Deckards Main Scan:
Deckard's System Scanner v20071014.68
Run by m.jones on 2008-04-14 17:22:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
52: 2008-04-14 15:22:57 UTC - RP153 - Deckard's System Scanner Restore Point
51: 2008-04-14 13:15:17 UTC - RP152 - Software Distribution Service 3.0
50: 2008-04-14 13:11:07 UTC - RP151 - ComboFix created restore point
49: 2008-04-14 06:44:27 UTC - RP150 - Java 6 Update 5 wird installiert
48: 2008-04-11 06:11:50 UTC - RP149 - Software Distribution Service 3.0
-- First Restore Point --
1: 2008-03-27 11:10:28 UTC - RP102 - Systemprüfpunkt
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as m.jones.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23, on 2008-04-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Fortinet\FortiClient\scheduler.exe
C:\Programme\Fortinet\FortiClient\FCDBLog.exe
C:\Programme\Fortinet\FortiClient\fortifw.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Programme\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\UL2507.EXE
C:\Programme\Fortinet\FortiClient\FortiTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\AddOn\Fujitsu\PSUtility\TrayManager.exe
C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\CSOnlineView3\ovwinetd.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Dokumente und Einstellungen\m.jones\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\m.jones.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.drexel-weiss.at/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PSUtility] C:\AddOn\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PIMphony.lnk = ?
O4 - Global Startup: ovwinetd.lnk = C:\Programme\CSOnlineView3\ovwinetd.exe
O4 - Global Startup: PIMphony.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) -
https://fserver01.dr...ll/WinNTChk.cabO16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) -
https://fserver01.dr...stall/setup.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) -
https://fserver01.dr.../RemoveCtrl.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = drexel-weiss.local
O17 - HKLM\Software\..\Telephony: DomainName = drexel-weiss.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = drexel-weiss.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mljghhi - mljghhi.dll (file missing)
O20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Fortinet Service Scheduler (FA_Scheduler) - Fortinet Inc. - C:\Programme\Fortinet\FortiClient\scheduler.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Client/Server Security Agent Echtzeitsuche (ntrtscan) - Trend Micro Inc. - C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programme\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Programme\Trend Micro\OfficeScan Client\tmlisten.exe
--
End of file - 8996 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R2 BtnHnd - c:\programme\fujitsu\btnhnd\btnhnd.sys <Not Verified; FUJITSU LIMITED; Button handler>
R2 TM_CFW (Common Firewall Driver) - c:\programme\trend micro\officescan client\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Common Firewall Module 1.2>
R3 PPJoyBus (Parallel Port Joystick Bus device driver) - c:\windows\system32\drivers\ppjoybus.sys <Not Verified; Deon van der Westhuysen; Parallel Port Joystick Bus Enumerator>
S3 catchme - c:\dokume~1\m472d~1.jon\lokale~1\temp\catchme.sys (file missing)
S3 PPortJoystick (Parallel Port Joystick device driver) - c:\windows\system32\drivers\pportjoy.sys <Not Verified; Deon van der Westhuysen; Parallel Port Joystick Driver>
S3 SNP2STD (USB2.0 PC Camera (SNP2STD)) - c:\windows\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>
S3 vsbus (Virtual Serial Bus Enumerator) - c:\windows\system32\drivers\vsb.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Bus>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 FA_Scheduler (Fortinet Service Scheduler) - c:\programme\fortinet\forticlient\scheduler.exe <Not Verified; Fortinet Inc.; FortiClient Scheduler>
R2 OfcPfwSvc (Trend Micro Client/Server Security Agent Personal Firewall) - c:\programme\trend micro\officescan client\ofcpfwsvc.exe <Not Verified; Trend Micro Inc.; Trend Micro Client/Server/Messaging Security for SMB>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Fortinet virtual adapter
Device ID: ROOT\NET\0000
Manufacturer: Fortinet
Name: Fortinet virtual adapter
PNP Device ID: ROOT\NET\0000
Service: ft_vnic
-- Files created between 2008-03-14 and 2008-04-14 -----------------------------
2008-04-14 17:22:30 0 d-------- U:\Deckard
2008-04-14 15:37:46 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-14 15:37:44 0 d-------- C:\WINDOWS\LastGood
2008-04-14 15:10:31 68096 --a------ C:\WINDOWS\zip.exe
2008-04-14 15:10:31 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-14 15:10:31 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-14 15:10:31 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-14 15:10:31 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-14 15:10:31 98816 --a------ C:\WINDOWS\sed.exe
2008-04-14 15:10:31 80412 --a------ C:\WINDOWS\grep.exe
2008-04-14 15:10:31 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-14 08:02:42 10752 --a------ C:\WINDOWS\DCEBoot.exe
2008-04-14 07:46:15 3648 --a------ C:\WINDOWS\system32\tqndxiui.dll
2008-04-12 21:59:17 3648 --a------ C:\WINDOWS\system32\fogpmwub.dll
2008-04-11 08:13:05 3648 --a------ C:\WINDOWS\system32\drhunmhf.dll
2008-04-11 07:28:09 23564 --a------ C:\Dokumente und Einstellungen\m.jones\lkd2VuNV9tYV9rdzFfbWE1ZGVz_cGRh_bm1fX2QyMzYxZTYwZmEzNjExZGM5NDNhZjY4MTEzY2V
mZmZmXzhmMzc0MDgyZmU1NDRmNDFhNzQ1OGM1ZWYzYzQ1N2Yy_.exe
2008-04-10 07:52:42 3648 --a------ C:\WINDOWS\system32\pagcxdbw.dll
2008-03-27 12:10:13 673 --a------ C:\WINDOWS\system32\gebcd.dll
2008-03-27 12:03:35 0 d-------- U:\Misc
2008-03-27 11:10:08 673 --a------ C:\WINDOWS\system32\jkhhg.dll
2008-03-27 09:42:28 0 d-------- C:\WINDOWS\pss
2008-03-27 08:40:31 673 --a------ C:\WINDOWS\system32\mljgh.dll
2008-03-26 16:24:01 673 --a------ C:\WINDOWS\system32\sstqn.dll
2008-03-26 09:24:18 673 --a------ C:\WINDOWS\system32\mljjh.dll
2008-03-21 15:47:48 10 --a------ C:\WINDOWS\popcinfo.dat
2008-03-21 15:42:47 0 d-------- C:\Programme\PopCap Games
2008-03-21 15:42:29 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
-- Find3M Report ---------------------------------------------------------------
2008-04-14 15:38:06 0 d-------- C:\Dokumente und Einstellungen\m.jones\Anwendungsdaten\Skype
2008-04-14 15:38:06 0 d-------- C:\Dokumente und Einstellungen\m.jones\Anwendungsdaten\Alcatel PIMphony
2008-04-14 15:17:08 425692 --a------ C:\WINDOWS\system32\perfh007.dat
2008-04-14 15:17:08 78320 --a------ C:\WINDOWS\system32\perfc007.dat
2008-04-14 08:48:02 0 d-------- C:\Programme\Java
2008-04-14 08:05:20 0 d-------- C:\Dokumente und Einstellungen\m.jones\Anwendungsdaten\skypePM
2008-04-13 10:30:13 0 d-------- C:\Programme\Trend Micro
2008-04-11 08:15:04 0 d-------- C:\Programme\Gemeinsame Dateien
2008-04-10 15:29:44 0 d-------- C:\Dokumente und Einstellungen\m.jones\Anwendungsdaten\Desktopicon
2008-03-27 20:07:54 0 d--h----- C:\Programme\InstallShield Installation Information
2008-03-27 11:08:03 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-03-27 10:23:52 0 d-------- C:\Programme\Microsoft SQL Server
2008-03-27 10:20:14 0 d-------- C:\Programme\Microsoft.NET
2008-03-27 10:08:14 0 d-------- C:\Dokumente und Einstellungen\m.jones\Anwendungsdaten\TuneUp Software
2008-03-27 09:33:23 0 d-------- C:\Dokumente und Einstellungen\m.jones\Anwendungsdaten\Adobe
2008-03-10 12:06:45 1994 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-10 12:06:45 88 -r-hs---- C:\WINDOWS\system32\BE1587375B.sys
2008-03-06 14:09:28 0 d-------- C:\Dokumente und Einstellungen\m.jones\Anwendungsdaten\MyPhoneExplorer
2008-03-05 18:55:13 0 d-------- C:\Programme\MSECache
2008-03-04 18:04:57 0 d-------- C:\Programme\ACT
2008-02-19 18:41:33 0 d-------- C:\Dokumente und Einstellungen\m.jones\Anwendungsdaten\ACT
2008-02-19 18:33:39 0 d-------- C:\Programme\IE6
2008-02-19 18:33:38 0 d-------- C:\Programme\Guide
2008-02-19 18:33:38 0 d-------- C:\Programme\Dependencies
2008-02-19 18:33:23 0 d-------- C:\Programme\bin
2008-02-19 18:33:22 0 d-------- C:\Programme\ACTSTD
2008-02-19 18:32:41 0 d-------- C:\Programme\ACT Link for Pocket PC
2008-02-19 18:32:37 0 d-------- C:\Programme\ACT Link for Palm OS
2008-02-19 18:32:32 0 d-------- C:\Programme\Acrobat
2008-02-18 09:57:45 0 d-------- C:\Programme\Lavasoft
2008-02-15 13:42:40 0 d-------- C:\Dokumente und Einstellungen\m.jones\Anwendungsdaten\U3
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 06:34 C:\WINDOWS\RTHDCPL.EXE]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 09:03]
"PSUtility"="C:\AddOn\Fujitsu\PSUtility\TrayManager.exe" [2006-07-05 11:57]
"LoadFUJ02E3"="C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-04-20 13:08]
"IndicatorUtility"="C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 00:12]
"LoadFujitsuQuickTouch"="C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 14:21]
"LoadBtnHnd"="C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 14:20]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 13:32 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Programme\ltmoh\Ltmoh.exe" [2005-05-18 15:57]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 12:13]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 12:10]
"IAAnotif"="C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-06-29 06:24]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 13:08]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-16 14:06]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 13:57]
"FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [2007-06-26 20:27]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"UnlockerAssistant"="C:\Programme\Unlocker\UnlockerAssistant.exe" []
"OfficeScanNT Monitor"="C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-04-27 02:41]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-04 00:16]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2008-02-01 18:22]
C:\Dokumente und Einstellungen\m.jones\Startmen\Programme\Autostart\
PIMphony.lnk - C:\Programme\Alcatel_PIMphony\aocphone.exe [2007-05-16 09:11:24]
C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
ovwinetd.lnk - C:\Programme\CSOnlineView3\ovwinetd.exe [2007-08-27 08:23:46]
PIMphony.lnk - C:\WINDOWS\Installer\{831ADA8C-C73B-4915-AF8D-83D22BD58AA8}\aocphone.exe_831ADA8CC73B4915AF8D83D22BD58AA8.exe [2007-08-27 08:31:40]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljghhi]
mljghhi.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSUTY]
PSUWNP.dll 2006-06-02 17:04 32768 C:\WINDOWS\system32\PSUWNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=\\fserver01\deployHosts\deployHosts.cmd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1ad3d14-d479-11dc-a7f5-00c0a8ebe014}]
AutoRun\command- E:\LaunchU3.exe -a
-- Hosts -----------------------------------------------------------------------
192.168.69.1 fserver01.drexel-weiss.local
192.168.69.6 lindrex.drexel-weiss.local
-- End of Deckard's System Scanner: finished at 2008-04-14 17:24:19 ------------
And Deckards Extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German
CPU 0: Intel® Core2 CPU T5600 @ 1.83GHz
CPU 1: Intel® Core2 CPU T5600 @ 1.83GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 1013.92 MiB / 380.23 MiB
Pagefile Memory (total/avail): 2440.13 MiB / 1974.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.79 MiB
C: is Fixed (NTFS) - 74.52 GiB total, 58.54 GiB free.
D: is CDROM (No Media)
U: is Network (NTFS)
\\.\PHYSICALDRIVE0 - ST980811AS - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installierbares Dateisystem - 74.52 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: Trend Micro Client-Server Security Agent Firewall v7.6.1143 (TrendFirewall)
DisabledFW: FortiClient Personal Firewall v3.0.457.0 (Fortinet Inc.)
DisabledAV: Trend Micro Client/Server Security Agent Virenschutz v7.6.1143 (TrendAntiVirus)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Alcatel_PIMphony\\aocwiz.exe"="C:\\Programme\\Alcatel_PIMphony\\aocwiz.exe:*:enabled:Alcatel PIMphony (aocwiz.exe)"
"C:\\Programme\\Alcatel_PIMphony\\aoconfig.exe"="C:\\Programme\\Alcatel_PIMphony\\aoconfig.exe:*:enabled:Alcatel PIMphony (aoconfig.exe)"
"C:\\Programme\\Alcatel_PIMphony\\uaproc.exe"="C:\\Programme\\Alcatel_PIMphony\\uaproc.exe:*:enabled:Alcatel PIMphony (uaproc.exe)"
"%windir%\\system32\\abers.exe"="%windir%\\system32\\abers.exe:*:enabled:Alcatel PIMphony (abers.exe)"
"C:\\Programme\\Alcatel_PIMphony\\appdiag\\appdiag.exe"="C:\\Programme\\Alcatel_PIMphony\\appdiag\\appdiag.exe:*:enabled:Alcatel PIMphony (appdiag.exe)"
"C:\\Programme\\Alcatel_PIMphony\\aocphone.exe"="C:\\Programme\\Alcatel_PIMphony\\aocphone.exe:*:enabled:Alcatel PIMphony (aocphone.exe)"
"C:\\Programme\\Bonjour\\mDNSResponder.exe"="C:\\Programme\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programme\\Fortinet\\FortiClient\\FortiProxy.exe"="C:\\Programme\\Fortinet\\FortiClient\\FortiProxy.exe:*:Enabled:FortiProxy"
"C:\\Programme\\Fortinet\\FortiClient\\FCMgr.exe"="C:\\Programme\\Fortinet\\FortiClient\\FCMgr.exe:*:Enabled:FortiClientManager"
"C:\\Programme\\Fortinet\\FortiClient\\ipsec.exe"="C:\\Programme\\Fortinet\\FortiClient\\ipsec.exe:*:Enabled:FortiClient VPN Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Alcatel_PIMphony\\aocwiz.exe"="C:\\Programme\\Alcatel_PIMphony\\aocwiz.exe:*:enabled:Alcatel PIMphony (aocwiz.exe)"
"C:\\Programme\\Alcatel_PIMphony\\uaproc.exe"="C:\\Programme\\Alcatel_PIMphony\\uaproc.exe:*:enabled:Alcatel PIMphony (uaproc.exe)"
"%windir%\\system32\\abers.exe"="%windir%\\system32\\abers.exe:*:enabled:Alcatel PIMphony (abers.exe)"
"C:\\Programme\\Alcatel_PIMphony\\appdiag\\appdiag.exe"="C:\\Programme\\Alcatel_PIMphony\\appdiag\\appdiag.exe:*:enabled:Alcatel PIMphony (appdiag.exe)"
"C:\\Programme\\Alcatel_PIMphony\\aocphone.exe"="C:\\Programme\\Alcatel_PIMphony\\aocphone.exe:*:enabled:Alcatel PIMphony (aocphone.exe)"
"C:\\Programme\\CSOnlineView3\\ovwrpt3.exe"="C:\\Programme\\CSOnlineView3\\ovwrpt3.exe:*:Enabled:CS OnlineView Reporter"
"C:\\Programme\\CSOnlineView3\\ovwinetd.exe"="C:\\Programme\\CSOnlineView3\\ovwinetd.exe:*:Enabled:TCP-IP Druckserver für Windows"
"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe"="C:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Programme\\Fortinet\\FortiClient\\ipsec.exe"="C:\\Programme\\Fortinet\\FortiClient\\ipsec.exe:*:Enabled:FortiClient VPN Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\m.jones\Anwendungsdaten
CLASSPATH=.;C:\Programme\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=NBMARKTENTWKLG
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=U:
HOMEPATH=\
HOMESHARE=\\fserver01\userhome$\m.jones
LOGONSERVER=\\FSERVER01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programme\QuickTime\QTSystem;C:\Programme\Gemeinsame Dateien\GIS\Tools;C:\Programme\Gemeinsame Dateien\Autodesk Shared;C:\Programme\Gemeinsame Dateien\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\M472D~1.JON\LOKALE~1\Temp
TMP=C:\DOKUME~1\M472D~1.JON\LOKALE~1\Temp
USERDNSDOMAIN=DREXEL-WEISS.LOCAL
USERDOMAIN=DREXEL-WEISS
USERNAME=m.jones
USERPROFILE=C:\Dokumente und Einstellungen\m.jones
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
c.drexel
(new local, net ready)m.jones
(admin)Administrator.DREXEL-WEISS
(admin)Christof Drexel
(admin) (new local)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /X{09959E11-AD5D-408E-96AF-E3346954D6B8}
--> MsiExec.exe /X{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee --> C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG
ACT! --> C:\WINDOWS\IsUninstAct.exe -f"C:\Programme\ACT\Uninst6.isu" -c"C:\Programme\ACT\UNINSTAL.DLL"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agere Systems HDA Modem --> agrsmdel
Alcatel PIMphony 6.2.1620 --> MsiExec.exe /I{831ADA8C-C73B-4915-AF8D-83D22BD58AA8}
Alcatel TAPI Server 6.2.1620 --> MsiExec.exe /X{E2A165F5-936F-4C05-A1EE-0D1A62851110}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
ClearView --> MsiExec.exe /I{5C6B94E5-01FB-4BED-A285-0E82CEE27627}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CS OnlineView 3 --> C:\WINDOWS\unin0407.exe -fC:\Programme\CSOnlineView3\DeIsL1.isu -cC:\Programme\CSOnlineView3\_ISREG32.DLL
Ernst Englisch 08.2002 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2508D980-B59F-11D6-8333-00C04F43E392}\setup.exe" -uninst
FortiClient --> MsiExec.exe /I{C2FAE67B-9C91-4C88-91C6-37E4D5F50FE9}
FreePDF XP (Remove only) --> C:\Programme\FreePDF_XP\fpsetup.exe /r
Fujitsu Hotkey Utility --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{792FBB04-5C13-47A1-9CD5-369A52BD47AA}\setup.exe"
Fujitsu System Extension Utility --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{12FDAA4D-A9DF-4057-A420-A056E36B4610}\setup.exe"
GPL Ghostscript 8.60 --> C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.60\uninstal.txt"
GPL Ghostscript Fonts --> C:\Programme\gs\uninstgs.exe "C:\Programme\gs\fonts\uninstal.txt"
HijackThis 2.0.2 --> "C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB921337) --> "C:\WINDOWS\$NtUninstallKB921337$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB923232) --> "C:\WINDOWS\$NtUninstallKB923232$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel Matrix Storage Manager --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Setup.exe" -l0407 -INTELUNINST
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lifebook Application Panel --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{271274D2-92C6-4EEC-A0AD-9DA5272AD5C9}\setup.exe"
Marco Polo Mobile Navigator 2 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5F65ECEE-EB1D-4C85-8D8C-9C7CE2DBB1D6}\SETUP.EXE" -uninst
Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUN0407.EXE" -f"C:\Programme\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Programme\Microsoft ActiveSync\ceuninst.dll"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft WSE 2.0 SP3 Runtime --> MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Mozilla Firefox (2.0.0.12) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe
MyPhoneExplorer --> C:\Programme\MyPhoneExplorer\uninstall.exe
Nero OEM --> C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroMediaPlayer --> C:\WINDOWS\UNNMP.exe /UNINSTALL
NeroVision Express --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Power Saving Utility --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{79821CAD-999C-443D-B420-96F914C84E27}
PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
RedMon - Redirection Port Monitor --> C:\WINDOWS\system32\unredmon.exe
Sicherheitsupdate für Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) -->
Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344) -->
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918899) -->
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496) -->
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trend Micro Client/Server Security Agent --> "C:\Programme\Trend Micro\OfficeScan Client\ntrmv.exe"
UltimateZip 2.7 --> "C:\Programme\UltimateZip 2.7\unins000.exe"
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update für Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update für Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update für Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update für Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update für Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update für Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update für Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
USB2.0 PC Camera (SN9C201&202) --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\Setup.exe" -l0x9
Volo View Express --> MsiExec.exe /I{1ECD6EC8-7BB2-4CD5-A384-BAA371BC4D21}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type93 / Error
Event Submitted/Written: 04/14/2008 05:17:54 PM
Event ID/Source: 1030 / Userenv
Event Description:
Die Abfrage der Liste der Gruppenrichtlinienobjekte ist fehlgeschlagen. Bisher wurde eine Fehlermeldung dieser Art im Richtlinienmodul protokolliert.
Event Record #/Type92 / Error
Event Submitted/Written: 04/14/2008 04:09:31 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.8169.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Event Record #/Type91 / Error
Event Submitted/Written: 04/14/2008 03:28:51 PM
Event ID/Source: 1030 / Userenv
Event Description:
Die Abfrage der Liste der Gruppenrichtlinienobjekte ist fehlgeschlagen. Bisher wurde eine Fehlermeldung dieser Art im Richtlinienmodul protokolliert.
Event Record #/Type87 / Error
Event Submitted/Written: 04/14/2008 03:22:03 PM
Event ID/Source: 1054 / Userenv
Event Description:
Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
Event Record #/Type86 / Error
Event Submitted/Written: 04/14/2008 03:21:15 PM
Event ID/Source: 1101 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: Act.Data, Version=9.0.557.0, Culture=neutral, PublicKeyToken=ebf6b2ff4d0a08aa, processorArchitecture=MSIL . Error code = 0x80070002
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type361 / Warning
Event Submitted/Written: 04/14/2008 05:17:54 PM
Event ID/Source: 8193 / LSASRV
Event Description:
Das Sicherheitssystem konnte keine sichere Verbindung mit dem Server ldap/fserver01.drexel-weiss.local/
[email protected] herstellen. Es war kein Authentifizierungsprotokoll verfügbar.
Event Record #/Type348 / Warning
Event Submitted/Written: 04/14/2008 03:28:51 PM
Event ID/Source: 8193 / LSASRV
Event Description:
Das Sicherheitssystem konnte keine sichere Verbindung mit dem Server ldap/fserver01.drexel-weiss.local/
[email protected] herstellen. Es war kein Authentifizierungsprotokoll verfügbar.
Event Record #/Type344 / Warning
Event Submitted/Written: 04/14/2008 03:28:19 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 00174242BF08 zugeteilt wurde, nicht erneuern. Der
folgende Fehler ist aufgetreten:
%%1223.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zu erhalten.
Event Record #/Type296 / Error
Event Submitted/Written: 04/14/2008 03:13:52 PM
Event ID/Source: 5719 / NETLOGON
Event Description:
Es steht kein Domänencontroller für die Domäne DREXEL-WEISS aus folgendem Grund zur
Verfügung:
%%1311.
Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist, und
versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht.
Event Record #/Type295 / Warning
Event Submitted/Written: 04/14/2008 03:13:47 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 00174242BF08 zugeteilt wurde, nicht erneuern. Der
folgende Fehler ist aufgetreten:
%%1223.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zu erhalten.
-- End of Deckard's System Scanner: finished at 2008-04-14 17:24:19 ------------
so, I hope all this makes sense! Look forward to hearing from you redhat.
regards
englischdude