Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner W32/Kates.G

Trojaner W32/Kates.G


Log-Analyse und Auswertung: Trojaner W32/Kates.G

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 07.12.2009, 07:50   #1
ThxGodIsFri
 
Trojaner W32/Kates.G - Standard

Trojaner W32/Kates.G


log.txt
Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by ***** at 2009-12-07 07:13:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (38%) free of 153 GB
Total RAM: 2046 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:13:19, on 07.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programme\Norman\Npm\Bin\Elogsvc.exe
C:\Programme\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Norman\Npm\Bin\Zanda.exe
C:\Programme\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Programme\Norman\Npm\Bin\scheduler.exe
C:\Programme\Norman\Npm\Bin\Njeeves.exe
C:\Programme\Norman\npc\bin\npcsvc32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Norman\Nse\Bin\NSESVC.EXE
C:\Programme\Norman\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Norman\Nvc\Bin\nvcoas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Norman\npf\bin\npfuser.exe
C:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Norman\Nvc\Bin\Nip.exe
C:\Programme\Norman\Nvc\Bin\cclaw.exe
C:\Programme\Norman\Npm\Bin\Nbrowser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Thunderbird_****\Thunderbird\thunderbird.exe
C:\Dokumente und Einstellungen\*****\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\trend micro\*****.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Programme\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Programme\Core Services\DebugBar\DebugToolBar.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programme\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programme\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programme\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programme\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programme\norman\npc\bin\nlf.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202312393652
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - h**p://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: winmm.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: B-Service - Unknown owner - C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mikogo\B-Service.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Programme\CVSNT\cvslock.exe
O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Programme\CVSNT\cvsservice.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programme\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norman NJeeves - Norman ASA - C:\Programme\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Programme\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programme\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programme\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programme\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programme\Norman\Nse\Bin\NSESVC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programme\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programme\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Programme\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Programme\Norman\Npm\Bin\scheduler.exe
O23 - Service: StarMoney 7.0 OnlineUpdate - Star Finanz - Software Entwicklung und Vertriebs GmbH - C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 11177 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\SyncBack its_Passwörter sichern.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69FC0024-10EB-480A-BBF2-3BF4E78E17B1}]
DebugBar BHO - C:\Programme\Core Services\DebugBar\DebugInfoBar.dll [2009-03-23 1083392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{3E1201F4-1707-409F-BB45-A5F192381DA0} - DebugBar - C:\Programme\Core Services\DebugBar\DebugToolBar.dll [2009-03-23 742400]
{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2006-06-16 794713]
"FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2007-06-26 312320]
""= []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-22 8433664]
"Keyboard Manager Utility"=C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe [2007-08-02 4128768]
"nwiz"=nwiz.exe /install []
"SMSERIAL"=C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Norman ZANDA"=C:\Programme\Norman\Npm\Bin\ZLH.EXE [2009-10-07 189824]
"NPCTray"=C:\Programme\Norman\npc\bin\npc_tray.exe [2009-10-07 128328]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="winmm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
setuid

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Apps\2.0\MMBEGP27.Q2G\5Y0XAWDH.EYK\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe"="C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Apps\2.0\MMBEGP27.Q2G\5Y0XAWDH.EYK\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss"
"C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe"="C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe:*:Enabled:StarMoney 7.0 OnlineUpdate"
"C:\Programme\StarMoney 7.0\app\StarMoney.exe"="C:\Programme\StarMoney 7.0\app\StarMoney.exe:*:Enabled:StarMoney 7.0"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ef678a6-2f28-11de-a54b-005056c00001}]
shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ef678a7-2f28-11de-a54b-005056c00001}]
shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9cbf873-b707-11de-a59b-001b24f97b08}]
shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfb98f20-7418-11dd-a415-000df049cf64}]
shell\AutoRun\command - E:\starter.exe


======File associations======

.js - open - "C:\Programme\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.txt - open - "%WinDir%\NOTEPAD.EXE" %1

======List of files/folders created in the last 1 months======

2009-12-06 23:23:27 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-06 23:22:32 ----D---- C:\WINDOWS\LastGood
2009-12-06 23:21:01 ----D---- C:\WINDOWS\Prefetch
2009-12-06 23:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-06 23:15:53 ----D---- C:\WINDOWS\LastGood.Tmp
2009-12-06 23:13:58 ----A---- C:\WINDOWS\setuplog.txt
2009-12-06 23:12:45 ----D---- C:\WINDOWS\l2schemas
2009-12-06 23:12:44 ----D---- C:\WINDOWS\system32\de
2009-12-06 23:12:44 ----D---- C:\WINDOWS\system32\bits
2009-12-06 23:02:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-06 20:48:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-06 14:11:20 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-12-06 12:44:19 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-12-06 12:44:10 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-12-06 12:44:10 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-12-06 12:43:50 ----N---- C:\WINDOWS\system32\setupn.exe
2009-12-06 12:43:47 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-12-06 12:43:46 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-12-06 12:43:45 ----N---- C:\WINDOWS\system32\qutil.dll
2009-12-06 12:43:44 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-12-06 12:43:44 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-12-06 12:43:44 ----N---- C:\WINDOWS\system32\qagent.dll
2009-12-06 12:43:40 ----N---- C:\WINDOWS\system32\onex.dll
2009-12-06 12:43:30 ----N---- C:\WINDOWS\system32\napstat.exe
2009-12-06 12:43:30 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-12-06 12:43:30 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-12-06 12:43:29 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-12-06 12:43:29 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-12-06 12:43:27 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-12-06 12:43:27 ----N---- C:\WINDOWS\system32\mssha.dll
2009-12-06 12:43:14 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-12-06 12:43:14 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-12-06 12:43:14 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-12-06 12:43:14 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-12-06 12:43:04 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-12-06 12:43:03 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-12-06 12:43:03 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-12-06 12:43:03 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-12-06 12:43:03 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-12-06 12:43:03 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-12-06 12:42:50 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-12-06 12:42:44 ----A---- C:\WINDOWS\002934_.tmp
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-12-06 12:42:41 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-12-06 12:42:40 ----N---- C:\WINDOWS\system32\credssp.dll
2009-12-06 12:42:37 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-12-06 12:42:37 ----N---- C:\WINDOWS\system32\azroles.dll
2009-12-06 12:42:35 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-12-04 22:38:44 ----D---- C:\Programme\trend micro
2009-12-04 22:38:43 ----D---- C:\rsit
2009-12-04 22:15:44 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\swsc.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\swreg.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\Process.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-12-04 17:32:56 ----A---- C:\WINDOWS\system32\tmp.txt
2009-12-04 17:32:28 ----A---- C:\rapport.txt
2009-12-04 16:59:42 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Malwarebytes
2009-12-04 16:59:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-12-04 16:57:29 ----D---- C:\Programme\hijackthis
2009-12-04 16:44:18 ----D---- C:\Programme\Spybot - Search & Destroy
2009-12-04 16:44:18 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-12-04 16:21:39 ----D---- C:\Programme\CCleaner
2009-12-04 15:46:33 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-12-04 15:46:33 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-12-04 15:46:33 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-12-04 15:46:07 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-12-04 15:46:06 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-12-04 15:46:06 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-12-04 15:46:06 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-12-04 15:46:06 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-12-04 15:46:05 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-12-04 15:46:05 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-12-04 15:46:05 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-12-04 15:46:05 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-12-04 15:46:03 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-12-04 15:46:03 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-12-04 15:46:03 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-12-04 15:46:03 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-12-04 15:46:02 ----N---- C:\WINDOWS\system32\slserv.exe
2009-12-04 15:46:02 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-12-04 15:46:02 ----N---- C:\WINDOWS\system32\slgen.dll
2009-12-04 15:46:02 ----N---- C:\WINDOWS\slrundll.exe
2009-12-04 15:45:08 ----A---- C:\WINDOWS\000001_.tmp
2009-12-04 14:52:45 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-04 14:05:04 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-04 14:05:04 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-04 14:04:52 ----RA---- C:\WINDOWS\SET121.tmp
2009-12-04 14:04:44 ----RA---- C:\WINDOWS\SETE6.tmp
2009-12-04 14:04:41 ----RA---- C:\WINDOWS\SETDA.tmp
2009-12-04 14:04:39 ----RA---- C:\WINDOWS\SETD4.tmp
2009-12-04 11:59:26 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-04 11:59:26 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-04 11:59:26 ----A---- C:\WINDOWS\system32\java.exe
2009-12-04 11:11:44 ----RA---- C:\WINDOWS\SETD9.tmp
2009-12-04 11:11:40 ----RA---- C:\WINDOWS\SETCD.tmp
2009-12-04 11:11:38 ----RA---- C:\WINDOWS\SETCA.tmp
2009-12-04 06:12:53 ----RA---- C:\WINDOWS\SETD8.tmp
2009-12-04 06:12:48 ----RA---- C:\WINDOWS\SETCC.tmp
2009-12-04 06:12:46 ----RA---- C:\WINDOWS\SETC9.tmp
2009-12-03 19:39:49 ----RA---- C:\WINDOWS\SETD7.tmp
2009-12-03 19:39:45 ----RA---- C:\WINDOWS\SETCB.tmp
2009-12-03 19:39:43 ----RA---- C:\WINDOWS\SETC8.tmp
2009-12-03 17:54:35 ----RA---- C:\WINDOWS\SET151.tmp
2009-12-03 17:54:31 ----RA---- C:\WINDOWS\SET145.tmp
2009-12-03 17:54:29 ----RA---- C:\WINDOWS\SET142.tmp
2009-12-03 16:49:22 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
2009-12-03 11:32:11 ----SHD---- C:\WINDOWS\CSC
2009-11-25 10:11:23 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Trillian
2009-11-25 10:10:52 ----D---- C:\Programme\Trillian
2009-11-23 18:47:20 ----SHD---- C:\Config.Msi
2009-11-23 08:28:06 ----D---- C:\Programme\PCSuitev2.2.0.181
2009-11-20 12:24:36 ----SHD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\System Restore
2009-11-10 12:52:36 ----D---- C:\Programme\Microsoft Visual Studio 8
2009-11-10 12:52:35 ----D---- C:\Programme\Microsoft
2009-11-10 07:52:56 ----HD---- C:\WINDOWS\PIF

======List of files/folders modified in the last 1 months======

2009-12-07 07:08:50 ----D---- C:\Programme\Mozilla Firefox
2009-12-07 07:03:57 ----HD---- C:\WINDOWS\inf
2009-12-07 07:03:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-07 07:03:47 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-07 07:03:47 ----D---- C:\WINDOWS
2009-12-07 06:44:03 ----D---- C:\WINDOWS\Temp
2009-12-07 00:10:49 ----A---- C:\WINDOWS\wincmd.ini
2009-12-06 23:25:34 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-06 23:23:55 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\nView_Wallpaper
2009-12-06 23:22:39 ----D---- C:\WINDOWS\system32
2009-12-06 23:22:13 ----D---- C:\WINDOWS\Debug
2009-12-06 23:20:56 ----D---- C:\Programme\Norman
2009-12-06 23:20:33 ----D---- C:\WINDOWS\system32\Setup
2009-12-06 23:20:33 ----D---- C:\WINDOWS\AppPatch
2009-12-06 23:20:32 ----RSD---- C:\WINDOWS\Fonts
2009-12-06 23:20:32 ----D---- C:\WINDOWS\system32\wbem
2009-12-06 23:20:30 ----D---- C:\WINDOWS\system32\drivers
2009-12-06 23:18:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-06 23:14:41 ----D---- C:\WINDOWS\security
2009-12-06 23:13:07 ----D---- C:\WINDOWS\WinSxS
2009-12-06 23:13:02 ----D---- C:\Programme\Messenger
2009-12-06 23:12:59 ----D---- C:\WINDOWS\ehome
2009-12-06 23:12:58 ----D---- C:\WINDOWS\system32\inetsrv
2009-12-06 23:12:58 ----D---- C:\WINDOWS\network diagnostic
2009-12-06 23:12:58 ----D---- C:\WINDOWS\ime
2009-12-06 23:12:58 ----D---- C:\WINDOWS\Help
2009-12-06 23:12:46 ----D---- C:\WINDOWS\system32\usmt
2009-12-06 23:12:46 ----D---- C:\WINDOWS\system32\de-DE
2009-12-06 23:12:45 ----D---- C:\Programme\Internet Explorer
2009-12-06 23:12:44 ----SHD---- C:\WINDOWS\Installer
2009-12-06 23:12:44 ----D---- C:\WINDOWS\PeerNet
2009-12-06 23:12:43 ----D---- C:\Programme\Movie Maker
2009-12-06 23:10:03 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-06 23:09:48 ----D---- C:\WINDOWS\system32\Restore
2009-12-06 23:09:48 ----D---- C:\WINDOWS\system32\npp
2009-12-06 23:09:47 ----D---- C:\WINDOWS\msagent
2009-12-06 23:09:45 ----D---- C:\WINDOWS\srchasst
2009-12-06 23:09:45 ----D---- C:\Programme\NetMeeting
2009-12-06 23:09:43 ----D---- C:\WINDOWS\system32\Com
2009-12-06 23:09:41 ----D---- C:\Programme\Windows Media Player
2009-12-06 23:09:40 ----D---- C:\Programme\Windows NT
2009-12-06 23:09:40 ----D---- C:\Programme\Outlook Express
2009-12-06 23:09:36 ----D---- C:\Programme\Gemeinsame Dateien\System
2009-12-06 23:09:18 ----D---- C:\WINDOWS\system32\oobe
2009-12-06 23:09:16 ----D---- C:\WINDOWS\system
2009-12-06 23:05:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-06 20:58:45 ----D---- C:\WINDOWS\ie8updates
2009-12-06 20:55:33 ----HDC---- C:\WINDOWS\ie8
2009-12-06 20:53:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-06 19:52:58 ----D---- C:\Programme\Mozilla Thunderbird
2009-12-06 19:20:27 ----D---- C:\tmp
2009-12-06 14:11:20 ----RD---- C:\Programme
2009-12-06 14:07:03 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-12-06 14:07:01 ----SD---- C:\WINDOWS\Tasks
2009-12-06 13:54:25 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-12-06 13:54:25 ----D---- C:\Programme\FRITZ!Fernzugang
2009-12-06 13:54:25 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVM
2009-12-04 19:28:32 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-04 16:45:28 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-04 16:45:25 ----D---- C:\WINDOWS\Minidump
2009-12-04 15:47:13 ----RASH---- C:\boot.ini
2009-12-04 15:16:04 ----D---- C:\WINDOWS\Registration
2009-12-04 15:14:44 ----SHD---- C:\System Volume Information
2009-12-04 15:01:13 ----D---- C:\WINDOWS\system32\config
2009-12-04 15:01:01 ----D---- C:\WINDOWS\system32\1031
2009-12-04 15:00:57 ----D---- C:\WINDOWS\Media
2009-12-04 14:57:04 ----D---- C:\WINDOWS\twain_32
2009-12-04 14:56:18 ----D---- C:\WINDOWS\system32\icsxml
2009-12-04 14:55:40 ----D---- C:\WINDOWS\system32\ias
2009-12-04 14:55:34 ----D---- C:\WINDOWS\system32\1033
2009-12-04 14:54:23 ----AC---- C:\WINDOWS\ODBCINST.INI
2009-12-04 14:54:18 ----D---- C:\WINDOWS\Driver Cache
2009-12-04 14:52:49 ----RD---- C:\WINDOWS\Web
2009-12-04 14:52:37 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-04 14:52:20 ----A---- C:\WINDOWS\win.ini
2009-12-04 14:05:12 ----A---- C:\WINDOWS\system.ini
2009-12-04 14:04:53 ----ASH---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
2009-12-04 13:15:14 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\FileZilla
2009-12-04 12:32:23 ----D---- C:\Programme\eclipse_3_5_0
2009-12-04 12:06:17 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-04 12:06:16 ----RSD---- C:\WINDOWS\assembly
2009-12-04 11:59:12 ----D---- C:\Programme\Java
2009-12-03 17:23:56 ----D---- C:\Programme\Gemeinsame Dateien
2009-12-03 17:16:07 ----D---- C:\Programme\Microsoft Office
2009-12-03 17:16:07 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-12-03 17:15:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-12-03 17:08:38 ----AC---- C:\WINDOWS\vbaddin.ini
2009-12-03 17:07:20 ----AC---- C:\WINDOWS\ODBC.INI
2009-12-03 16:37:03 ----D---- C:\WINDOWS\SxsCaPendDel
2009-12-03 16:33:02 ----D---- C:\Programme\Bonjour
2009-12-03 16:30:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-03 16:30:13 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2009-12-03 16:18:54 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\phonostar-Player
2009-12-03 12:49:53 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Skype
2009-12-03 10:25:53 ----A---- C:\WINDOWS\system32\results.txt
2009-12-03 10:25:41 ----A---- C:\WINDOWS\system32\AegisI5Installer.exe
2009-12-03 10:08:54 ----D---- C:\Programme\TuneUp Utilities 2008
2009-12-02 18:55:05 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\skypePM
2009-11-30 19:04:30 ----D---- C:\Programme\StarMoney 7.0
2009-11-27 18:20:39 ----D---- C:\projects
2009-11-16 20:07:52 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-11-13 20:57:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
2009-11-13 11:43:57 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla
2009-11-10 12:52:34 ----D---- C:\Programme\Common Files
2009-11-10 12:13:36 ----D---- C:\Programme\IMAPSize

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2007-02-06 16512]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 NGS;Norman General Security Driver; \??\c:\programme\norman\ngs\bin\ngs.sys []
R1 NPROSEC;Norman Security driver; \??\C:\Programme\Norman\Ngs\Bin\nprosec.sys []
R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver]; \??\C:\WINDOWS\system32\drivers\Sleen16.sys []
R1 TDI_RD;Norman Firewall TDI driver; \??\C:\WINDOWS\system32\drivers\TDI_RD.SYS []
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-10-29 12032]
R2 Ndiskio;Ndiskio; \??\C:\Programme\Norman\Nse\Bin\NDISKIO.SYS []
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avmaura;AVM USB-Fernanschluss; C:\WINDOWS\system32\DRIVERS\avmaura.sys [2009-09-21 101248]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-10-29 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-22 6346688]
R3 NvcMFlt;NvcMFlt; C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2009-10-08 21832]
R3 qkbfiltr;Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\qkbfiltr.sys [2007-02-01 33792]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2007-10-29 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-16 193120]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-24 47104]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-03-13 255232]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-14 273920]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-11-05 101120]
S3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETw4x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-02-24 2203520]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-10-15 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-10-15 99200]
S3 play1.bat;play1.bat; \??\C:\WINDOWS\system32\drivers\play1.bat.sys []
S3 play1;play1; \??\C:\WINDOWS\system32\drivers\play1.sys []
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StillCam;Treiber für serielle Digitalkamera; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-18 7040]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-11-22 108800]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-09-15 36480]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2005-12-01 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-11-11 52864]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2005-11-15 36736]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2009-04-09 104960]
S3 ZTEusbnet;ZTE USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2009-04-09 105344]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2009-04-09 104960]
S3 ZTEusbvoice;ZTE VoUSB Port; C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Programme\Norman\Npm\Bin\Elogsvc.exe [2009-10-07 152904]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Programme\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 Norman ZANDA;Norman ZANDA; C:\Programme\Norman\Npm\Bin\Zanda.exe [2009-10-07 411016]
R2 NPFSvc32;Norman Personal Firewall Service; C:\Programme\Norman\npf\bin\npfsvc32.exe [2009-10-07 599424]
R2 NPROSECSVC;Norman Security service; C:\Programme\Norman\Ngs\Bin\Nprosec.exe [2009-10-07 124232]
R2 NVOY;Norman Resource Provider; C:\Programme\Norman\npm\bin\nvoy.exe [2009-10-07 128328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-22 163908]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate; C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2009-09-11 528904]
R2 VMCService;Vodafone Mobile Connect Service; C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
R3 Norman NJeeves;Norman NJeeves; C:\Programme\Norman\Npm\Bin\Njeeves.exe [2009-10-07 276712]
R3 NPC;Norman Parental Control; C:\Programme\Norman\npc\bin\npcsvc32.exe [2009-10-07 419200]
R3 nsesvc;Norman Scanner Engine Service; C:\Programme\Norman\Nse\Bin\NSESVC.EXE [2009-10-09 320840]
R3 NUAA;Norman User Activity Agent; C:\Programme\Norman\npc\bin\nuaa.exe [2009-10-07 124232]
R3 nvcoas;Norman Virus Control on-access component; C:\Programme\Norman\Nvc\Bin\nvcoas.exe [2009-10-07 197960]
R3 Scheduler;Norman Scheduler Service; C:\Programme\Norman\Npm\Bin\scheduler.exe [2009-10-07 132424]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-22 69632]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 B-Service;B-Service; C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mikogo\B-Service.exe [2009-10-06 185640]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 cvslock;CVSNT Locking Service 2.5.03.2382; C:\Programme\CVSNT\cvslock.exe [2006-07-05 58368]
S3 cvsnt;CVSNT Dispatch service 2.5.03.2382; C:\Programme\CVSNT\cvsservice.exe [2006-07-05 37888]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe []
S3 UMWdf;Windows-Benutzermodus-Treiberframework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
info.txt
Code:
ATTFilter
info.txt logfile of random's system information tool 1.06 2009-12-04 22:41:46

======Uninstall list======

-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Programme\7-Zip\Uninstall.exe"
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\67a7fb1e97aa14ee9ef0950eb6fd757\Setup.exe
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{DA896917-C1DA-45B2-B4D2-68162F16C0DD}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{C8D7A672-F697-4572-AC62-C856053A8DBC}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{411E0CC3-587A-468C-B461-95FAFD05E4DE}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}
Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{DFFDDCF5-CB32-4354-8823-1B9E68025953}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Manager Deluxe 4.1-->C:\WINDOWS\uninst.exe -f"C:\Programme\Adobe Type Manager\DeIsL1.isu" -c"C:\Programme\Adobe Type Manager\UNINST.DLL"
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AVM FRITZ!Fernzugang-->MsiExec.exe /X{37C19C2D-9BB3-4CB0-A83C-26213C73C0BD}
Bluetooth Stack for Windows-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Canon MP Navigator EX 2.0-->"C:\Programme\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Programme\Canon\MP Navigator EX 2.0\uninst.ini
Canon MP630 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series /L0x0007
Canon Utilities My Printer-->C:\Programme\Canon\MyPrinter\uninst.exe uninst.ini
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CD-LabelPrint-->"C:\Programme\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CVSNT 2.5.03.2382-->MsiExec.exe /I{7C480BB2-42A9-40C6-AA5F-7AA20FC7C7F3}
DebugBar v5.2.2 for Internet Explorer (remove only)-->"C:\Programme\Core Services\DebugBar\uninstall.exe"
eDocPrintPro-->C:\PROGRA~1\GEMEIN~1\MAYCOM~1\EDOCPR~1\UNWISE.EXE C:\PROGRA~1\GEMEIN~1\MAYCOM~1\EDOCPR~1\INSTALL.LOG
Fast Image-Map 2-->C:\WINDOWS\unin0407.exe -f"C:\Programme\CL-Soft\Fast Image-Map 2\DeIsL1.isu"  -c"C:\Programme\CL-Soft\Fast Image-Map 2\_ISREG32.DLL"
FileZilla Client 3.2.8.1-->C:\Programme\FileZilla FTP Client\uninstall.exe
FreePDF XP (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
GPL Ghostscript 8.62-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.62\uninstal.txt"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IETester v0.3.2 (remove only)-->"C:\Programme\Core Services\IETester\uninstall.exe"
IMAPSize 0.3.6-->C:\Programme\IMAPSize\unins000.exe
Inkjet Printer/Scanner Extended Survey Program-->C:\Programme\Canon\IJPLM\SETUP.EXE -R
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
KeePass Password Safe 2.08-->"C:\Programme\KeePass Password Safe\unins001.exe"
Keyboard Manager Utility-->C:\Programme\InstallShield Installation Information\{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}\setup.exe -runfromtemp -l0x0407
Last.fm 1.5.4.24567-->"C:\Programme\Last.fm\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 German Language Pack-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 German Language Pack\setup.exe
Microsoft .NET Framework 3.0 German Language Pack-->MsiExec.exe /X{F2A7F421-1679-48D5-B918-96999014ED53}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mikogo-->C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mikogo\remover.exe
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (2.0.0.20)-->c:\Programme\Mozilla_Portable_Firefox_2.0.0.20\Firefox\uninstall\helper.exe
Mozilla Firefox (3.5.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
Nero 9-->C:\Programme\Gemeinsame Dateien\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="9M03-019X-5C1W-6UX2-6670-KA4K-091T-7M9U"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norman Security Suite-->MsiExec.exe /X{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}
Outlook 2007 HTML and CSS Validator-->MsiExec.exe /I{59152D0E-DDFE-4769-A746-776457091048}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
phonostar-Player Version 3.01.2-->"C:\Programme\phonostar-Player\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
PSPad editor-->"C:\Programme\PSPad editor\Uninst\unins000.exe"
Quest Software Toad for MySQL Freeware 4.1-->MsiExec.exe /X{D58340FF-57D2-4AF3-81DB-073DDD4FAEA9}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
sipgate Faxdrucker-->MsiExec.exe /I{07E78C07-ECEF-4AEF-9581-2C31A5BDA6C0}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
SSHTunnelClient-->"C:\Programme\delight software gmbh\SSHTunnelClient\unins000.exe"
Stampit Home-->MsiExec.exe /X{9FFD7E59-7EA4-4D30-98D3-CFB29936BFB8}
StarMoney 7.0 -->"C:\Programme\InstallShield Installation Information\{73184978-0F46-426B-8A40-6BD18A4697E6}\setup.exe" -runfromtemp -l0x0007 -removeonly
Steganos Safe 2008-->C:\Programme\Steganos Safe 2008\uninstall.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SyncBack-->"C:\Programme\2BrightSparks\SyncBack\unins000.exe"
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Programme\InstallShield Installation Information\{B9C22F96-61F6-4ADA-808A-4A1AE835E75F}\setup.exe -runfromtemp -l0x0407
TortoiseCVS 1.10.7-->"C:\Programme\TortoiseCVS\unins000.exe"
TortoiseSVN 1.6.1.16129 (32 bit)-->MsiExec.exe /X{4DC6EB24-629D-41D7-AB3E-E81872A8F9CC}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Trillian-->C:\Programme\Trillian\Trillian.exe /uninstall
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Turbo Lister 2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548} 
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VideoLAN VLC media player 0.8.6h-->C:\Programme\VideoLAN\VLC\uninstall.exe
Visual C++ 9.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{0138F525-6C8A-333F-A105-14AE030B9A54}
Vodafone Mobile Connect Lite-->MsiExec.exe /X{E3B99F3D-9856-482A-9048-305E28E2510C}
WEB.DE MultiMessenger-->C:\Programme\WEB.DE\WEB.DE MultiMessenger\uninst.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (DEU)-->MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinMerge 2.8.0.0-->"C:\Programme\WinMerge\unins000.exe"
WinSCP 4.1.6-->"C:\Programme\WinSCP\unins000.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
X-PRO 2.0 private build 1082-->C:\Programme\X-PRO\unins000.exe
Zattoo 3.3.0 Beta-->C:\Programme\Zattoo\uninst.exe
ZendGuard-4.0.1-->"C:\Programme\Zend\ZendGuard-4.0.1\Uninstall ZendGuard-4.0.1\Uninstall ZendGuard-4.0.1.exe"

======Security center information======

AV: Norman Security Suite
FW: Norman Security Suite

======System event log======

Computer Name: HM_NOTEBOOK
Event Code: 121
Message: Port A is up with 100 Mbps

Record Number: 5
Source Name: yukonwxp
Time Written: 20091204111453.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 121
Message: Port A is up with 100 Mbps

Record Number: 4
Source Name: yukonwxp
Time Written: 20091204111424.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 121
Message: Port A is up with 100 Mbps

Record Number: 3
Source Name: yukonwxp
Time Written: 20091204111038.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 2
Source Name: EventLog
Time Written: 20091204111033.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20091204111033.000000+060
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: HM_NOTEBOOK
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst TermService (Terminaldienste) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.

Record Number: 5
Source Name: LoadPerf
Time Written: 20091204112504.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst TermService (Terminaldienste) wurden entfernt. Die Daten
enthalten die neuen Werte der Registrierungseinträge Last Counter
und Last Help.

Record Number: 4
Source Name: LoadPerf
Time Written: 20091204112503.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 1002
Message: Die Leistungsindikatoren für den Dienst RSVP (QoS-RSVP) befinden sich bereits in der
Registrierung. Neuinstallation nicht erforderlich.

Record Number: 3
Source Name: LoadPerf
Time Written: 20091204112022.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 1002
Message: Die Leistungsindikatoren für den Dienst PSched (QoS-Paketplaner) befinden sich bereits in der
Registrierung. Neuinstallation nicht erforderlich.

Record Number: 2
Source Name: LoadPerf
Time Written: 20091204112009.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 1002
Message: Die Leistungsindikatoren für den Dienst RemoteAccess (Routing und RAS) befinden sich bereits in der
Registrierung. Neuinstallation nicht erforderlich.

Record Number: 1
Source Name: LoadPerf
Time Written: 20091204111952.000000+060
Event Type: Informationen
User: 

======Environment variables======

"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NpmLib"=C:\Programme\Norman\Npm\Bin
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programme\Business Objects\Common\3.5\bin\NOTES\;C:\Programme\Business Objects\Common\3.5\bin\NOTES\DATA\;C:\Programme\Mozilla Firefox;C:\Programme\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\Norman\Npm\Bin;C:\Programme\Gemeinsame Dateien\Ahead\Lib\;C:\Programme\Gemeinsame Dateien\Teleca Shared;%NpmLib%;C:\Programme\WinSCP\;C:\Programme\TortoiseSVN\bin;C:\Programme\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip
"SVN_SSH"=c:\\Programme\\TortoiseSVN\\bin\\TortoisePlink.exe
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

Antwort

Themen zu Trojaner W32/Kates.G
1.exe, 32 bit, adobe, bho, bonjour, canon, central, components, desktop, einstellungen, firefox, flash player, fontcache, hijack, hijackthis, hkus\s-1-5-18, hotfix.exe, indesign, install.exe, installation, internet, internet explorer, mozilla, msiexec.exe, norman, notepad.exe, pdf-datei, photoshop, plug-in, realtek, registry, rundll, security, security update, skype.exe, software, starmoney, studio, system, trojaner, usbvideo.sys, virus, visual studio, vlc media player, vodafone, windows, windows xp


« Zu Hoher Upload, bitte schaut in mein Logfile | Browser öffnet selbstständig Internetseiten!! »


Ähnliche Themen: Trojaner W32/Kates.G


  1. Virus Win 32: Kates-CX stellt sich nach Beseitigung sofort wieder her!
    Plagegeister aller Art und deren Bekämpfung - 30.09.2010 (23)
  2. Wie entferne ich TR/PSW.Kates.CA.7 Trojaner ?
    Log-Analyse und Auswertung - 22.04.2010 (1)
  3. TR/PSW.Kates.CA.7 - C:\Dokumente und Einstellungen\Alle\Lokale Einstellungen\Temp\...
    Log-Analyse und Auswertung - 16.04.2010 (18)
  4. PSW.Win32.Kates / w32.Daonol entfernen
    Anleitungen, FAQs & Links - 09.02.2010 (2)
  5. Trojaner W32/Kates.G
    Plagegeister aller Art und deren Bekämpfung - 12.12.2009 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner W32/Kates.G - log.txt Code: Alles auswählen Aufklappen ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by ***** at 2009-12-07 07:13:18 Microsoft Windows XP Professional Service Pack 3 System - Trojaner W32/Kates.G...
Archiv
Du betrachtest: Trojaner W32/Kates.G auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19