![]() |
|
Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1 - was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
|
![]() | #1 |
| ![]() TR/Kazy.mekml.1 - was tun? Hallo zusammen, ich bin neu hier und würde mich über eure Hilfe sehr freuen. Leider habe ich nicht sehr viel Ahnung. Habe aber schon ein bisschen gelesen und hoffe euch gleich die richtigen Informationen zu liefern. Habe gelesen, dass man Malwarebytes Logs und die OTL logs hier posten soll, habe dieses nun mal getan und hoffe es ist so richtig und ihr könnt mir helfen. Malware - Log Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6551 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 11.05.2011 04:18:17 mbam-log-2011-05-11 (04-18-17).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 156707 Laufzeit: 6 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: c:\programdata\kmsaskyhhcwx.exe (Rogue.Installer.Gen) -> 3176 -> Unloaded process successfully. Infizierte Speichermodule: c:\Users\Baileys\AppData\Local\ng4040.dll (Trojan.Hiloti) -> Delete on reboot. c:\Users\Baileys\AppData\Local\eyisazukuyaseza.dll (Trojan.Agent.U) -> Delete on reboot. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rparakuqeja (Trojan.Hiloti) -> Value: Rparakuqeja -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KMsAsKYhhcwX (Rogue.Installer.Gen) -> Value: KMsAsKYhhcwX -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ddomukacegala (Trojan.Agent.U) -> Value: Ddomukacegala -> Delete on reboot. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Baileys\AppData\Local\ng4040.dll (Trojan.Hiloti) -> Delete on reboot. c:\programdata\kmsaskyhhcwx.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Users\Baileys\AppData\Local\Temp\0.3172997837472512.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Baileys\AppData\Local\Temp\tmp6775.tmp (Rogue.Installer.Gen) -> Delete on reboot. c:\Users\Baileys\AppData\Roaming\Adobe\plugs\mmc217.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Baileys\AppData\Local\eyisazukuyaseza.dll (Trojan.Agent.U) -> Delete on reboot. Code:
ATTFilter OTL logfile created on: 5/11/2011 4:20:15 AM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Baileys\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free 6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 138.99 Gb Total Space | 107.30 Gb Free Space | 77.20% Space Free | Partition Type: NTFS Drive D: | 139.00 Gb Total Space | 131.42 Gb Free Space | 94.55% Space Free | Partition Type: NTFS Computer Name: BAILEYS-PC | User Name: Baileys | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Baileys\AppData\Roaming\Adobe\plugs\mmc1.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) ========== Modules (SafeList) ========== MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation) DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (rtport) -- C:\Windows\System32\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (Serial) -- C:\windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.) DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=3ed7899b0000000000004c0f6e8b1fe8&tlver=1.4.19.19&affID=17159 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=3ed7899b0000000000004c0f6e8b1fe8&tlver=1.4.19.19&affID=17159 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110329release FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=3ed7899b0000000000004c0f6e8b1fe8&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de#t_0" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 16:04:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/25 19:12:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/01 16:07:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/04/22 20:38:13 | 000,000,000 | ---D | M] [2011/01/27 02:35:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Baileys\AppData\Roaming\mozilla\Extensions [2011/01/08 00:53:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Baileys\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/01/27 02:35:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Baileys\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com [2011/04/29 02:17:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Baileys\AppData\Roaming\mozilla\Firefox\Profiles\az730lx2.default\extensions [2011/01/20 21:07:39 | 000,003,915 | -H-- | M] () -- C:\Users\Baileys\AppData\Roaming\Mozilla\Firefox\Profiles\az730lx2.default\searchplugins\sweetim.xml [2011/01/20 21:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/01/07 14:05:07 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011/01/11 05:21:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2011/05/11 02:51:39 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\BAILEYS\APPDATA\LOCAL\{ECD1A716-4588-4366-9943-DA5B5D727363} [2011/05/01 16:04:45 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/01/11 05:21:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011/04/09 09:35:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/04/09 09:48:33 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011/04/09 09:35:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/04/09 09:35:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/04/09 09:35:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/04/09 09:35:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/04/09 09:35:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Ddomukacegala] C:\Users\Baileys\AppData\Local\eyisazukuyaseza.dll (Conexant Systems Inc.) O4 - HKCU..\Run: [Rparakuqeja] C:\Users\Baileys\AppData\Local\ng4040.dll (Voxware, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3f23b376-440b-11e0-bb89-002454cb7cfa}\Shell - "" = AutoRun O33 - MountPoints2\{3f23b376-440b-11e0-bb89-002454cb7cfa}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{85b47755-30c8-11e0-b842-002454cb7cfa}\Shell - "" = AutoRun O33 - MountPoints2\{85b47755-30c8-11e0-b842-002454cb7cfa}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{85b4775f-30c8-11e0-b842-002454cb7cfa}\Shell - "" = AutoRun O33 - MountPoints2\{85b4775f-30c8-11e0-b842-002454cb7cfa}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ac728b1f-3df0-11e0-bef0-002454cb7cfa}\Shell - "" = AutoRun O33 - MountPoints2\{ac728b1f-3df0-11e0-bef0-002454cb7cfa}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ac728b34-3df0-11e0-bef0-002454cb7cfa}\Shell - "" = AutoRun O33 - MountPoints2\{ac728b34-3df0-11e0-bef0-002454cb7cfa}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ebafa77c-70d1-11e0-99da-002454cb7cfa}\Shell - "" = AutoRun O33 - MountPoints2\{ebafa77c-70d1-11e0-99da-002454cb7cfa}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/05/11 04:09:22 | 000,000,000 | ---D | C] -- C:\Users\Baileys\AppData\Roaming\Malwarebytes [2011/05/11 04:09:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/05/11 04:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/11 04:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/05/11 04:08:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/05/11 04:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/05/11 03:42:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Baileys\Desktop\OTL.exe [2011/05/11 02:51:39 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{ECD1A716-4588-4366-9943-DA5B5D727363} [2011/05/10 16:07:04 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{43D0507C-296C-49CC-97DC-966338248A52} [2011/05/10 15:43:21 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{56231C92-64C8-428D-90A5-48BA34997031} [2011/05/09 21:35:00 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{50AE4613-F75F-452C-83C2-48B802C6FEF2} [2011/05/09 09:34:25 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{BB7B49AD-0399-4F39-9C3B-1C79647860CE} [2011/05/08 21:02:38 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{3657AFB3-DF08-441A-A60A-E2DE683775F7} [2011/05/08 02:25:44 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{FAC8D531-D6DB-4EFE-A015-4523A68ECE7B} [2011/05/07 11:06:53 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{7011F6F1-5BDE-424A-82AC-4FB33551C725} [2011/05/06 15:44:43 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{17102787-1659-422D-989D-8DAA0E1DCDF5} [2011/05/05 18:30:25 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{48C103C4-F80A-44FA-835E-AE5F854C1CB5} [2011/05/04 17:21:06 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{C172829B-7159-4E7B-B5DF-AAB91802D159} [2011/05/04 03:55:36 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{9C6DC8FE-C621-46E9-B5AD-903848A591E4} [2011/05/03 15:55:09 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{06583A8F-2BBD-4564-9AA4-05794AD5EC52} [2011/05/02 23:22:59 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{9ADAB908-6239-4006-9A61-A21C54408CF2} [2011/05/02 11:22:31 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{FAB7D5D5-A4A5-4064-8D08-11AC43A9403C} [2011/05/01 16:52:44 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{7D9C8003-E537-4DDF-918D-9EB5E17E281C} [2011/05/01 16:06:04 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{0CE40FA7-4FDD-4AD7-8ABC-146AAC956593} [2011/05/01 01:27:06 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{CBF981D7-A23E-4A72-860F-2624F9796FC6} [2011/04/30 13:26:31 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{45047024-EE1C-4E50-90CC-7F7CAE3A083C} [2011/04/29 19:07:48 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{7FC5ECBF-FE07-456D-B2F4-C991FC29D1A3} [2011/04/28 15:47:51 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{E4D36517-A6CA-4CBC-A22F-FF906814F789} [2011/04/27 22:06:48 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{1CCEA57C-49B9-434E-B738-891E78D37C3C} [2011/04/27 16:20:19 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2011/04/27 16:19:39 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders [2011/04/27 16:13:31 | 000,258,048 | ---- | C] (Conexant Systems Inc.) -- C:\Users\Baileys\AppData\Local\eyisazukuyaseza.dll [2011/04/27 16:13:31 | 000,118,784 | ---- | C] (Voxware, Inc.) -- C:\Users\Baileys\AppData\Local\ng4040.dll [2011/04/27 16:12:58 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\System32\fms.dll [2011/04/27 15:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone [2011/04/27 15:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Vodafone [2011/04/27 15:31:12 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{460B8D94-E5AF-4A67-B475-D079D5805431} [2011/04/26 18:28:44 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{4B295FEA-770B-445B-BCA0-F0C931B4727A} [2011/04/25 19:35:56 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{7961D91A-410B-4D15-BBAE-27C16803E7D6} [2011/04/23 06:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2011/04/22 22:41:39 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{6124D63F-CE3D-47DB-A7CF-16E7141A6A54} [2011/04/22 20:43:40 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Roaming\Nokia Ovi Suite [2011/04/22 20:43:39 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Roaming\Nokia [2011/04/22 20:41:15 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\NokiaAccount [2011/04/22 20:39:45 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\Nokia [2011/04/22 20:39:43 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Roaming\PC Suite [2011/04/22 20:39:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Suite [2011/04/22 20:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2011/04/22 20:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2011/04/22 20:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2011/04/22 20:38:08 | 000,018,816 | ---- | C] (Nokia) -- C:\windows\System32\drivers\pccsmcfd.sys [2011/04/22 20:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2011/04/22 20:37:26 | 000,075,264 | ---- | C] (Nokia) -- C:\windows\System32\nmwcdcls.dll [2011/04/22 20:36:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\NokiaInstallerCache [2011/04/22 20:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia [2011/04/22 10:41:12 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{DD5F50AD-C2A9-4B21-9AC9-E8FA8F58A621} [2011/04/21 10:48:40 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{8D44564F-7CD5-42A9-A5F7-CBE00C614A37} [2011/04/20 18:54:40 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{B0178AAE-E8E0-4B7D-86FA-0A9DCF235E3A} [2011/04/20 04:33:09 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{A8AD07BE-001B-4F73-9E6A-6D18A300A443} [2011/04/19 16:05:39 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{7C16A1A7-5750-454D-A337-F90436813F9A} [2011/04/18 15:43:18 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{C2589FB9-F185-40A3-936A-D1544AEAE6E3} [2011/04/18 03:49:37 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{C78D2C9C-E597-45EC-86F7-EB57539110B3} [2011/04/18 03:42:30 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{55FF3D84-7FA0-43E1-87BF-FE7FAAAC783C} [2011/04/18 03:37:51 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{2A638369-79C7-4481-BA9B-7FCD71AC09D3} [2011/04/17 15:37:24 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{7EDDA988-8114-46F6-A1B9-AADF915E23D5} [2011/04/16 23:34:48 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{AB724F29-6E23-4D2C-9AFE-551DC8048293} [2011/04/16 11:34:21 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{B718824E-ED12-4847-9178-86AFEA8AB180} [2011/04/15 23:33:02 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{D02F5D97-5FDC-457E-9302-7A2E1BDC4CCC} [2011/04/15 11:32:36 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{7F0261F4-BD3F-471C-B0D2-1AE130ECE6C2} [2011/04/14 22:55:30 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{4F2C6D2A-8DD0-43B7-93AE-D559C14DB068} [2011/04/14 10:55:04 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{1072F0AC-E26E-4FC9-94AE-5D0C3BCC8CFC} [2011/04/13 22:25:10 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{7405CE31-CB08-4FEE-8069-0BE601EF581D} [2011/04/13 04:14:19 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{E1F9A57A-978F-4C51-B2F5-DD04A08585D4} [2011/04/12 15:17:25 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{58BE38FD-5214-49A4-A7BC-D30481CDFF39} [2011/04/11 17:04:46 | 000,000,000 | -H-D | C] -- C:\Users\Baileys\AppData\Local\{F24C43A7-F6AD-4271-AF3B-94F9CAF4C3C9} [2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2011/05/11 04:19:03 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\xgfajcqn.sys [2011/05/11 04:09:01 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/11 03:54:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/05/11 03:42:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Baileys\Desktop\OTL.exe [2011/05/11 02:51:40 | 000,000,120 | -H-- | M] () -- C:\Users\Baileys\AppData\Local\Inedisidubadi.dat [2011/05/11 02:51:40 | 000,000,000 | -H-- | M] () -- C:\Users\Baileys\AppData\Local\Owuniki.bin [2011/05/11 02:49:53 | 000,000,000 | -H-- | M] () -- C:\Users\Baileys\2gweorjqjutp92vjy9gake [2011/05/10 23:54:00 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011/05/10 15:49:01 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/05/10 15:49:01 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/05/10 15:41:40 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl [2011/05/10 15:41:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/05/10 15:41:30 | 3150,561,280 | -HS- | M] () -- C:\hiberfil.sys [2011/05/04 22:16:41 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011/05/04 22:16:41 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/05/04 22:16:41 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011/05/04 22:16:41 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/04/27 16:40:46 | 000,277,656 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2011/04/27 16:24:31 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf [2011/04/22 20:47:24 | 000,007,680 | -H-- | M] () -- C:\Users\Baileys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/22 20:40:52 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2011/04/22 20:29:40 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf ========== Files Created - No Company Name ========== [2011/05/11 04:19:03 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\xgfajcqn.sys [2011/05/11 04:09:01 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/11 02:51:40 | 000,000,120 | -H-- | C] () -- C:\Users\Baileys\AppData\Local\Inedisidubadi.dat [2011/05/11 02:51:40 | 000,000,000 | -H-- | C] () -- C:\Users\Baileys\AppData\Local\Owuniki.bin [2011/05/11 02:49:53 | 000,000,000 | -H-- | C] () -- C:\Users\Baileys\2gweorjqjutp92vjy9gake [2011/04/27 16:24:31 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf [2011/04/27 16:13:40 | 000,146,852 | ---- | C] () -- C:\windows\System32\systemsf.ebd [2011/04/27 16:12:46 | 000,010,429 | ---- | C] () -- C:\windows\System32\ScavengeSpace.xml [2011/04/27 16:12:37 | 000,105,559 | ---- | C] () -- C:\windows\System32\RacRules.xml [2011/04/22 20:46:55 | 000,007,680 | -H-- | C] () -- C:\Users\Baileys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/22 20:40:52 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2011/04/22 20:29:40 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011/01/07 14:05:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/01/07 10:50:06 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config [2010/06/14 01:33:19 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2010/06/14 01:10:58 | 000,000,832 | ---- | C] () -- C:\windows\HotFixList.ini [2010/06/13 03:47:23 | 000,654,610 | ---- | C] () -- C:\windows\System32\perfh007.dat [2010/06/13 03:47:23 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2010/06/13 03:47:23 | 000,130,192 | ---- | C] () -- C:\windows\System32\perfc007.dat [2010/06/13 03:47:23 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2010/06/13 03:26:14 | 000,004,608 | ---- | C] () -- C:\windows\System32\HdmiCoin.dll [2010/06/13 03:26:13 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/10/15 19:17:10 | 000,130,520 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 06:33:53 | 000,277,656 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,616,452 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,106,574 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat ========== LOP Check ========== [2011/02/05 03:41:21 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\Bytemobile [2011/05/08 15:29:27 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\FreeFLVConverter [2011/05/05 23:36:26 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\IMVU [2011/04/09 16:37:50 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\IMVUClient [2011/02/07 01:03:38 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\Mp3tag [2011/04/22 20:43:39 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\Nokia [2011/04/22 20:43:40 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\Nokia Ovi Suite [2011/04/22 20:42:11 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\PC Suite [2011/05/10 01:58:30 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\SoftGrid Client [2011/01/10 00:39:46 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\TeamViewer [2011/01/08 00:53:41 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\Thunderbird [2011/01/30 02:20:54 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\TP [2011/01/27 02:42:08 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\Vivox [2011/03/01 22:05:45 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\Vodafone [2011/02/05 03:46:18 | 000,000,000 | -H-D | M] -- C:\Users\Baileys\AppData\Roaming\Vodafone Mobile Connect [2011/05/08 11:13:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 5/11/2011 4:20:15 AM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Baileys\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free 6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 138.99 Gb Total Space | 107.30 Gb Free Space | 77.20% Space Free | Partition Type: NTFS Drive D: | 139.00 Gb Total Space | 131.42 Gb Free Space | 94.55% Space Free | Partition Type: NTFS Computer Name: BAILEYS-PC | User Name: Baileys | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23 "{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager "{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BabylonToolbar" = Babylon toolbar "Free FLV Converter_is1" = Free FLV Converter V 6.96.0 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Marvell Miniport Driver" = Marvell Miniport Driver "Messenger Plus!" = Messenger Plus! 5 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de) "Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10) "Mp3tag" = Mp3tag v2.48 "Nokia Ovi Suite" = Nokia Ovi Suite "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 6" = TeamViewer 6 "Winamp" = Winamp "Winamp Offizielle Deutsche Sprachdatei Plus" = Winamp Offizielle Deutsche Sprachdatei Plus v5.60.1 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/7/2011 7:37:37 PM | Computer Name = Baileys-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4181 Error - 5/7/2011 7:37:37 PM | Computer Name = Baileys-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4181 Error - 5/7/2011 7:37:38 PM | Computer Name = Baileys-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/7/2011 7:37:38 PM | Computer Name = Baileys-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5460 Error - 5/7/2011 7:37:38 PM | Computer Name = Baileys-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5460 Error - 5/7/2011 7:37:40 PM | Computer Name = Baileys-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/7/2011 7:37:40 PM | Computer Name = Baileys-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6568 Error - 5/7/2011 7:37:40 PM | Computer Name = Baileys-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6568 Error - 5/7/2011 8:07:36 PM | Computer Name = Baileys-PC | Source = VMCService | ID = 0 Description = GetProcessOwner Error - 5/7/2011 8:15:00 PM | Computer Name = Baileys-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue [ System Events ] Error - 3/7/2011 5:39:55 AM | Computer Name = Baileys-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: tcpipBM Error - 3/7/2011 5:09:59 PM | Computer Name = Baileys-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: tcpipBM Error - 3/7/2011 10:36:39 PM | Computer Name = Baileys-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: tcpipBM Error - 3/7/2011 11:18:32 PM | Computer Name = Baileys-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: tcpipBM Error - 3/8/2011 5:53:48 AM | Computer Name = Baileys-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: tcpipBM Error - 3/8/2011 12:36:19 PM | Computer Name = Baileys-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: tcpipBM Error - 3/11/2011 11:00:58 AM | Computer Name = Baileys-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398 Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle Auftragsanzahl für den Baileys-PC\Baileys-Benutzer ("60") ist gleich oder größer als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird, bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits pro Benutzer und pro Computer zu erhöhen. Error - 3/29/2011 4:15:00 PM | Computer Name = Baileys-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?29.?03.?2011 um 13:23:05 unerwartet heruntergefahren. Error - 4/1/2011 10:44:40 AM | Computer Name = Baileys-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?01.?04.?2011 um 12:46:57 unerwartet heruntergefahren. Error - 4/7/2011 5:19:41 AM | Computer Name = Baileys-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?07.?04.?2011 um 03:28:55 unerwartet heruntergefahren. < End of report > Geändert von Baileys (11.05.2011 um 03:26 Uhr) Grund: logs hinzugefügt |
Themen zu TR/Kazy.mekml.1 - was tun? |
antivir, audiograbber, autorun, avgntflt.sys, avira, babylon toolbar, babylontoolbar, bho, bonjour, desktop, error, fehler, firefox, flash player, gruppe, home, install.exe, installation, launch, location, logfile, microsoft office starter 2010, mozilla, mozilla thunderbird, mp3, object, oldtimer, plug-in, problem, realtek, registry, richtlinie, rogue.installer.gen, rundll, scan, sched.exe, searchplugins, security, shell32.dll, software, start menu, sweetim, taskhost.exe, trojan.agent.u, vodafone, was tun, webcheck, windows, windows live mesh |