Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BKA-Trojaner Windows XP readme[1].exe

BKA-Trojaner Windows XP readme[1].exe


Log-Analyse und Auswertung: BKA-Trojaner Windows XP readme[1].exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.04.2011, 19:51   #1
lui87
 
BKA-Trojaner Windows XP readme[1].exe - Standard

BKA-Trojaner Windows XP readme[1].exe


Ich hab mir gestern den BKA-trojaner eingefangen.

Die Symptome sind dieselben wie in anderen Threads beschrieben:

-die Dateien auf dem Desktop sind nicht sichtbar
-Taskmanager lässt sich im normalen Modus nicht aufrufen
-Programme lassen sich nur über den Taskmanager starten

obwohl ich mbam meine festplatte scannen und die infizierten dateien löschen ließ, sind die dateien auf dem desktop weiterhin unsichtbar. bei neustart des PCs erscheint auch wieder die "offizielle Mitteilung des Bundeskriminalamts"

LOG OTL:

Code:
ATTFilter
OTL logfile created on: 26.04.2011 20:16:55 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 4414 8828 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 144,05 Gb Total Space | 18,92 Gb Free Space | 13,14% Space Free | Partition Type: NTFS
Drive F: | 119,60 Mb Total Space | 117,66 Mb Free Space | 98,37% Space Free | Partition Type: FAT
 
Computer Name: L2 | User Name: Bassti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.26 20:19:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.10.15 14:31:50 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008.10.15 14:29:58 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.18 11:16:30 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008.01.07 12:08:50 | 000,019,456 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2007.11.19 15:23:04 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.05.22 18:52:46 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007.05.22 18:45:54 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2007.05.22 17:27:40 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007.01.30 05:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006.08.10 02:08:14 | 000,010,240 | R--- | M] (E-MU Systems) -- C:\WINDOWS\system32\emaudsv.exe
PRC - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.26 20:19:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (PnkBstrA)
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (FirebirdServerMAGIXInstance)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.05.20 18:09:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.10.15 14:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.15 14:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008.02.18 11:16:30 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008.01.07 12:08:50 | 000,019,456 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2007.11.19 15:23:04 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.05.22 18:52:46 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007.05.22 17:27:40 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007.01.30 05:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.08.10 02:08:14 | 000,010,240 | R--- | M] (E-MU Systems) [Auto | Running] -- C:\WINDOWS\system32\emaudsv.exe -- (emaudsv)
SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.06.29 19:00:50 | 000,112,640 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.05.27 16:12:50 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.27 16:12:49 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009.05.27 16:12:48 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009.04.14 07:40:31 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.04.14 07:24:34 | 000,215,872 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.04.09 14:38:30 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.02.10 17:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.01.14 23:25:24 | 000,022,304 | ---- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbkt1x1.sys -- (USBKT1X1)
DRV - [2009.01.14 23:25:24 | 000,013,504 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - [2008.08.20 03:12:29 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV06.sys -- (ACEDRV06)
DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.05.01 10:29:20 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2007.03.13 04:12:00 | 000,255,232 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007.03.02 10:53:18 | 001,972,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007.01.30 12:57:50 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.11.06 10:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.08.10 02:08:12 | 000,142,208 | R--- | M] (E-MU Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emusba10.sys -- (emusba10)
DRV - [2006.04.17 09:54:12 | 000,014,336 | R--- | M] (YAMAHA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2006.01.27 03:01:06 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Bassti\Lokale Einstellungen\Temp\cdiskdun.sys -- (cdiskdun)
DRV - [2005.05.09 21:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2004.04.01 17:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.08.29 10:30:16 | 000,148,724 | ---- | M] (Terratec Electronic GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dmx6fire.sys -- (dmxfire)
DRV - [2003.07.22 15:07:50 | 000,403,968 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dmxsens.sys -- (dmxsens)
DRV - [2003.02.11 13:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2003.01.10 13:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001.08.17 12:13:12 | 000,016,925 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w940nd.sys -- (w89c940)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/3000desktop [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Programme\Real\RealPlayer\browserrecord [2007.12.22 15:19:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.27 03:42:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.24 13:25:57 | 000,000,000 | ---D | M]
 
[2009.08.13 08:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Extensions
[2011.04.26 14:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\extensions
[2010.06.11 02:36:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.17 17:36:04 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.01 23:37:57 | 000,001,639 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\searchplugins\discogs-search.xml
[2011.04.24 00:53:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\searchplugins\icqplugin-1.xml
[2010.10.28 17:19:29 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\searchplugins\icqplugin-2.xml
[2010.10.28 23:13:43 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\searchplugins\icqplugin-3.xml
[2010.12.10 22:21:01 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\searchplugins\icqplugin-4.xml
[2011.03.03 00:51:55 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\searchplugins\icqplugin-5.xml
[2011.03.09 23:39:56 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\searchplugins\icqplugin-6.xml
[2011.03.24 13:26:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\searchplugins\icqplugin-7.xml
[2010.06.17 17:36:04 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\searchplugins\icqplugin.gif
[2010.06.17 17:36:05 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\searchplugins\icqplugin.src
[2010.06.25 00:15:06 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\searchplugins\icqplugin.xml
[2009.10.19 07:58:31 | 000,009,941 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\searchplugins\mywebsearch.xml
[2010.08.24 03:54:52 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Mozilla\Firefox\Profiles\kohb6lnt.default\searchplugins\youtube-videosuche.xml
[2011.04.26 14:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.02.12 14:06:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.12 14:06:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.02.12 14:06:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.08.07 14:53:06 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv501.dll
[2010.09.11 12:07:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.11 12:07:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.11 12:07:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.11 12:07:23 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.11 12:07:23 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.01.21 22:56:23 | 000,223,065 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 7826 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [SystemData.exe]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DMX 6fire 2496 ControlPanel.lnk = C:\Programme\TerraTec\DMX 6fire\DMX6Fire.exe (TerraTec Electronic GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\Bassti\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} hxxp://www.king.com/ctl/kingcomie.cab (king.com)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1223834234 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Bassti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NC6QDL0Z\readme[1].exe) -  File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Bassti\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Bassti\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{093a4a96-2053-11df-a339-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{093a4a96-2053-11df-a339-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{093a4a96-2053-11df-a339-001617fa4910}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{19a6f44c-b162-11df-a419-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{19a6f44c-b162-11df-a419-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19a6f44c-b162-11df-a419-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{19a6f45d-b162-11df-a419-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{19a6f45d-b162-11df-a419-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19a6f45d-b162-11df-a419-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{19a6f467-b162-11df-a419-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{19a6f467-b162-11df-a419-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19a6f467-b162-11df-a419-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{19a6f47f-b162-11df-a419-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{19a6f47f-b162-11df-a419-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19a6f47f-b162-11df-a419-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{19a6f480-b162-11df-a419-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{19a6f480-b162-11df-a419-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19a6f480-b162-11df-a419-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{19a6f481-b162-11df-a419-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{19a6f481-b162-11df-a419-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19a6f481-b162-11df-a419-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{19a6f483-b162-11df-a419-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{19a6f483-b162-11df-a419-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19a6f483-b162-11df-a419-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1e68fb01-a95b-11df-a413-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{1e68fb01-a95b-11df-a413-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e68fb01-a95b-11df-a413-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1e68fb07-a95b-11df-a413-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{1e68fb07-a95b-11df-a413-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e68fb07-a95b-11df-a413-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1e68fb08-a95b-11df-a413-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{1e68fb08-a95b-11df-a413-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e68fb08-a95b-11df-a413-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1f59c71c-c2a0-11df-a42f-a98a0b1c9b30}\Shell - "" = AutoRun
O33 - MountPoints2\{1f59c71c-c2a0-11df-a42f-a98a0b1c9b30}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1f59c71c-c2a0-11df-a42f-a98a0b1c9b30}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2814408e-bf45-11df-a429-b69bf5bdad88}\Shell - "" = AutoRun
O33 - MountPoints2\{2814408e-bf45-11df-a429-b69bf5bdad88}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2814408e-bf45-11df-a429-b69bf5bdad88}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{30b2e81c-c2f0-11df-a430-f1bcee201f98}\Shell - "" = AutoRun
O33 - MountPoints2\{30b2e81c-c2f0-11df-a430-f1bcee201f98}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{30b2e81c-c2f0-11df-a430-f1bcee201f98}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{353f46a9-a6f8-11df-a40f-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{353f46a9-a6f8-11df-a40f-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{353f46a9-a6f8-11df-a40f-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{353f46aa-a6f8-11df-a40f-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{353f46aa-a6f8-11df-a40f-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{353f46aa-a6f8-11df-a40f-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{353f46b1-a6f8-11df-a40f-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{353f46b1-a6f8-11df-a40f-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{353f46b1-a6f8-11df-a40f-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{353f472c-a6f8-11df-a40f-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{353f472c-a6f8-11df-a40f-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{353f472c-a6f8-11df-a40f-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{353f474a-a6f8-11df-a40f-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{353f474a-a6f8-11df-a40f-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{353f474a-a6f8-11df-a40f-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4a7e0a8a-e1ab-11de-a2bf-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{4a7e0a8a-e1ab-11de-a2bf-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a7e0a8a-e1ab-11de-a2bf-001617fa4910}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O33 - MountPoints2\{4eee0b18-ae4c-11df-a414-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{4eee0b18-ae4c-11df-a414-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4eee0b18-ae4c-11df-a414-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5b3cf757-bbe5-11df-a424-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{5b3cf757-bbe5-11df-a424-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5b3cf757-bbe5-11df-a424-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5b3cf75f-bbe5-11df-a424-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{5b3cf75f-bbe5-11df-a424-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5b3cf75f-bbe5-11df-a424-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5c050ec6-b510-11df-a41c-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{5c050ec6-b510-11df-a41c-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5c050ec6-b510-11df-a41c-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5c050ed5-b510-11df-a41c-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{5c050ed5-b510-11df-a41c-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5c050ed5-b510-11df-a41c-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5c589464-bf11-11df-a428-c0034ccd5b82}\Shell - "" = AutoRun
O33 - MountPoints2\{5c589464-bf11-11df-a428-c0034ccd5b82}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5c589464-bf11-11df-a428-c0034ccd5b82}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{60820f18-b014-11df-a416-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{60820f18-b014-11df-a416-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{60820f18-b014-11df-a416-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{62d6be9c-beb7-11df-a427-bebfde039404}\Shell - "" = AutoRun
O33 - MountPoints2\{62d6be9c-beb7-11df-a427-bebfde039404}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{62d6be9c-beb7-11df-a427-bebfde039404}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6601285a-c48e-11df-a432-f7c36c7c7bb3}\Shell - "" = AutoRun
O33 - MountPoints2\{6601285a-c48e-11df-a432-f7c36c7c7bb3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6601285a-c48e-11df-a432-f7c36c7c7bb3}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6610ac5a-bfe6-11df-a42b-c3162b98b9fe}\Shell - "" = AutoRun
O33 - MountPoints2\{6610ac5a-bfe6-11df-a42b-c3162b98b9fe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6610ac5a-bfe6-11df-a42b-c3162b98b9fe}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{739232ea-72fe-11df-a3b6-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{739232ea-72fe-11df-a3b6-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{739232ea-72fe-11df-a3b6-001617fa4910}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{739232ee-72fe-11df-a3b6-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{739232ee-72fe-11df-a3b6-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{739232ee-72fe-11df-a3b6-001617fa4910}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{829433f0-b81c-11df-a420-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{829433f0-b81c-11df-a420-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{829433f0-b81c-11df-a420-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{87755424-7601-11df-a3bb-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{87755424-7601-11df-a3bb-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{87755424-7601-11df-a3bb-001617fa4910}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8ac14e4e-bcf1-11df-a425-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{8ac14e4e-bcf1-11df-a425-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ac14e4e-bcf1-11df-a425-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8ac14e4f-bcf1-11df-a425-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{8ac14e4f-bcf1-11df-a425-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ac14e4f-bcf1-11df-a425-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8b0d0da0-c0e0-11df-a42d-f208e877c25c}\Shell - "" = AutoRun
O33 - MountPoints2\{8b0d0da0-c0e0-11df-a42d-f208e877c25c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b0d0da0-c0e0-11df-a42d-f208e877c25c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8e51b405-b04d-11df-a417-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{8e51b405-b04d-11df-a417-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e51b405-b04d-11df-a417-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a400c94-c33a-11df-a431-b585401a5883}\Shell - "" = AutoRun
O33 - MountPoints2\{9a400c94-c33a-11df-a431-b585401a5883}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a400c94-c33a-11df-a431-b585401a5883}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a400cac-c33a-11df-a431-b585401a5883}\Shell - "" = AutoRun
O33 - MountPoints2\{9a400cac-c33a-11df-a431-b585401a5883}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a400cac-c33a-11df-a431-b585401a5883}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a400cb0-c33a-11df-a431-b585401a5883}\Shell - "" = AutoRun
O33 - MountPoints2\{9a400cb0-c33a-11df-a431-b585401a5883}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a400cb0-c33a-11df-a431-b585401a5883}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a400cea-c33a-11df-a431-b585401a5883}\Shell - "" = AutoRun
O33 - MountPoints2\{9a400cea-c33a-11df-a431-b585401a5883}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a400cea-c33a-11df-a431-b585401a5883}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a400cf4-c33a-11df-a431-b585401a5883}\Shell - "" = AutoRun
O33 - MountPoints2\{9a400cf4-c33a-11df-a431-b585401a5883}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a400cf4-c33a-11df-a431-b585401a5883}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a400d04-c33a-11df-a431-b585401a5883}\Shell - "" = AutoRun
O33 - MountPoints2\{9a400d04-c33a-11df-a431-b585401a5883}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a400d04-c33a-11df-a431-b585401a5883}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a400d46-c33a-11df-a431-b585401a5883}\Shell - "" = AutoRun
O33 - MountPoints2\{9a400d46-c33a-11df-a431-b585401a5883}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a400d46-c33a-11df-a431-b585401a5883}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a400d74-c33a-11df-a431-b585401a5883}\Shell - "" = AutoRun
O33 - MountPoints2\{9a400d74-c33a-11df-a431-b585401a5883}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a400d74-c33a-11df-a431-b585401a5883}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a400d99-c33a-11df-a431-b585401a5883}\Shell - "" = AutoRun
O33 - MountPoints2\{9a400d99-c33a-11df-a431-b585401a5883}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a400d99-c33a-11df-a431-b585401a5883}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a400da8-c33a-11df-a431-b585401a5883}\Shell - "" = AutoRun
O33 - MountPoints2\{9a400da8-c33a-11df-a431-b585401a5883}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a400da8-c33a-11df-a431-b585401a5883}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a400db7-c33a-11df-a431-b585401a5883}\Shell - "" = AutoRun
O33 - MountPoints2\{9a400db7-c33a-11df-a431-b585401a5883}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a400db7-c33a-11df-a431-b585401a5883}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a400e49-c33a-11df-a431-001e101f905a}\Shell - "" = AutoRun
O33 - MountPoints2\{9a400e49-c33a-11df-a431-001e101f905a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a400e49-c33a-11df-a431-001e101f905a}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a400e57-c33a-11df-a431-001e101f905a}\Shell - "" = AutoRun
O33 - MountPoints2\{9a400e57-c33a-11df-a431-001e101f905a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a400e57-c33a-11df-a431-001e101f905a}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a30cfc84-bf83-11df-a42a-d6a303e9dbf9}\Shell - "" = AutoRun
O33 - MountPoints2\{a30cfc84-bf83-11df-a42a-d6a303e9dbf9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a30cfc84-bf83-11df-a42a-d6a303e9dbf9}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a925d9e8-a090-11df-a404-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{a925d9e8-a090-11df-a404-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a925d9e8-a090-11df-a404-001617fa4910}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a9b9617e-b8dc-11df-a421-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{a9b9617e-b8dc-11df-a421-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a9b9617e-b8dc-11df-a421-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a9b9618f-b8dc-11df-a421-001e101f8c05}\Shell - "" = AutoRun
O33 - MountPoints2\{a9b9618f-b8dc-11df-a421-001e101f8c05}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a9b9618f-b8dc-11df-a421-001e101f8c05}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a9b96199-b8dc-11df-a421-001e101f87b2}\Shell - "" = AutoRun
O33 - MountPoints2\{a9b96199-b8dc-11df-a421-001e101f87b2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a9b96199-b8dc-11df-a421-001e101f87b2}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa5093f0-b684-11df-a41f-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{aa5093f0-b684-11df-a41f-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa5093f0-b684-11df-a41f-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa5093f4-b684-11df-a41f-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{aa5093f4-b684-11df-a41f-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa5093f4-b684-11df-a41f-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b47b81cc-ba86-11df-a422-001e101f19a3}\Shell - "" = AutoRun
O33 - MountPoints2\{b47b81cc-ba86-11df-a422-001e101f19a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b47b81cc-ba86-11df-a422-001e101f19a3}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b69aad48-a866-11df-a412-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{b69aad48-a866-11df-a412-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b69aad48-a866-11df-a412-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bcdaec0a-aedc-11df-a415-9f778ea8a3fd}\Shell - "" = AutoRun
O33 - MountPoints2\{bcdaec0a-aedc-11df-a415-9f778ea8a3fd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bcdaec0a-aedc-11df-a415-9f778ea8a3fd}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bcdaec2c-aedc-11df-a415-001e101fea86}\Shell - "" = AutoRun
O33 - MountPoints2\{bcdaec2c-aedc-11df-a415-001e101fea86}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bcdaec2c-aedc-11df-a415-001e101fea86}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{de39317c-b445-11df-a41b-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{de39317c-b445-11df-a41b-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de39317c-b445-11df-a41b-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{de9fbd7a-c1b5-11df-a42e-f85bf5045515}\Shell - "" = AutoRun
O33 - MountPoints2\{de9fbd7a-c1b5-11df-a42e-f85bf5045515}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de9fbd7a-c1b5-11df-a42e-f85bf5045515}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e1eec258-ef58-11de-a2d8-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{e1eec258-ef58-11de-a2d8-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e1eec258-ef58-11de-a2d8-001617fa4910}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O33 - MountPoints2\{e26a9294-b298-11df-a41a-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{e26a9294-b298-11df-a41a-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e26a9294-b298-11df-a41a-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e26a92ea-b298-11df-a41a-001e101f3356}\Shell - "" = AutoRun
O33 - MountPoints2\{e26a92ea-b298-11df-a41a-001e101f3356}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e26a92ea-b298-11df-a41a-001e101f3356}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e26a92f9-b298-11df-a41a-001e101f3356}\Shell - "" = AutoRun
O33 - MountPoints2\{e26a92f9-b298-11df-a41a-001e101f3356}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e26a92f9-b298-11df-a41a-001e101f3356}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e26a930d-b298-11df-a41a-001e101f3356}\Shell - "" = AutoRun
O33 - MountPoints2\{e26a930d-b298-11df-a41a-001e101f3356}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e26a930d-b298-11df-a41a-001e101f3356}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e26a9319-b298-11df-a41a-001e101f3356}\Shell - "" = AutoRun
O33 - MountPoints2\{e26a9319-b298-11df-a41a-001e101f3356}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e26a9319-b298-11df-a41a-001e101f3356}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e26a9320-b298-11df-a41a-001e101f3356}\Shell - "" = AutoRun
O33 - MountPoints2\{e26a9320-b298-11df-a41a-001e101f3356}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e26a9320-b298-11df-a41a-001e101f3356}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e26a9330-b298-11df-a41a-001e101f3356}\Shell - "" = AutoRun
O33 - MountPoints2\{e26a9330-b298-11df-a41a-001e101f3356}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e26a9330-b298-11df-a41a-001e101f3356}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e26a933f-b298-11df-a41a-001e101f3356}\Shell - "" = AutoRun
O33 - MountPoints2\{e26a933f-b298-11df-a41a-001e101f3356}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e26a933f-b298-11df-a41a-001e101f3356}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e26a9362-b298-11df-a41a-001e101f3356}\Shell - "" = AutoRun
O33 - MountPoints2\{e26a9362-b298-11df-a41a-001e101f3356}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e26a9362-b298-11df-a41a-001e101f3356}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e26a93b8-b298-11df-a41a-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{e26a93b8-b298-11df-a41a-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e26a93b8-b298-11df-a41a-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e26a93c3-b298-11df-a41a-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{e26a93c3-b298-11df-a41a-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e26a93c3-b298-11df-a41a-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e9336c8a-27c5-11df-a348-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{e9336c8a-27c5-11df-a348-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9336c8a-27c5-11df-a348-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e9481513-a6d2-11df-a40e-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{e9481513-a6d2-11df-a40e-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9481513-a6d2-11df-a40e-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e9481514-a6d2-11df-a40e-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{e9481514-a6d2-11df-a40e-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9481514-a6d2-11df-a40e-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e9481516-a6d2-11df-a40e-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{e9481516-a6d2-11df-a40e-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9481516-a6d2-11df-a40e-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f57896da-c09c-11df-a42c-ca77b98ee728}\Shell - "" = AutoRun
O33 - MountPoints2\{f57896da-c09c-11df-a42c-ca77b98ee728}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f57896da-c09c-11df-a42c-ca77b98ee728}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f97a7b52-27c4-11df-a347-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{f97a7b52-27c4-11df-a347-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f97a7b52-27c4-11df-a347-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fb5c8d8c-bd8a-11df-a426-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{fb5c8d8c-bd8a-11df-a426-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb5c8d8c-bd8a-11df-a426-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fb5c8d8d-bd8a-11df-a426-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{fb5c8d8d-bd8a-11df-a426-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb5c8d8d-bd8a-11df-a426-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fb5c8d8e-bd8a-11df-a426-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{fb5c8d8e-bd8a-11df-a426-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb5c8d8e-bd8a-11df-a426-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fb5c8d92-bd8a-11df-a426-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{fb5c8d92-bd8a-11df-a426-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb5c8d92-bd8a-11df-a426-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fb5c8d96-bd8a-11df-a426-001617fa4910}\Shell - "" = AutoRun
O33 - MountPoints2\{fb5c8d96-bd8a-11df-a426-001617fa4910}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb5c8d96-bd8a-11df-a426-001617fa4910}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.26 19:28:21 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Bassti\Recent
[2011.04.26 19:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2011.04.26 14:43:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Malwarebytes
[2011.04.26 14:43:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.26 14:43:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.26 14:43:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.26 14:43:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.04.26 14:43:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.14 15:28:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.14 04:57:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Bassti\Desktop\Das_Kraftfuttermischwerk_-_Am_Ende_der_Kirschallee
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.26 20:01:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.04.26 19:15:45 | 000,000,661 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011.04.26 19:12:41 | 000,000,224 | RHS- | M] () -- C:\boot.ini
[2011.04.26 19:06:41 | 000,025,261 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2011.04.26 19:06:41 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.26 19:06:26 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2011.04.26 19:06:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.26 19:06:17 | 2951,925,760 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.26 14:43:52 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 09:49:54 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.26 09:49:53 | 000,462,760 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.26 09:49:53 | 000,085,764 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.26 09:49:53 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.18 21:09:54 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2011.04.18 21:09:54 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2011.04.18 21:09:54 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2011.04.18 21:09:54 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2011.04.18 21:09:54 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2011.04.18 21:09:54 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2011.04.18 21:09:54 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2011.04.18 21:09:54 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2011.04.18 21:09:54 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2011.04.18 21:09:54 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2011.04.18 21:09:54 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2011.04.14 16:11:38 | 002,909,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.08 20:16:00 | 000,021,706 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Eigene Dateien\AnmzulmBAMA.pdf
[2011.04.08 09:47:52 | 086,596,710 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Desktop\PG Podcast 033.mp3
[2011.04.06 13:45:06 | 014,186,665 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Desktop\ 1_Ransom - Ransom.MP3
[2011.04.05 21:56:15 | 008,874,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Bassti\Desktop\schein drügt.mp3
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.26 19:15:45 | 000,000,661 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011.04.26 14:43:52 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 09:55:44 | 2951,925,760 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.08 21:00:16 | 086,596,710 | ---- | C] () -- C:\Dokumente und Einstellungen\Bassti\Desktop\PG Podcast 033.mp3
[2011.04.08 20:16:00 | 000,021,706 | ---- | C] () -- C:\Dokumente und Einstellungen\Bassti\Eigene Dateien\AnmzulmBAMA.pdf
[2011.04.06 13:38:29 | 014,186,665 | ---- | C] () -- C:\Dokumente und Einstellungen\Bassti\Desktop\ 1_Ransom - Ransom.MP3
[2011.04.05 21:55:20 | 008,874,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Bassti\Desktop\schein drügt.mp3
[2011.01.10 20:38:56 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.01.05 12:52:45 | 000,000,245 | ---- | C] () -- C:\WINDOWS\BUHL.INI
[2011.01.05 12:51:01 | 000,000,066 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2010.12.30 15:56:24 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.01.07 13:05:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009.10.06 06:02:58 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2009.10.06 06:02:55 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2009.10.06 06:02:51 | 000,000,004 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2009.08.13 19:28:36 | 000,116,224 | ---- | C] () -- C:\Dokumente und Einstellungen\Bassti\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.13 07:55:48 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Bassti\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.04.14 12:10:58 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\Kernelo2.dll
[2009.03.08 02:37:00 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009.02.21 20:16:50 | 000,000,413 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.02.19 02:22:45 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009.02.19 02:22:45 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008.12.16 05:14:53 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.09.11 23:15:56 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.09.05 16:48:43 | 000,000,652 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008.08.22 22:56:01 | 000,000,229 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2008.08.20 07:34:16 | 000,000,472 | ---- | C] () -- C:\WINDOWS\Videodeluxe.INI
[2008.08.20 02:54:22 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.07.27 00:45:43 | 000,137,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.07.27 00:45:36 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008.07.11 20:29:26 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2008.07.07 03:21:22 | 000,073,216 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2008.03.28 00:57:51 | 000,001,142 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008.03.28 00:56:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.03.13 13:07:07 | 000,000,127 | ---- | C] () -- C:\WINDOWS\XGUSB.INI
[2008.01.24 03:45:20 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008.01.19 02:13:48 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008.01.19 02:13:48 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008.01.19 02:13:48 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008.01.19 02:13:48 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.01.19 02:13:47 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008.01.19 02:13:47 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008.01.07 13:28:37 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008.01.07 13:28:37 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008.01.07 13:28:37 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008.01.07 13:28:37 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008.01.07 13:28:37 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008.01.07 13:28:37 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008.01.07 13:28:37 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008.01.07 13:28:37 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008.01.07 13:28:37 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008.01.07 13:28:37 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2008.01.07 13:28:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008.01.07 13:28:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008.01.07 13:28:37 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008.01.07 13:28:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008.01.07 13:28:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008.01.07 13:28:37 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2008.01.07 13:28:37 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2008.01.07 13:28:37 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008.01.07 13:28:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008.01.07 13:24:35 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE SPR360DEFGIPS.ini
[2008.01.06 17:24:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.12.13 20:16:29 | 000,002,319 | R--- | C] () -- C:\WINDOWS\System32\emaud.ini
[2007.12.13 20:16:29 | 000,000,035 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007.12.13 14:28:05 | 000,004,236 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007.12.13 14:28:05 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\0BB0539641.sys
[2007.12.12 13:25:20 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.10.19 20:41:13 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007.10.19 20:41:13 | 000,147,685 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007.10.19 13:25:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.10.19 13:07:15 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2007.10.19 13:01:09 | 000,000,040 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007.10.19 12:56:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007.10.19 12:51:41 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2007.10.19 12:51:41 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2007.10.19 12:51:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2007.10.19 12:51:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2007.10.19 12:47:23 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2007.03.02 14:59:39 | 000,025,261 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007.03.02 14:59:28 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006.08.10 02:08:16 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\emcoinst.dll
[2006.07.20 02:59:36 | 000,000,763 | R--- | C] () -- C:\WINDOWS\emasio.dat
[2006.06.19 17:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006.06.10 07:17:56 | 000,000,830 | R--- | C] () -- C:\WINDOWS\System32\drivers\emusba10.dat
[2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006.01.27 04:25:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.01.27 04:15:11 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.01.27 03:01:44 | 000,462,760 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.01.27 03:01:44 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.01.27 03:01:44 | 000,085,764 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.01.27 03:01:44 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.01.27 03:01:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.01.27 03:01:21 | 000,444,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.01.27 03:01:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.01.27 03:01:21 | 000,072,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.01.27 03:01:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.01.27 03:01:19 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.01.27 03:01:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.01.27 03:01:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.01.27 03:01:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.01.27 03:01:08 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.01.27 03:01:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.01.27 03:00:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.01.26 19:09:45 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.01.26 19:08:46 | 002,909,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003.08.12 18:16:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2002.10.03 15:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2001.08.07 05:16:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\OTS_UI.EXE
 
========== LOP Check ==========
 
[2007.10.19 13:03:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Borland
[2009.04.14 11:41:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cakewalk
[2009.10.07 11:36:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010.06.17 17:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.06.09 14:58:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
[2007.10.19 13:02:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2008.12.16 05:17:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2007.10.19 13:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC-Doctor
[2008.01.22 15:01:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2008.07.12 15:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2008.01.07 13:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2010.08.13 18:38:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2010.12.10 22:15:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0AEBF1A0-ACF3-4096-A94E-50C0AFEA6A18}
[2010.11.23 23:45:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{2F1A850B-9DA6-4E4A-AB2A-E9005D72D5B2}
[2011.02.07 01:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{4275E5EA-6E30-48EB-A209-F964539CBE1C}
[2010.11.23 23:45:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{47960B9E-9E4E-438D-AA0C-2F495913AD7E}
[2010.11.23 23:30:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{51753DAD-2BAB-4BB2-A4AA-CAAEF5AA972B}
[2010.11.23 23:07:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{6268CC84-62BB-4890-B980-FC891FC3470E}
[2010.11.23 22:50:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{B5F0C192-874D-49A8-88D7-8431E3714756}
[2011.02.07 01:14:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BF329843-149E-4A5A-82A1-0250286442D0}
[2010.12.10 22:22:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C5A0D307-9319-4B00-9734-C0F4B0454A7B}
[2010.11.24 02:03:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{E6F7E8AE-5D26-4508-A961-B0231A24CCAE}
[2010.03.04 21:39:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Bytemobile
[2011.04.25 10:18:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Dropbox
[2011.04.25 18:52:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\ICQ
[2011.01.24 04:01:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\iZotope
[2009.10.08 10:22:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Leadertech
[2010.07.25 10:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\SoundSpectrum
[2009.11.07 18:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Steinberg
[2010.03.04 21:39:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Vodafone
[2010.03.05 20:49:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Vodafone Mobile Connect
[2011.03.18 01:09:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\VST3 Presets
[2009.08.14 18:43:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bassti\Anwendungsdaten\Waves Audio
 
========== Purity Check ==========
 
 

< End of report >
MBAM-LOG vor löschen der infizierten Dateien:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6447

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.04.2011 17:56:58
mbam-log-2011-04-26 (17-56-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Durchsuchte Objekte: 461542
Laufzeit: 3 Stunde(n), 6 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 13
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 9
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Value: rundll32.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WAB (Trojan.Dropper) -> Value: WAB -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syscheckrt.exe (Trojan.SpyEyes) -> Value: syscheckrt.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\06dbc04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\06dbc04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\06dbc04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\06dbc04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\06dbc04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\06dbc04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Midi1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\06dbc04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\06dbc04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\syscheckrt (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programme\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\programme\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.
c:\syscheckrt\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
zweiter Scan:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6447

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.04.2011 19:38:04
mbam-log-2011-04-26 (19-38-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 192185
Laufzeit: 7 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
ich hoffe dass mir geholfen werden kann
danke schonmal im vorraus

 

Themen zu BKA-Trojaner Windows XP readme[1].exe
0x00000001, adobe, antivir, aufrufe, avgntflt.sys, avira, bho, bka-trojaner windows xp, c:\windows\system32\rundll32.exe, desktop, einstellungen, error, explorer, festplatte, firefox, format, infizierte, lenovo, location, logfile, monitor, mozilla, msimg32.dll, neustart, oldtimer, pdf, plug-in, pup.funwebproducts, ransom, realtek, registry, rundll, scan, searchplugins, searchscopes, shell32.dll, software, sptd.sys, temp, windows, windows xp


« Trojaner 18145076 | AntiVir meldet TR/Kazy.mekml.1, OTLogfile »


Ähnliche Themen: BKA-Trojaner Windows XP readme[1].exe


  1. Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002
    Log-Analyse und Auswertung - 11.09.2015 (60)
  2. Windows 7: Trojaner - Windows Updates, Firewall defekt
    Log-Analyse und Auswertung - 20.03.2015 (24)
  3. Windows 7: Nach BKA Trojaner Fehlermeldung beim Starten, Windows Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 18.11.2014 (9)
  4. *.LOCKED - README TO UNLOCK.txt - Verschlüsselungs - Virus
    Plagegeister aller Art und deren Bekämpfung - 17.04.2014 (7)
  5. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  6. windows verschlüsselungs Flirtfever-Trojaner, Windows XP
    Log-Analyse und Auswertung - 13.06.2012 (1)
  7. Nach BKA Trojaner, Windows Firewall deaktiviert sich (Windows XP)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  8. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  9. UKash Windows Secure Trojaner mit Windows XP eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  10. Windows 7 hat einen Windows Update Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (5)
  11. Windows Notfall Sicherheits Update Center - Windows XP Trojaner
    Log-Analyse und Auswertung - 21.05.2012 (2)
  12. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  13. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  14. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  15. 'Windows Security Center' Trojaner - Windows-Benutzer gesperrt !
    Log-Analyse und Auswertung - 16.03.2012 (5)
  16. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)
  17. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA-Trojaner Windows XP readme[1].exe - Ich hab mir gestern den BKA-trojaner eingefangen. Die Symptome sind dieselben wie in anderen Threads beschrieben: -die Dateien auf dem Desktop sind nicht sichtbar -Taskmanager lässt sich im normalen Modus - BKA-Trojaner Windows XP readme[1].exe...
Archiv
Du betrachtest: BKA-Trojaner Windows XP readme[1].exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19