\Avira\AntiVir Desktop\avwsc.exe:*:Enabled:avwsc -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Avira\AntiVir Desktop\update.exe" = C:\Programme\Avira\AntiVir Desktop\update.exe:*:Enabled:update -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C3386C-4305-4015-93D4-529C0AB0071F}" = PDF-XChange Pro 4.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DB9FC6E-167B-4F72-89C3-CA600295241C}" = Irfanview 4.20g
"{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}" = Striata Reader
"{191DCDE8-C24A-495D-AEA7-F7F07F4AA70F}" = ArcGIS ArcReader
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23B37933-A331-4876-9687-71F0E6693BCD}" = NIST 11 MS Library and AMDIS v.2.70
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2F1906D8-2109-450A-956E-EDAD982A4F2A}" = Fonts Frutiger Campus
"{31ECBDC2-E368-4808-AF8D-0E4D650F2705}" = FileZilla Client 3.2.2.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BFBC02C-18E3-4B79-B15E-17F456CA7FFD}" = 7-Zip v4.65
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5929A099-B197-413E-9611-D59186CD9154}" = VLC Player
"{5ED69AF4-C38E-11D3-B10A-00500406C16C}" = STATISTICA 7
"{61E8B062-51F9-4BBB-B1FC-E2A4A40944F5}" = Adobe Flash Player 9 Plugin
"{6DEC8220-D239-4114-9376-658FE61558A4}" = PRIMER 6
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7DA83DDA-0EB0-11D6-A937-00C04F091145}" = SigmaPlot 8.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{ADB408D1-03A5-466C-A555-2797B7BBAFCA}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A503AC1C-2B1F-4EE0-9670-EAA33F0CA9FC}" = CDBurnerXP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B855F446-D560-48AE-8D48-ACF1BA9A4E20}" = Mozilla Firefox
"{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}" = User Profile Hive Cleanup Service
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6A85D8-D6B9-479A-9FE9-A06E56881E61}" = Configuration Manager Client
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F692770D-0E27-4D3F-8386-F04C6F434040}" = Microsoft Operations Manager 2005-Agent
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC4E279C-823A-4CB6-ADF6-D0AA74532E97}" = Varian MS Workstation
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Premiere 6.0" = Adobe Premiere 6.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"Cleaner 5 EZ" = Cleaner 5 EZ
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"EndNote" = EndNote
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eye-One Match_is1" = Eye-One Match 3.6.2
"FilesFrog Update Checker" = FilesFrog Update Checker
"FormatFactory" = FormatFactory 2.95
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"i1_driver_installer_utility_i1Match_is1" = i1_driver_installer_utility_i1Match version 1.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIST 05 MS Library and AMDIS 2.6" = NIST 05 MS Library and AMDIS 2.6
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"qt7lite_is1" = QT Lite 2.8.0
"RDC" = RDC
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.05.2013 03:42:10 | Computer Name = WESTER-1 | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 20.05.2013 03:42:51 | Computer Name = WESTER-1 | Source = UserInit | ID = 1000
Description = Folgendes Skript konnte nicht ausgeführt werden: \\uni-mainz.de\SYSVOL\Uni-Mainz.DE\Setup\ZDVScripts\install.cmd.
Das Netzlaufwerk ist nicht erreichbar. Weitere Informationen über die Behebung
von Netzwerkproblemen finden Sie in der Windows-Hilfe.
Error - 20.05.2013 04:05:50 | Computer Name = WESTER-1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung SynTPEnh.exe, Version 10.1.8.0, fehlgeschlagenes
Modul SynTPEnh.exe, Version 10.1.8.0, Fehleradresse 0x0002975c.
Error - 20.05.2013 04:18:26 | Computer Name = WESTER-1 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
Error - 20.05.2013 04:18:28 | Computer Name = WESTER-1 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung
wird nicht durchgeführt.
Error - 20.05.2013 04:20:34 | Computer Name = WESTER-1 | Source = Microsoft Operations Manager | ID = 26008
Description = Vom Agent konnte die IP-Adresse des MOM-Servers "FCS-01" nicht aufgelöst
werden. Folgender Fehler wurde berichtet: "Der angegebene Host ist unbekannt.".
Error - 20.05.2013 04:26:08 | Computer Name = WESTER-1 | Source = UserInit | ID = 1000
Description = Folgendes Skript konnte nicht ausgeführt werden: \\uni-mainz.de\SYSVOL\Uni-Mainz.DE\Setup\ZDVScripts\install.cmd.
Der Netzwerkpfad wurde nicht gefunden.
Error - 20.05.2013 05:00:09 | Computer Name = WESTER-1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.69.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 20.05.2013 05:00:40 | Computer Name = WESTER-1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.69.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 20.05.2013 05:01:03 | Computer Name = WESTER-1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.69.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ OSession Events ]
Error - 14.05.2011 17:11:35 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
Error - 20.06.2011 16:45:57 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 878 seconds with 240 seconds of active time. This session ended with a crash.
Error - 23.06.2011 07:14:56 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1727 seconds with 360 seconds of active time. This session ended with a
crash.
Error - 25.06.2011 14:11:32 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 440 seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.08.2011 10:45:03 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.
Error - 16.12.2012 08:35:01 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27965
seconds with 13620 seconds of active time. This session ended with a crash.
Error - 08.01.2013 15:00:13 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 670
seconds with 660 seconds of active time. This session ended with a crash.
Error - 24.02.2013 08:22:18 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 630
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.02.2013 07:10:01 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 630
seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.03.2013 06:41:58 | Computer Name = WESTER-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 20951 seconds with 11820 seconds of active time. This session ended with
a crash.
[ System Events ]
Error - 20.05.2013 03:44:42 | Computer Name = WESTER-1 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 20.05.2013 03:50:50 | Computer Name = WESTER-1 | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)
für die COM-Serveranwendung mit CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} gewährt.
Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 20.05.2013 03:59:46 | Computer Name = WESTER-1 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 20.05.2013 04:18:25 | Computer Name = WESTER-1 | Source = NETLOGON | ID = 5719
Description = Es steht kein Domänencontroller für die Domäne UNI-MAINZ aus folgendem
Grund zur Verfügung: %%1311. Stellen Sie sicher, dass der Computer mit dem Netzwerk
verbunden ist, und versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator,
wenn das Problem weiterhin besteht.
Error - 20.05.2013 04:19:39 | Computer Name = WESTER-1 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 20.05.2013 04:19:43 | Computer Name = WESTER-1 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 20.05.2013 04:24:38 | Computer Name = WESTER-1 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
Error - 20.05.2013 04:24:38 | Computer Name = WESTER-1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 20.05.2013 04:29:44 | Computer Name = WESTER-1 | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)
für die COM-Serveranwendung mit CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} gewährt.
Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 20.05.2013 04:34:46 | Computer Name = WESTER-1 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
< End of report >
gmer Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-20 18:08:53
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1234GSX rev.AH001D 110,39GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\uflyqpow.sys
---- System - GMER 2.1 ----
SSDT BA6CB29C ZwClose
SSDT BA6CB256 ZwCreateKey
SSDT BA6CB2A6 ZwCreateSection
SSDT BA6CB24C ZwCreateThread
SSDT BA6CB25B ZwDeleteKey
SSDT BA6CB265 ZwDeleteValueKey
SSDT BA6CB297 ZwDuplicateObject
SSDT BA6CB26A ZwLoadKey
SSDT BA6CB238 ZwOpenProcess
SSDT BA6CB23D ZwOpenThread
SSDT BA6CB2BF ZwQueryValueKey
SSDT BA6CB274 ZwReplaceKey
SSDT BA6CB2B0 ZwRequestWaitReplyPort
SSDT BA6CB26F ZwRestoreKey
SSDT BA6CB2AB ZwSetContextThread
SSDT BA6CB2B5 ZwSetSecurityObject
SSDT BA6CB260 ZwSetValueKey
SSDT BA6CB2BA ZwSystemDebugControl
SSDT BA6CB247 ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xBA61463C]
---- Kernel code sections - GMER 2.1 ----
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys
---- EOF - GMER 2.1 ----
Wäre schön wenn Ihr mir helfen könnt.
Vielen Dank im voraus! |
Lesestoff: