Trojaner W32/Kates.G

ThxGodIsFri · 07.12.2009, 07:50

log.txt

Code:

ATTFilter

Logfile of random's system information tool 1.06 (written by random/random)
Run by ***** at 2009-12-07 07:13:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (38%) free of 153 GB
Total RAM: 2046 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:13:19, on 07.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programme\Norman\Npm\Bin\Elogsvc.exe
C:\Programme\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Norman\Npm\Bin\Zanda.exe
C:\Programme\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Programme\Norman\Npm\Bin\scheduler.exe
C:\Programme\Norman\Npm\Bin\Njeeves.exe
C:\Programme\Norman\npc\bin\npcsvc32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Norman\Nse\Bin\NSESVC.EXE
C:\Programme\Norman\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Norman\Nvc\Bin\nvcoas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Norman\npf\bin\npfuser.exe
C:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Norman\Nvc\Bin\Nip.exe
C:\Programme\Norman\Nvc\Bin\cclaw.exe
C:\Programme\Norman\Npm\Bin\Nbrowser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Thunderbird_****\Thunderbird\thunderbird.exe
C:\Dokumente und Einstellungen\*****\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\trend micro\*****.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Programme\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Programme\Core Services\DebugBar\DebugToolBar.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programme\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programme\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programme\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programme\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programme\norman\npc\bin\nlf.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202312393652
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - h**p://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: winmm.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: B-Service - Unknown owner - C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mikogo\B-Service.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Programme\CVSNT\cvslock.exe
O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Programme\CVSNT\cvsservice.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programme\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norman NJeeves - Norman ASA - C:\Programme\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Programme\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programme\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programme\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programme\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programme\Norman\Nse\Bin\NSESVC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programme\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programme\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Programme\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Programme\Norman\Npm\Bin\scheduler.exe
O23 - Service: StarMoney 7.0 OnlineUpdate - Star Finanz - Software Entwicklung und Vertriebs GmbH - C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 11177 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\SyncBack its_Passwörter sichern.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69FC0024-10EB-480A-BBF2-3BF4E78E17B1}]
DebugBar BHO - C:\Programme\Core Services\DebugBar\DebugInfoBar.dll [2009-03-23 1083392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{3E1201F4-1707-409F-BB45-A5F192381DA0} - DebugBar - C:\Programme\Core Services\DebugBar\DebugToolBar.dll [2009-03-23 742400]
{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2006-06-16 794713]
"FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2007-06-26 312320]
""= []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-22 8433664]
"Keyboard Manager Utility"=C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe [2007-08-02 4128768]
"nwiz"=nwiz.exe /install []
"SMSERIAL"=C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Norman ZANDA"=C:\Programme\Norman\Npm\Bin\ZLH.EXE [2009-10-07 189824]
"NPCTray"=C:\Programme\Norman\npc\bin\npc_tray.exe [2009-10-07 128328]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="winmm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
setuid

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Apps\2.0\MMBEGP27.Q2G\5Y0XAWDH.EYK\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe"="C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Apps\2.0\MMBEGP27.Q2G\5Y0XAWDH.EYK\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss"
"C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe"="C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe:*:Enabled:StarMoney 7.0 OnlineUpdate"
"C:\Programme\StarMoney 7.0\app\StarMoney.exe"="C:\Programme\StarMoney 7.0\app\StarMoney.exe:*:Enabled:StarMoney 7.0"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ef678a6-2f28-11de-a54b-005056c00001}]
shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ef678a7-2f28-11de-a54b-005056c00001}]
shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9cbf873-b707-11de-a59b-001b24f97b08}]
shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfb98f20-7418-11dd-a415-000df049cf64}]
shell\AutoRun\command - E:\starter.exe


======File associations======

.js - open - "C:\Programme\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.txt - open - "%WinDir%\NOTEPAD.EXE" %1

======List of files/folders created in the last 1 months======

2009-12-06 23:23:27 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-06 23:22:32 ----D---- C:\WINDOWS\LastGood
2009-12-06 23:21:01 ----D---- C:\WINDOWS\Prefetch
2009-12-06 23:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-06 23:15:53 ----D---- C:\WINDOWS\LastGood.Tmp
2009-12-06 23:13:58 ----A---- C:\WINDOWS\setuplog.txt
2009-12-06 23:12:45 ----D---- C:\WINDOWS\l2schemas
2009-12-06 23:12:44 ----D---- C:\WINDOWS\system32\de
2009-12-06 23:12:44 ----D---- C:\WINDOWS\system32\bits
2009-12-06 23:02:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-06 20:48:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-06 14:11:20 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-12-06 12:44:19 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-12-06 12:44:10 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-12-06 12:44:10 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-12-06 12:43:50 ----N---- C:\WINDOWS\system32\setupn.exe
2009-12-06 12:43:47 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-12-06 12:43:46 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-12-06 12:43:45 ----N---- C:\WINDOWS\system32\qutil.dll
2009-12-06 12:43:44 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-12-06 12:43:44 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-12-06 12:43:44 ----N---- C:\WINDOWS\system32\qagent.dll
2009-12-06 12:43:40 ----N---- C:\WINDOWS\system32\onex.dll
2009-12-06 12:43:30 ----N---- C:\WINDOWS\system32\napstat.exe
2009-12-06 12:43:30 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-12-06 12:43:30 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-12-06 12:43:29 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-12-06 12:43:29 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-12-06 12:43:27 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-12-06 12:43:27 ----N---- C:\WINDOWS\system32\mssha.dll
2009-12-06 12:43:14 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-12-06 12:43:14 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-12-06 12:43:14 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-12-06 12:43:14 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-12-06 12:43:04 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-12-06 12:43:03 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-12-06 12:43:03 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-12-06 12:43:03 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-12-06 12:43:03 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-12-06 12:43:03 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-12-06 12:42:50 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-12-06 12:42:44 ----A---- C:\WINDOWS\002934_.tmp
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-12-06 12:42:43 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-12-06 12:42:42 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-12-06 12:42:41 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-12-06 12:42:40 ----N---- C:\WINDOWS\system32\credssp.dll
2009-12-06 12:42:37 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-12-06 12:42:37 ----N---- C:\WINDOWS\system32\azroles.dll
2009-12-06 12:42:35 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-12-04 22:38:44 ----D---- C:\Programme\trend micro
2009-12-04 22:38:43 ----D---- C:\rsit
2009-12-04 22:15:44 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\swsc.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\swreg.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\Process.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-12-04 19:35:37 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-12-04 17:32:56 ----A---- C:\WINDOWS\system32\tmp.txt
2009-12-04 17:32:28 ----A---- C:\rapport.txt
2009-12-04 16:59:42 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Malwarebytes
2009-12-04 16:59:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-12-04 16:57:29 ----D---- C:\Programme\hijackthis
2009-12-04 16:44:18 ----D---- C:\Programme\Spybot - Search & Destroy
2009-12-04 16:44:18 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-12-04 16:21:39 ----D---- C:\Programme\CCleaner
2009-12-04 15:46:33 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-12-04 15:46:33 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-12-04 15:46:33 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-12-04 15:46:07 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-12-04 15:46:06 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-12-04 15:46:06 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-12-04 15:46:06 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-12-04 15:46:06 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-12-04 15:46:05 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-12-04 15:46:05 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-12-04 15:46:05 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-12-04 15:46:05 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-12-04 15:46:03 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-12-04 15:46:03 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-12-04 15:46:03 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-12-04 15:46:03 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-12-04 15:46:02 ----N---- C:\WINDOWS\system32\slserv.exe
2009-12-04 15:46:02 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-12-04 15:46:02 ----N---- C:\WINDOWS\system32\slgen.dll
2009-12-04 15:46:02 ----N---- C:\WINDOWS\slrundll.exe
2009-12-04 15:45:08 ----A---- C:\WINDOWS\000001_.tmp
2009-12-04 14:52:45 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-04 14:05:04 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-04 14:05:04 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-04 14:04:52 ----RA---- C:\WINDOWS\SET121.tmp
2009-12-04 14:04:44 ----RA---- C:\WINDOWS\SETE6.tmp
2009-12-04 14:04:41 ----RA---- C:\WINDOWS\SETDA.tmp
2009-12-04 14:04:39 ----RA---- C:\WINDOWS\SETD4.tmp
2009-12-04 11:59:26 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-04 11:59:26 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-04 11:59:26 ----A---- C:\WINDOWS\system32\java.exe
2009-12-04 11:11:44 ----RA---- C:\WINDOWS\SETD9.tmp
2009-12-04 11:11:40 ----RA---- C:\WINDOWS\SETCD.tmp
2009-12-04 11:11:38 ----RA---- C:\WINDOWS\SETCA.tmp
2009-12-04 06:12:53 ----RA---- C:\WINDOWS\SETD8.tmp
2009-12-04 06:12:48 ----RA---- C:\WINDOWS\SETCC.tmp
2009-12-04 06:12:46 ----RA---- C:\WINDOWS\SETC9.tmp
2009-12-03 19:39:49 ----RA---- C:\WINDOWS\SETD7.tmp
2009-12-03 19:39:45 ----RA---- C:\WINDOWS\SETCB.tmp
2009-12-03 19:39:43 ----RA---- C:\WINDOWS\SETC8.tmp
2009-12-03 17:54:35 ----RA---- C:\WINDOWS\SET151.tmp
2009-12-03 17:54:31 ----RA---- C:\WINDOWS\SET145.tmp
2009-12-03 17:54:29 ----RA---- C:\WINDOWS\SET142.tmp
2009-12-03 16:49:22 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
2009-12-03 11:32:11 ----SHD---- C:\WINDOWS\CSC
2009-11-25 10:11:23 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Trillian
2009-11-25 10:10:52 ----D---- C:\Programme\Trillian
2009-11-23 18:47:20 ----SHD---- C:\Config.Msi
2009-11-23 08:28:06 ----D---- C:\Programme\PCSuitev2.2.0.181
2009-11-20 12:24:36 ----SHD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\System Restore
2009-11-10 12:52:36 ----D---- C:\Programme\Microsoft Visual Studio 8
2009-11-10 12:52:35 ----D---- C:\Programme\Microsoft
2009-11-10 07:52:56 ----HD---- C:\WINDOWS\PIF

======List of files/folders modified in the last 1 months======

2009-12-07 07:08:50 ----D---- C:\Programme\Mozilla Firefox
2009-12-07 07:03:57 ----HD---- C:\WINDOWS\inf
2009-12-07 07:03:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-07 07:03:47 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-07 07:03:47 ----D---- C:\WINDOWS
2009-12-07 06:44:03 ----D---- C:\WINDOWS\Temp
2009-12-07 00:10:49 ----A---- C:\WINDOWS\wincmd.ini
2009-12-06 23:25:34 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-06 23:23:55 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\nView_Wallpaper
2009-12-06 23:22:39 ----D---- C:\WINDOWS\system32
2009-12-06 23:22:13 ----D---- C:\WINDOWS\Debug
2009-12-06 23:20:56 ----D---- C:\Programme\Norman
2009-12-06 23:20:33 ----D---- C:\WINDOWS\system32\Setup
2009-12-06 23:20:33 ----D---- C:\WINDOWS\AppPatch
2009-12-06 23:20:32 ----RSD---- C:\WINDOWS\Fonts
2009-12-06 23:20:32 ----D---- C:\WINDOWS\system32\wbem
2009-12-06 23:20:30 ----D---- C:\WINDOWS\system32\drivers
2009-12-06 23:18:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-06 23:14:41 ----D---- C:\WINDOWS\security
2009-12-06 23:13:07 ----D---- C:\WINDOWS\WinSxS
2009-12-06 23:13:02 ----D---- C:\Programme\Messenger
2009-12-06 23:12:59 ----D---- C:\WINDOWS\ehome
2009-12-06 23:12:58 ----D---- C:\WINDOWS\system32\inetsrv
2009-12-06 23:12:58 ----D---- C:\WINDOWS\network diagnostic
2009-12-06 23:12:58 ----D---- C:\WINDOWS\ime
2009-12-06 23:12:58 ----D---- C:\WINDOWS\Help
2009-12-06 23:12:46 ----D---- C:\WINDOWS\system32\usmt
2009-12-06 23:12:46 ----D---- C:\WINDOWS\system32\de-DE
2009-12-06 23:12:45 ----D---- C:\Programme\Internet Explorer
2009-12-06 23:12:44 ----SHD---- C:\WINDOWS\Installer
2009-12-06 23:12:44 ----D---- C:\WINDOWS\PeerNet
2009-12-06 23:12:43 ----D---- C:\Programme\Movie Maker
2009-12-06 23:10:03 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-06 23:09:48 ----D---- C:\WINDOWS\system32\Restore
2009-12-06 23:09:48 ----D---- C:\WINDOWS\system32\npp
2009-12-06 23:09:47 ----D---- C:\WINDOWS\msagent
2009-12-06 23:09:45 ----D---- C:\WINDOWS\srchasst
2009-12-06 23:09:45 ----D---- C:\Programme\NetMeeting
2009-12-06 23:09:43 ----D---- C:\WINDOWS\system32\Com
2009-12-06 23:09:41 ----D---- C:\Programme\Windows Media Player
2009-12-06 23:09:40 ----D---- C:\Programme\Windows NT
2009-12-06 23:09:40 ----D---- C:\Programme\Outlook Express
2009-12-06 23:09:36 ----D---- C:\Programme\Gemeinsame Dateien\System
2009-12-06 23:09:18 ----D---- C:\WINDOWS\system32\oobe
2009-12-06 23:09:16 ----D---- C:\WINDOWS\system
2009-12-06 23:05:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-06 20:58:45 ----D---- C:\WINDOWS\ie8updates
2009-12-06 20:55:33 ----HDC---- C:\WINDOWS\ie8
2009-12-06 20:53:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-06 19:52:58 ----D---- C:\Programme\Mozilla Thunderbird
2009-12-06 19:20:27 ----D---- C:\tmp
2009-12-06 14:11:20 ----RD---- C:\Programme
2009-12-06 14:07:03 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-12-06 14:07:01 ----SD---- C:\WINDOWS\Tasks
2009-12-06 13:54:25 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-12-06 13:54:25 ----D---- C:\Programme\FRITZ!Fernzugang
2009-12-06 13:54:25 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVM
2009-12-04 19:28:32 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-04 16:45:28 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-04 16:45:25 ----D---- C:\WINDOWS\Minidump
2009-12-04 15:47:13 ----RASH---- C:\boot.ini
2009-12-04 15:16:04 ----D---- C:\WINDOWS\Registration
2009-12-04 15:14:44 ----SHD---- C:\System Volume Information
2009-12-04 15:01:13 ----D---- C:\WINDOWS\system32\config
2009-12-04 15:01:01 ----D---- C:\WINDOWS\system32\1031
2009-12-04 15:00:57 ----D---- C:\WINDOWS\Media
2009-12-04 14:57:04 ----D---- C:\WINDOWS\twain_32
2009-12-04 14:56:18 ----D---- C:\WINDOWS\system32\icsxml
2009-12-04 14:55:40 ----D---- C:\WINDOWS\system32\ias
2009-12-04 14:55:34 ----D---- C:\WINDOWS\system32\1033
2009-12-04 14:54:23 ----AC---- C:\WINDOWS\ODBCINST.INI
2009-12-04 14:54:18 ----D---- C:\WINDOWS\Driver Cache
2009-12-04 14:52:49 ----RD---- C:\WINDOWS\Web
2009-12-04 14:52:37 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-04 14:52:20 ----A---- C:\WINDOWS\win.ini
2009-12-04 14:05:12 ----A---- C:\WINDOWS\system.ini
2009-12-04 14:04:53 ----ASH---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
2009-12-04 13:15:14 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\FileZilla
2009-12-04 12:32:23 ----D---- C:\Programme\eclipse_3_5_0
2009-12-04 12:06:17 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-04 12:06:16 ----RSD---- C:\WINDOWS\assembly
2009-12-04 11:59:12 ----D---- C:\Programme\Java
2009-12-03 17:23:56 ----D---- C:\Programme\Gemeinsame Dateien
2009-12-03 17:16:07 ----D---- C:\Programme\Microsoft Office
2009-12-03 17:16:07 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-12-03 17:15:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-12-03 17:08:38 ----AC---- C:\WINDOWS\vbaddin.ini
2009-12-03 17:07:20 ----AC---- C:\WINDOWS\ODBC.INI
2009-12-03 16:37:03 ----D---- C:\WINDOWS\SxsCaPendDel
2009-12-03 16:33:02 ----D---- C:\Programme\Bonjour
2009-12-03 16:30:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-03 16:30:13 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2009-12-03 16:18:54 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\phonostar-Player
2009-12-03 12:49:53 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Skype
2009-12-03 10:25:53 ----A---- C:\WINDOWS\system32\results.txt
2009-12-03 10:25:41 ----A---- C:\WINDOWS\system32\AegisI5Installer.exe
2009-12-03 10:08:54 ----D---- C:\Programme\TuneUp Utilities 2008
2009-12-02 18:55:05 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\skypePM
2009-11-30 19:04:30 ----D---- C:\Programme\StarMoney 7.0
2009-11-27 18:20:39 ----D---- C:\projects
2009-11-16 20:07:52 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-11-13 20:57:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
2009-11-13 11:43:57 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla
2009-11-10 12:52:34 ----D---- C:\Programme\Common Files
2009-11-10 12:13:36 ----D---- C:\Programme\IMAPSize

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2007-02-06 16512]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 NGS;Norman General Security Driver; \??\c:\programme\norman\ngs\bin\ngs.sys []
R1 NPROSEC;Norman Security driver; \??\C:\Programme\Norman\Ngs\Bin\nprosec.sys []
R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver]; \??\C:\WINDOWS\system32\drivers\Sleen16.sys []
R1 TDI_RD;Norman Firewall TDI driver; \??\C:\WINDOWS\system32\drivers\TDI_RD.SYS []
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-10-29 12032]
R2 Ndiskio;Ndiskio; \??\C:\Programme\Norman\Nse\Bin\NDISKIO.SYS []
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avmaura;AVM USB-Fernanschluss; C:\WINDOWS\system32\DRIVERS\avmaura.sys [2009-09-21 101248]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-10-29 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-22 6346688]
R3 NvcMFlt;NvcMFlt; C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2009-10-08 21832]
R3 qkbfiltr;Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\qkbfiltr.sys [2007-02-01 33792]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2007-10-29 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-16 193120]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-24 47104]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-03-13 255232]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-14 273920]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-11-05 101120]
S3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETw4x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-02-24 2203520]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-10-15 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-10-15 99200]
S3 play1.bat;play1.bat; \??\C:\WINDOWS\system32\drivers\play1.bat.sys []
S3 play1;play1; \??\C:\WINDOWS\system32\drivers\play1.sys []
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StillCam;Treiber für serielle Digitalkamera; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-18 7040]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-11-22 108800]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-09-15 36480]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2005-12-01 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-11-11 52864]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2005-11-15 36736]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2009-04-09 104960]
S3 ZTEusbnet;ZTE USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2009-04-09 105344]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2009-04-09 104960]
S3 ZTEusbvoice;ZTE VoUSB Port; C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Programme\Norman\Npm\Bin\Elogsvc.exe [2009-10-07 152904]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Programme\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 Norman ZANDA;Norman ZANDA; C:\Programme\Norman\Npm\Bin\Zanda.exe [2009-10-07 411016]
R2 NPFSvc32;Norman Personal Firewall Service; C:\Programme\Norman\npf\bin\npfsvc32.exe [2009-10-07 599424]
R2 NPROSECSVC;Norman Security service; C:\Programme\Norman\Ngs\Bin\Nprosec.exe [2009-10-07 124232]
R2 NVOY;Norman Resource Provider; C:\Programme\Norman\npm\bin\nvoy.exe [2009-10-07 128328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-22 163908]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate; C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2009-09-11 528904]
R2 VMCService;Vodafone Mobile Connect Service; C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
R3 Norman NJeeves;Norman NJeeves; C:\Programme\Norman\Npm\Bin\Njeeves.exe [2009-10-07 276712]
R3 NPC;Norman Parental Control; C:\Programme\Norman\npc\bin\npcsvc32.exe [2009-10-07 419200]
R3 nsesvc;Norman Scanner Engine Service; C:\Programme\Norman\Nse\Bin\NSESVC.EXE [2009-10-09 320840]
R3 NUAA;Norman User Activity Agent; C:\Programme\Norman\npc\bin\nuaa.exe [2009-10-07 124232]
R3 nvcoas;Norman Virus Control on-access component; C:\Programme\Norman\Nvc\Bin\nvcoas.exe [2009-10-07 197960]
R3 Scheduler;Norman Scheduler Service; C:\Programme\Norman\Npm\Bin\scheduler.exe [2009-10-07 132424]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-22 69632]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 B-Service;B-Service; C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mikogo\B-Service.exe [2009-10-06 185640]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 cvslock;CVSNT Locking Service 2.5.03.2382; C:\Programme\CVSNT\cvslock.exe [2006-07-05 58368]
S3 cvsnt;CVSNT Dispatch service 2.5.03.2382; C:\Programme\CVSNT\cvsservice.exe [2006-07-05 37888]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe []
S3 UMWdf;Windows-Benutzermodus-Treiberframework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt

Code:

ATTFilter

info.txt logfile of random's system information tool 1.06 2009-12-04 22:41:46

======Uninstall list======

-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Programme\7-Zip\Uninstall.exe"
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\67a7fb1e97aa14ee9ef0950eb6fd757\Setup.exe
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{DA896917-C1DA-45B2-B4D2-68162F16C0DD}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{C8D7A672-F697-4572-AC62-C856053A8DBC}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{411E0CC3-587A-468C-B461-95FAFD05E4DE}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}
Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{DFFDDCF5-CB32-4354-8823-1B9E68025953}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Manager Deluxe 4.1-->C:\WINDOWS\uninst.exe -f"C:\Programme\Adobe Type Manager\DeIsL1.isu" -c"C:\Programme\Adobe Type Manager\UNINST.DLL"
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AVM FRITZ!Fernzugang-->MsiExec.exe /X{37C19C2D-9BB3-4CB0-A83C-26213C73C0BD}
Bluetooth Stack for Windows-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Canon MP Navigator EX 2.0-->"C:\Programme\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Programme\Canon\MP Navigator EX 2.0\uninst.ini
Canon MP630 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series /L0x0007
Canon Utilities My Printer-->C:\Programme\Canon\MyPrinter\uninst.exe uninst.ini
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CD-LabelPrint-->"C:\Programme\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CVSNT 2.5.03.2382-->MsiExec.exe /I{7C480BB2-42A9-40C6-AA5F-7AA20FC7C7F3}
DebugBar v5.2.2 for Internet Explorer (remove only)-->"C:\Programme\Core Services\DebugBar\uninstall.exe"
eDocPrintPro-->C:\PROGRA~1\GEMEIN~1\MAYCOM~1\EDOCPR~1\UNWISE.EXE C:\PROGRA~1\GEMEIN~1\MAYCOM~1\EDOCPR~1\INSTALL.LOG
Fast Image-Map 2-->C:\WINDOWS\unin0407.exe -f"C:\Programme\CL-Soft\Fast Image-Map 2\DeIsL1.isu"  -c"C:\Programme\CL-Soft\Fast Image-Map 2\_ISREG32.DLL"
FileZilla Client 3.2.8.1-->C:\Programme\FileZilla FTP Client\uninstall.exe
FreePDF XP (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
GPL Ghostscript 8.62-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.62\uninstal.txt"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IETester v0.3.2 (remove only)-->"C:\Programme\Core Services\IETester\uninstall.exe"
IMAPSize 0.3.6-->C:\Programme\IMAPSize\unins000.exe
Inkjet Printer/Scanner Extended Survey Program-->C:\Programme\Canon\IJPLM\SETUP.EXE -R
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
KeePass Password Safe 2.08-->"C:\Programme\KeePass Password Safe\unins001.exe"
Keyboard Manager Utility-->C:\Programme\InstallShield Installation Information\{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}\setup.exe -runfromtemp -l0x0407
Last.fm 1.5.4.24567-->"C:\Programme\Last.fm\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 German Language Pack-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 German Language Pack\setup.exe
Microsoft .NET Framework 3.0 German Language Pack-->MsiExec.exe /X{F2A7F421-1679-48D5-B918-96999014ED53}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mikogo-->C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mikogo\remover.exe
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (2.0.0.20)-->c:\Programme\Mozilla_Portable_Firefox_2.0.0.20\Firefox\uninstall\helper.exe
Mozilla Firefox (3.5.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
Nero 9-->C:\Programme\Gemeinsame Dateien\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="9M03-019X-5C1W-6UX2-6670-KA4K-091T-7M9U"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norman Security Suite-->MsiExec.exe /X{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}
Outlook 2007 HTML and CSS Validator-->MsiExec.exe /I{59152D0E-DDFE-4769-A746-776457091048}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
phonostar-Player Version 3.01.2-->"C:\Programme\phonostar-Player\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
PSPad editor-->"C:\Programme\PSPad editor\Uninst\unins000.exe"
Quest Software Toad for MySQL Freeware 4.1-->MsiExec.exe /X{D58340FF-57D2-4AF3-81DB-073DDD4FAEA9}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
sipgate Faxdrucker-->MsiExec.exe /I{07E78C07-ECEF-4AEF-9581-2C31A5BDA6C0}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
SSHTunnelClient-->"C:\Programme\delight software gmbh\SSHTunnelClient\unins000.exe"
Stampit Home-->MsiExec.exe /X{9FFD7E59-7EA4-4D30-98D3-CFB29936BFB8}
StarMoney 7.0 -->"C:\Programme\InstallShield Installation Information\{73184978-0F46-426B-8A40-6BD18A4697E6}\setup.exe" -runfromtemp -l0x0007 -removeonly
Steganos Safe 2008-->C:\Programme\Steganos Safe 2008\uninstall.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SyncBack-->"C:\Programme\2BrightSparks\SyncBack\unins000.exe"
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Programme\InstallShield Installation Information\{B9C22F96-61F6-4ADA-808A-4A1AE835E75F}\setup.exe -runfromtemp -l0x0407
TortoiseCVS 1.10.7-->"C:\Programme\TortoiseCVS\unins000.exe"
TortoiseSVN 1.6.1.16129 (32 bit)-->MsiExec.exe /X{4DC6EB24-629D-41D7-AB3E-E81872A8F9CC}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Trillian-->C:\Programme\Trillian\Trillian.exe /uninstall
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Turbo Lister 2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548} 
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VideoLAN VLC media player 0.8.6h-->C:\Programme\VideoLAN\VLC\uninstall.exe
Visual C++ 9.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{0138F525-6C8A-333F-A105-14AE030B9A54}
Vodafone Mobile Connect Lite-->MsiExec.exe /X{E3B99F3D-9856-482A-9048-305E28E2510C}
WEB.DE MultiMessenger-->C:\Programme\WEB.DE\WEB.DE MultiMessenger\uninst.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (DEU)-->MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinMerge 2.8.0.0-->"C:\Programme\WinMerge\unins000.exe"
WinSCP 4.1.6-->"C:\Programme\WinSCP\unins000.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
X-PRO 2.0 private build 1082-->C:\Programme\X-PRO\unins000.exe
Zattoo 3.3.0 Beta-->C:\Programme\Zattoo\uninst.exe
ZendGuard-4.0.1-->"C:\Programme\Zend\ZendGuard-4.0.1\Uninstall ZendGuard-4.0.1\Uninstall ZendGuard-4.0.1.exe"

======Security center information======

AV: Norman Security Suite
FW: Norman Security Suite

======System event log======

Computer Name: HM_NOTEBOOK
Event Code: 121
Message: Port A is up with 100 Mbps

Record Number: 5
Source Name: yukonwxp
Time Written: 20091204111453.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 121
Message: Port A is up with 100 Mbps

Record Number: 4
Source Name: yukonwxp
Time Written: 20091204111424.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 121
Message: Port A is up with 100 Mbps

Record Number: 3
Source Name: yukonwxp
Time Written: 20091204111038.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 2
Source Name: EventLog
Time Written: 20091204111033.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20091204111033.000000+060
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: HM_NOTEBOOK
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst TermService (Terminaldienste) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.

Record Number: 5
Source Name: LoadPerf
Time Written: 20091204112504.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst TermService (Terminaldienste) wurden entfernt. Die Daten
enthalten die neuen Werte der Registrierungseinträge Last Counter
und Last Help.

Record Number: 4
Source Name: LoadPerf
Time Written: 20091204112503.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 1002
Message: Die Leistungsindikatoren für den Dienst RSVP (QoS-RSVP) befinden sich bereits in der
Registrierung. Neuinstallation nicht erforderlich.

Record Number: 3
Source Name: LoadPerf
Time Written: 20091204112022.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 1002
Message: Die Leistungsindikatoren für den Dienst PSched (QoS-Paketplaner) befinden sich bereits in der
Registrierung. Neuinstallation nicht erforderlich.

Record Number: 2
Source Name: LoadPerf
Time Written: 20091204112009.000000+060
Event Type: Informationen
User: 

Computer Name: HM_NOTEBOOK
Event Code: 1002
Message: Die Leistungsindikatoren für den Dienst RemoteAccess (Routing und RAS) befinden sich bereits in der
Registrierung. Neuinstallation nicht erforderlich.

Record Number: 1
Source Name: LoadPerf
Time Written: 20091204111952.000000+060
Event Type: Informationen
User: 

======Environment variables======

"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NpmLib"=C:\Programme\Norman\Npm\Bin
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programme\Business Objects\Common\3.5\bin\NOTES\;C:\Programme\Business Objects\Common\3.5\bin\NOTES\DATA\;C:\Programme\Mozilla Firefox;C:\Programme\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\Norman\Npm\Bin;C:\Programme\Gemeinsame Dateien\Ahead\Lib\;C:\Programme\Gemeinsame Dateien\Teleca Shared;%NpmLib%;C:\Programme\WinSCP\;C:\Programme\TortoiseSVN\bin;C:\Programme\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip
"SVN_SSH"=c:\\Programme\\TortoiseSVN\\bin\\TortoisePlink.exe
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

Trojaner W32/Kates.G

Log-Analyse und Auswertung: Trojaner W32/Kates.G

Trojaner W32/Kates.G

Ähnliche Themen: Trojaner W32/Kates.G