Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

kozanekosearchsystem.com [Closed]

Started by WatchMC , Dec 04 2011 07:53 AM

This topic is locked

#1
WatchMC

Posted 04 December 2011 - 07:53 AM

New Member

Member
4 posts

Hi there forum.

I am new top this and not sure if I need to open a new thread or if the very detailed answers provided before apply to any computer.
I recently upgraded my girlfriend's computer to Windows 7 Ultimate.

I am running the latest McAfee Internet Security but still all my browsers got hijacked by kozanekosearchsystem.com

I am located in Germany and it appears as if this virus is not well known here because I cannot find any German language forum entries regarding this. Can you please help me out and advise how I can get rid of this threat?

I appreaciate any help I can get on this. Thank you.

#2
Render

Posted 04 December 2011 - 10:24 AM

Trusted Helper

Malware Removal
4,195 posts

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
Please reply within 3 days to be fair to other people asking for help.
Please tell me if you have your original Windows CD/DVD available
When in doubt, please stop and ask first. There's no harm in asking questions!

Please follow the steps below:

Step 1

Please download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it.
When asked if you want to download Avast's virus definitions please select Yes.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.
Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply

Step 2

Posted Image

OTL Custom Scan

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Under the Extra Registry section, check Use SafeList
Check the boxes beside LOP Check and Purity Check.

Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

aswMBR log and attached zipped MBR.dat file
OTL scan log
Extras log

#3
WatchMC

Posted 07 December 2011 - 06:32 PM

New Member

Topic Starter
Member
4 posts

Hi Render.

Thank you for your help. Please excuse my delayed reply. I was on an extended work engagement and could not respond.

I hope you will still be able to help me fix this.

Here are the logs you asked me to create:

aswMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-08 00:56:00
-----------------------------
00:56:00.878 OS Version: Windows 6.1.7600
00:56:00.878 Number of processors: 2 586 0x170A
00:56:00.880 ComputerName: MAUSISTATION UserName: Miriam
00:56:02.948 Initialize success
00:58:08.134 AVAST engine defs: 11120701
00:58:11.108 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
00:58:11.112 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 11
00:58:13.128 Disk 0 MBR read successfully
00:58:13.133 Disk 0 MBR scan
00:58:13.140 Disk 0 Windows 7 default MBR code
00:58:13.146 Disk 0 scanning sectors +625139712
00:58:13.234 Disk 0 scanning C:\Windows\system32\drivers
00:58:17.342 File: C:\Windows\system32\drivers\cdrom.sys **INFECTED** Win32:Sirefef-FX [Rtk]
00:58:24.383 Service scanning
00:58:25.084 Service cdrom C:\Windows\system32\DRIVERS\cdrom.sys **LOCKED** 32
00:58:25.782 Modules scanning
00:58:26.902 Module: C:\Windows\system32\DRIVERS\cdrom.sys **SUSPICIOUS**
00:58:32.729 Disk 0 trace - called modules:
00:58:33.126 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86557230]<<
00:58:33.134 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8619b778]
00:58:33.141 3 CLASSPNP.SYS[8b88159e] -> nt!IofCallDriver -> [0x865311a8]
00:58:33.147 \Driver\00000395[0x86531030] -> IRP_MJ_CREATE -> 0x86557230
00:58:34.728 AVAST engine scan C:\Windows
00:58:36.885 AVAST engine scan C:\Windows\system32
00:59:15.021 File: C:\Windows\system32\mfevtps.exe **INFECTED** Win32:Patched-WQ [Trj]
01:00:11.271 AVAST engine scan C:\Windows\system32\drivers
01:00:15.259 File: C:\Windows\system32\drivers\cdrom.sys **INFECTED** Win32:Sirefef-FX [Rtk]
01:00:22.933 AVAST engine scan C:\Users\Miriam
01:15:09.705 AVAST engine scan C:\ProgramData
01:16:20.356 Scan finished successfully
01:16:43.028 Disk 0 MBR has been saved successfully to "C:\Users\Miriam\Desktop\MBR.dat"
01:16:43.034 The log file has been saved successfully to "C:\Users\Miriam\Desktop\aswMBR.txt"

OTL

OTL logfile created on: 08.12.2011 01:20:52 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Miriam\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,86% Memory free
5,98 Gb Paging File | 4,96 Gb Available in Paging File | 82,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,48 Gb Total Space | 202,90 Gb Free Space | 71,07% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,57 Gb Free Space | 45,75% Space Free | Partition Type: NTFS

Computer Name: MAUSISTATION | User Name: Miriam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.08 00:57:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Miriam\Desktop\OTL.exe
PRC - [2011.11.21 05:21:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.09.16 18:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007.05.09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe

========== Modules (No Company Name) ==========

MOD - [2011.12.03 15:21:53 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.21 05:21:43 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.01.21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.01.09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.07.14 02:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL

========== Win32 Services (SafeList) ==========

SRV - [2011.12.04 00:43:39 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011.10.18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011.10.18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011.10.18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010.01.21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - [2011.10.15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011.10.15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011.10.15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011.10.15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011.10.15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011.10.15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.10.15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011.10.15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011.10.15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:11:26 | 000,108,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2007.10.10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.03.05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-278387965-4177780942-1799314728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.msn.com/?ocid=ie9hp
IE - HKU\S-1-5-21-278387965-4177780942-1799314728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-278387965-4177780942-1799314728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-278387965-4177780942-1799314728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-278387965-4177780942-1799314728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-278387965-4177780942-1799314728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 E9 ED 25 63 9A CC 01 [binary data]
IE - HKU\S-1-5-21-278387965-4177780942-1799314728-1001\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKU\S-1-5-21-278387965-4177780942-1799314728-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011.12.04 13:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.03 23:57:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.12.03 23:57:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miriam\AppData\Roaming\mozilla\Extensions
[2011.12.03 23:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.06 14:44:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\Mcafee\SystemCore\ScriptSn.20111203234935.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-278387965-4177780942-1799314728-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-278387965-4177780942-1799314728-1001..\Run: [Spyware Doctor] C:\Users\Miriam\Desktop\sdsetup_revwire207.exe -min File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\pnrpnsp.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-278387965-4177780942-1799314728-1001\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-278387965-4177780942-1799314728-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-278387965-4177780942-1799314728-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77C32088-76D7-451C-9870-DF196743D9F5}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1189d0ca-0656-11e1-8fb0-0023ae16d868}\Shell - "" = AutoRun
O33 - MountPoints2\{1189d0ca-0656-11e1-8fb0-0023ae16d868}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011.12.08 00:57:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Miriam\Desktop\OTL.exe
[2011.12.04 13:55:41 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Roaming\McAfee
[2011.12.04 13:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.12.04 13:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.12.04 13:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.12.03 23:57:16 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Roaming\Mozilla
[2011.12.03 23:49:33 | 000,009,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011.12.03 23:49:25 | 000,338,176 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011.12.03 23:49:25 | 000,180,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011.12.03 23:49:25 | 000,165,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2011.12.03 23:49:25 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011.12.03 23:49:25 | 000,064,880 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011.12.03 23:49:25 | 000,059,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011.12.03 23:49:25 | 000,057,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011.12.03 23:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011.12.03 23:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011.12.03 23:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011.12.03 23:43:16 | 000,150,856 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011.12.03 23:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011.12.03 23:01:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.03 22:22:28 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Roaming\WinRAR
[2011.12.03 22:22:28 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.12.03 22:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.12.03 22:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.12.03 22:09:21 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.12.03 22:05:23 | 000,000,000 | -HSD | C] -- C:\Users\Miriam\AppData\Local\63684d05
[2011.12.03 22:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2011.12.03 22:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011.12.03 15:22:58 | 000,000,000 | ---D | C] -- C:\Users\Miriam\Desktop\Canon
[2011.12.03 15:22:46 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Roaming\ZoomBrowser EX
[2011.12.03 15:22:25 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Roaming\Canon
[2011.12.03 15:10:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Canon MyCameraFiles
[2011.12.03 15:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2011.12.03 15:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011.12.03 15:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011.12.03 15:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2011.11.27 23:10:15 | 000,000,000 | ---D | C] -- C:\9a6472ad7d642931fd99e6
[2011.11.25 22:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2011.11.25 22:07:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2011.11.25 22:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2011.11.25 21:40:54 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Roaming\SumatraPDF
[2011.11.25 21:40:48 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader
[2011.11.25 20:59:51 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Local\Google
[2011.11.25 20:59:49 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011.11.25 20:59:46 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Local\Conduit
[2011.11.24 15:34:17 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Roaming\gtk-2.0
[2011.11.24 15:33:34 | 000,000,000 | ---D | C] -- C:\Users\Miriam\.thumbnails
[2011.11.24 15:27:14 | 000,000,000 | ---D | C] -- C:\Users\Miriam\Documents\gegl-0.0
[2011.11.24 15:27:14 | 000,000,000 | ---D | C] -- C:\Users\Miriam\.gimp-2.6
[2011.11.24 15:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011.11.24 15:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2011.11.24 14:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2011.11.24 14:28:36 | 000,023,376 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmn7.dll
[2011.11.24 14:28:36 | 000,020,816 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmi7.dll
[2011.11.24 14:28:36 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Roaming\Softland
[2011.11.24 14:28:34 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2011.11.24 14:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7
[2011.11.24 14:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2011.11.24 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Roaming\Apple Computer
[2011.11.24 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Local\Apple Computer
[2011.11.24 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.24 14:25:41 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011.11.24 14:25:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.11.24 14:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.24 14:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.24 14:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.11.24 14:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.11.24 14:24:12 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Local\Apple
[2011.11.24 14:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.11.24 14:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.11.24 14:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.11.24 14:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011.11.24 14:17:56 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Local\Adobe
[2011.11.24 14:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.11.24 14:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.11.24 14:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.11.24 12:52:03 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011.11.24 12:52:02 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011.11.24 12:52:01 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011.11.24 12:51:55 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011.11.24 12:51:54 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011.11.24 12:51:43 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011.11.24 12:51:42 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.11.24 12:51:17 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.11.24 12:51:17 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.11.24 12:51:16 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.11.24 12:51:16 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011.11.24 12:51:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.11.24 12:51:15 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011.11.24 12:51:12 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.11.24 12:51:09 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.11.24 12:51:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.11.24 12:50:37 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011.11.24 12:50:37 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011.11.24 12:50:37 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011.11.24 12:50:37 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011.11.24 12:50:37 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011.11.24 12:50:37 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011.11.24 12:50:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011.11.24 12:50:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011.11.24 12:49:48 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011.11.24 12:49:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011.11.24 12:49:28 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011.11.24 12:49:22 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.11.24 12:49:22 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.11.24 12:37:09 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011.11.24 12:35:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.11.24 12:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011.11.24 12:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.11.24 12:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011.11.24 12:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011.11.24 12:04:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.11.24 12:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011.11.24 12:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011.11.24 12:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011.11.24 12:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011.11.24 11:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011.11.24 11:45:47 | 000,000,000 | ---D | C] -- C:\Users\Miriam\AppData\Local\Microsoft Help
[2011.11.24 11:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.11.24 11:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.11.24 11:42:33 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.11.08 21:15:01 | 002,339,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2011.12.08 01:17:02 | 000,000,578 | ---- | M] () -- C:\Users\Miriam\Desktop\MBR.zip
[2011.12.08 01:16:43 | 000,000,512 | ---- | M] () -- C:\Users\Miriam\Desktop\MBR.dat
[2011.12.08 00:57:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Miriam\Desktop\OTL.exe
[2011.12.08 00:52:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.07 20:17:28 | 000,020,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.07 20:17:28 | 000,020,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.07 20:14:41 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.07 20:14:41 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.07 20:14:41 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.07 20:14:41 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.07 20:10:01 | 2408,087,552 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.04 13:55:41 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2011.12.04 13:30:06 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011.12.03 23:57:13 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.03 23:04:32 | 000,383,592 | RHS- | M] () -- C:\gdrop
[2011.12.03 23:04:32 | 000,171,136 | RHS- | M] () -- C:\xeldr
[2011.12.03 23:04:32 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2011.12.03 22:05:34 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.03 15:10:46 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2011.12.03 15:09:49 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011.11.25 22:39:32 | 000,406,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.25 21:32:51 | 000,000,043 | ---- | M] () -- C:\END
[2011.11.24 17:39:29 | 000,004,525 | ---- | M] () -- C:\Users\Miriam\.recently-used.xbel
[2011.11.24 15:25:41 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011.11.24 14:30:35 | 000,072,597 | ---- | M] () -- C:\Users\Miriam\Documents\Einzugsermächtigung NERGIE.pdf
[2011.11.24 14:25:43 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.24 14:16:42 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.11.22 11:56:12 | 000,023,376 | ---- | M] (Softland) -- C:\Windows\System32\dopdfmn7.dll
[2011.11.22 11:56:10 | 000,020,816 | ---- | M] (Softland) -- C:\Windows\System32\dopdfmi7.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.08 01:17:02 | 000,000,578 | ---- | C] () -- C:\Users\Miriam\Desktop\MBR.zip
[2011.12.08 01:16:43 | 000,000,512 | ---- | C] () -- C:\Users\Miriam\Desktop\MBR.dat
[2011.12.04 13:55:41 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2011.12.04 13:53:22 | 000,002,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011.12.03 23:57:13 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.12.03 23:57:13 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.03 23:50:26 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011.12.03 23:04:32 | 000,383,592 | RHS- | C] () -- C:\gdrop
[2011.12.03 23:04:32 | 000,171,136 | RHS- | C] () -- C:\xeldr
[2011.12.03 23:04:32 | 000,008,192 | ---- | C] () -- C:\bootsect.lxe.bak
[2011.12.03 15:10:46 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2011.12.03 15:09:49 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011.11.25 21:32:50 | 000,000,043 | ---- | C] () -- C:\END
[2011.11.24 17:39:29 | 000,004,525 | ---- | C] () -- C:\Users\Miriam\.recently-used.xbel
[2011.11.24 15:25:41 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011.11.24 14:30:30 | 000,072,597 | ---- | C] () -- C:\Users\Miriam\Documents\Einzugsermächtigung NERGIE.pdf
[2011.11.24 14:28:36 | 000,007,549 | ---- | C] () -- C:\Windows\System32\dopdf7.ctm
[2011.11.24 14:25:43 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.24 14:24:11 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.11.24 14:16:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.11.24 14:16:42 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.11.04 05:06:37 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.11.04 05:06:37 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.11.04 05:06:37 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.11.04 05:06:37 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.11.03 20:59:01 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.09.23 19:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,406,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 00:11:26 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\cdrom.sys
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2011.12.03 15:22:25 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Canon
[2011.11.24 17:39:30 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\gtk-2.0
[2011.11.24 14:28:36 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\Softland
[2011.11.25 21:40:54 | 000,000,000 | ---D | M] -- C:\Users\Miriam\AppData\Roaming\SumatraPDF
[2011.11.24 15:57:35 | 000,011,968 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011.11.21 05:21:43 | 000,715,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011.11.21 05:21:43 | 000,715,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011.11.21 05:21:43 | 000,715,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011.11.21 05:21:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011.11.21 05:21:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011.11.21 05:21:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011.11.03 20:33:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011.11.03 20:33:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011.11.03 20:33:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011.11.03 20:33:38 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011.11.03 20:33:38 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011.11.21 05:21:43 | 000,715,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011.11.21 05:21:43 | 000,715,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011.11.21 05:21:43 | 000,715,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011.11.21 05:21:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011.11.21 05:21:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011.11.21 05:21:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011.11.03 20:33:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011.11.03 20:33:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011.11.03 20:33:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011.11.03 20:33:38 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011.11.03 20:33:38 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB53650$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

Extras

OTL Extras logfile created on: 08.12.2011 01:20:52 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Miriam\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,86% Memory free
5,98 Gb Paging File | 4,96 Gb Available in Paging File | 82,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,48 Gb Total Space | 202,90 Gb Free Space | 71,07% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,57 Gb Free Space | 45,75% Space Free | Partition Type: NTFS

Computer Name: MAUSISTATION | User Name: Miriam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-278387965-4177780942-1799314728-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"doPDF 7 printer_is1" = doPDF 7.2 printer
"DPP" = Canon Utilities Digital Photo Professional 3.9
"HDMI" = Intel® Graphics Media Accelerator Driver
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"MSC" = McAfee Internet Security Suite
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"TVWiz" = Intel® TV Wizard
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04.12.2011 09:13:06 | Computer Name = Mausistation | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mfevtps.exe, Version: 14.4.0.478,
Zeitstempel: 0x4e9357e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0040da62 ID des fehlerhaften
Prozesses: 0x914 Startzeit der fehlerhaften Anwendung: 0x01ccb286760b8da3 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\mfevtps.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: b3b81884-1e79-11e1-8f73-0023ae16d868

Error - 04.12.2011 09:38:43 | Computer Name = Mausistation | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mfevtps.exe, Version: 14.4.0.478,
Zeitstempel: 0x4e9357e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0040da62 ID des fehlerhaften
Prozesses: 0x650 Startzeit der fehlerhaften Anwendung: 0x01ccb28a0113fe98 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\mfevtps.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 47d602c4-1e7d-11e1-9109-0023ae16d868

Error - 04.12.2011 09:40:44 | Computer Name = Mausistation | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mfevtps.exe, Version: 14.4.0.478,
Zeitstempel: 0x4e9357e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0040da62 ID des fehlerhaften
Prozesses: 0xcf0 Startzeit der fehlerhaften Anwendung: 0x01ccb28a5272b59c Pfad der
fehlerhaften Anwendung: C:\Windows\system32\mfevtps.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 9033e9e2-1e7d-11e1-9109-0023ae16d868

Error - 04.12.2011 10:26:09 | Computer Name = Mausistation | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 1. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 05.12.2011 16:53:39 | Computer Name = Mausistation | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mfevtps.exe, Version: 14.4.0.478,
Zeitstempel: 0x4e9357e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0040da62 ID des fehlerhaften
Prozesses: 0x67c Startzeit der fehlerhaften Anwendung: 0x01ccb38fee5c6047 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\mfevtps.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 35185996-1f83-11e1-9473-0023ae16d868

Error - 05.12.2011 16:55:41 | Computer Name = Mausistation | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mfevtps.exe, Version: 14.4.0.478,
Zeitstempel: 0x4e9357e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0040da62 ID des fehlerhaften
Prozesses: 0x724 Startzeit der fehlerhaften Anwendung: 0x01ccb3903fb066b5 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\mfevtps.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 7d754489-1f83-11e1-9473-0023ae16d868

Error - 06.12.2011 16:09:12 | Computer Name = Mausistation | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mfevtps.exe, Version: 14.4.0.478,
Zeitstempel: 0x4e9357e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0040da62 ID des fehlerhaften
Prozesses: 0x680 Startzeit der fehlerhaften Anwendung: 0x01ccb452e2f96aa5 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\mfevtps.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 29976c70-2046-11e1-9448-0023ae16d868

Error - 06.12.2011 16:11:29 | Computer Name = Mausistation | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mfevtps.exe, Version: 14.4.0.478,
Zeitstempel: 0x4e9357e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0040da62 ID des fehlerhaften
Prozesses: 0x4b0 Startzeit der fehlerhaften Anwendung: 0x01ccb453348fc3f5 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\mfevtps.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 7b4f8de0-2046-11e1-9448-0023ae16d868

Error - 07.12.2011 15:10:24 | Computer Name = Mausistation | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mfevtps.exe, Version: 14.4.0.478,
Zeitstempel: 0x4e9357e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0040da62 ID des fehlerhaften
Prozesses: 0x678 Startzeit der fehlerhaften Anwendung: 0x01ccb513d69cdd2d Pfad der
fehlerhaften Anwendung: C:\Windows\system32\mfevtps.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 1d3afea2-2107-11e1-913d-0023ae16d868

Error - 07.12.2011 15:12:26 | Computer Name = Mausistation | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mfevtps.exe, Version: 14.4.0.478,
Zeitstempel: 0x4e9357e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0040da62 ID des fehlerhaften
Prozesses: 0x7cc Startzeit der fehlerhaften Anwendung: 0x01ccb51427bce504 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\mfevtps.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 658d2489-2107-11e1-913d-0023ae16d868

[ System Events ]
Error - 07.12.2011 15:12:25 | Computer Name = Mausistation | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Services" wurde aufgrund folgenden Fehlers nicht
gestartet: %%577

Error - 07.12.2011 15:12:25 | Computer Name = Mausistation | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee VirusScan Announcer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%577

Error - 07.12.2011 15:12:26 | Computer Name = Mausistation | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
McAfee Validation Trust Protection Service erreicht.

Error - 07.12.2011 15:12:26 | Computer Name = Mausistation | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Validation Trust Protection Service" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053

Error - 07.12.2011 15:12:26 | Computer Name = Mausistation | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Firewall Core Service" ist vom Dienst "McAfee Validation
Trust Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1053

Error - 07.12.2011 15:12:26 | Computer Name = Mausistation | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Network Agent" ist vom Dienst "McAfee Firewall
Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 07.12.2011 15:14:21 | Computer Name = Mausistation | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Services" wurde aufgrund folgenden Fehlers nicht
gestartet: %%577

Error - 07.12.2011 20:09:24 | Computer Name = Mausistation | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error - 07.12.2011 20:09:24 | Computer Name = Mausistation | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error - 07.12.2011 20:13:12 | Computer Name = Mausistation | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
auf Volume "C:" abgebrochen.

< End of report >

I am looking forward to your response on how to fix my problems.

Thank you.

Attached Files

MBR.zip 578bytes 72 downloads

#4
Render

Posted 07 December 2011 - 06:48 PM

Trusted Helper

Malware Removal
4,195 posts

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.

#5
WatchMC

Posted 08 December 2011 - 07:39 AM

New Member

Topic Starter
Member
4 posts

ComboFix 11-12-06.02 - Miriam 08.12.2011 13:46:25.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3062.2325 [GMT 1:00]
ausgeführt von:: c:\users\Miriam\Pictures\Combo-Fix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Miriam\AppData\Local\63684d05
c:\users\Miriam\AppData\Local\63684d05\@
c:\users\Miriam\AppData\Local\63684d05\X
c:\windows\$NtUninstallKB53650$
c:\windows\$NtUninstallKB53650$\1667779845\@
c:\windows\$NtUninstallKB53650$\1667779845\L\xadqgnnk
c:\windows\$NtUninstallKB53650$\1667779845\loader.tlb
c:\windows\$NtUninstallKB53650$\1667779845\U\@00000001
c:\windows\$NtUninstallKB53650$\1667779845\U\@000000c0
c:\windows\$NtUninstallKB53650$\1667779845\U\@000000cb
c:\windows\$NtUninstallKB53650$\1667779845\U\@000000cf
c:\windows\$NtUninstallKB53650$\1667779845\U\@80000000
c:\windows\$NtUninstallKB53650$\1667779845\U\@800000c0
c:\windows\$NtUninstallKB53650$\1667779845\U\@800000cb
c:\windows\$NtUninstallKB53650$\1667779845\U\@800000cf
c:\windows\$NtUninstallKB53650$\2463459868
c:\windows\system32\
c:\windows\system32\c_60254.nls
.
Infizierte Kopie von c:\windows\system32\drivers\cdrom.sys wurde gefunden und desinfiziert
Kopie von - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys wurde wiederhergestellt
.
Infizierte Kopie von c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe wurde gefunden und desinfiziert
Kopie von - c:\program files\Common Files\Mcafee\McSvcHost\ wurde wiederhergestellt
.
c:\windows\system32\mfevtps.exe . . . ist infiziert!!
c:\windows\system32\mfevtps.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-08 bis 2011-12-08 ))))))))))))))))))))))))))))))
.
.
2011-12-08 12:53 . 2011-12-08 12:57 -------- d-----w- c:\users\Miriam\AppData\Local\temp
2011-12-08 12:53 . 2011-12-08 12:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-08 12:43 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-04 12:55 . 2011-12-04 12:55 -------- d-----w- c:\users\Miriam\AppData\Roaming\McAfee
2011-12-04 12:32 . 2011-12-04 12:32 -------- d-----w- c:\programdata\PC Tools
2011-12-03 22:49 . 2011-10-18 13:29 28760 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2011-12-03 22:49 . 2011-10-15 12:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-12-03 22:49 . 2011-10-15 12:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-03 22:49 . 2011-10-15 12:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-12-03 22:49 . 2011-10-15 12:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-12-03 22:49 . 2011-10-15 12:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-12-03 22:49 . 2011-10-15 12:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-12-03 22:49 . 2011-10-15 12:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-12-03 22:49 . 2011-10-15 12:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-12-03 22:49 . 2011-12-03 22:49 -------- d-----w- c:\program files\Common Files\Mcafee
2011-12-03 22:49 . 2011-12-04 13:02 -------- d-----w- c:\program files\McAfee
2011-12-03 22:43 . 2011-12-04 12:53 -------- d-----w- c:\programdata\McAfee
2011-12-03 21:09 . 2011-12-03 21:09 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-12-03 21:02 . 2011-12-03 21:02 -------- d-----w- c:\programdata\Premium
2011-12-03 21:02 . 2011-12-03 21:03 -------- d-----w- c:\programdata\InstallMate
2011-12-03 14:22 . 2011-12-03 14:22 -------- d-----w- c:\users\Miriam\AppData\Roaming\ZoomBrowser EX
2011-12-03 14:22 . 2011-12-03 14:22 -------- d-----w- c:\users\Miriam\AppData\Roaming\Canon
2011-12-03 14:09 . 2011-12-03 14:09 -------- d-----w- c:\programdata\ZoomBrowser
2011-12-03 14:09 . 2011-12-03 14:10 -------- d-----w- c:\program files\Canon
2011-12-03 14:08 . 2011-12-03 14:08 -------- d-----w- c:\program files\Common Files\Canon
2011-12-02 18:48 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9801AC57-C841-44E7-8B16-861157D6CD7A}\mpengine.dll
2011-11-27 22:10 . 2011-11-27 22:10 -------- d-----w- C:\9a6472ad7d642931fd99e6
2011-11-25 21:10 . 2011-11-25 21:10 -------- d-----w- c:\programdata\Adobe Systems
2011-11-25 21:07 . 2011-11-25 21:07 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2011-11-25 20:40 . 2011-11-25 20:40 -------- d-----w- c:\users\Miriam\AppData\Roaming\SumatraPDF
2011-11-25 19:59 . 2011-11-25 19:59 -------- d-----w- c:\users\Miriam\AppData\Local\Google
2011-11-25 19:59 . 2011-11-25 19:59 -------- d-----w- c:\program files\Conduit
2011-11-25 19:59 . 2011-11-25 21:17 -------- d-----w- c:\users\Miriam\AppData\Local\Conduit
2011-11-24 14:34 . 2011-11-24 16:39 -------- d-----w- c:\users\Miriam\AppData\Roaming\gtk-2.0
2011-11-24 14:33 . 2011-11-24 14:33 -------- d-----w- c:\users\Miriam\.thumbnails
2011-11-24 14:27 . 2011-11-24 16:45 -------- d-----w- c:\users\Miriam\.gimp-2.6
2011-11-24 14:25 . 2011-11-24 14:25 -------- d-----w- c:\program files\GIMP-2.0
2011-11-24 13:28 . 2011-11-24 13:28 -------- d-----w- c:\users\Miriam\AppData\Roaming\Softland
2011-11-24 13:28 . 2011-11-22 10:56 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-11-24 13:28 . 2011-11-22 10:56 20816 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-11-24 13:28 . 2010-02-05 13:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-11-24 13:28 . 2011-11-24 13:28 -------- d-----w- c:\program files\Softland
2011-11-24 13:25 . 2011-11-24 13:26 -------- d-----w- c:\users\Miriam\AppData\Roaming\Apple Computer
2011-11-24 13:25 . 2011-11-24 13:25 -------- d-----w- c:\users\Miriam\AppData\Local\Apple Computer
2011-11-24 13:25 . 2011-11-24 13:25 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-24 13:25 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-24 13:25 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-11-24 13:24 . 2011-11-24 13:25 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-11-24 13:24 . 2011-11-24 13:25 -------- d-----w- c:\program files\iTunes
2011-11-24 13:24 . 2011-11-24 13:24 -------- d-----w- c:\programdata\Apple Computer
2011-11-24 13:24 . 2011-11-24 13:24 -------- d-----w- c:\program files\iPod
2011-11-24 13:24 . 2011-11-24 13:24 -------- d-----w- c:\users\Miriam\AppData\Local\Apple
2011-11-24 13:24 . 2011-11-24 13:24 -------- d-----w- c:\program files\Apple Software Update
2011-11-24 13:23 . 2011-12-03 22:54 -------- d-----w- c:\program files\Bonjour
2011-11-24 13:23 . 2011-11-24 13:24 -------- d-----w- c:\program files\Common Files\Apple
2011-11-24 13:23 . 2011-11-24 13:24 -------- d-----w- c:\programdata\Apple
2011-11-24 13:17 . 2011-11-25 21:11 -------- d-----w- c:\users\Miriam\AppData\Local\Adobe
2011-11-24 13:15 . 2011-11-25 21:13 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-24 11:52 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-11-24 11:52 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-11-24 11:52 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-11-24 11:52 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-11-24 11:52 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-24 11:52 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-11-24 11:52 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-11-24 11:52 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-11-24 11:52 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-11-24 11:50 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-11-24 11:50 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-11-24 11:50 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2011-11-24 11:50 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2011-11-24 11:50 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-11-24 11:50 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-11-24 11:50 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2011-11-24 11:50 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-11-24 11:37 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-11-24 11:37 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-11-24 11:36 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-11-24 11:06 . 2011-11-24 11:06 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-11-24 11:04 . 2011-11-26 00:23 -------- d-----w- c:\program files\Microsoft.NET
2011-11-24 11:04 . 2011-11-24 11:04 -------- d-----w- c:\windows\PCHEALTH
2011-11-24 11:04 . 2011-11-24 11:04 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-11-24 11:04 . 2011-11-24 11:04 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-11-24 11:01 . 2011-11-24 11:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-11-24 10:52 . 2011-11-24 10:52 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-11-24 10:45 . 2011-11-24 10:45 -------- d-----w- c:\users\Miriam\AppData\Local\Microsoft Help
2011-11-24 10:43 . 2011-11-24 13:37 -------- d-----w- c:\programdata\Microsoft Help
2011-11-24 10:42 . 2011-11-24 10:42 -------- d-----r- C:\MSOCache
2011-11-08 20:15 . 2011-09-29 15:43 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 20:15 . 2011-10-01 04:43 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 20:15 . 2011-09-29 04:20 2339840 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-03 21:05 . 2011-11-03 19:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 19:33 . 2011-11-03 19:33 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 19:33 . 2011-11-03 19:33 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-03 19:33 . 2011-11-03 19:33 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-03 19:33 . 2011-11-03 19:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-03 19:33 . 2011-11-03 19:33 161792 ----a-w- c:\windows\system32\msls31.dll
2011-11-03 19:33 . 2011-11-03 19:33 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 19:33 . 2011-11-03 19:33 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-03 19:33 . 2011-11-03 19:33 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 19:33 . 2011-11-03 19:33 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-11-03 19:33 . 2011-11-03 19:33 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-11-03 19:33 . 2011-11-03 19:33 367104 ----a-w- c:\windows\system32\html.iec
2011-11-03 19:33 . 2011-11-03 19:33 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-11-03 19:33 . 2011-11-03 19:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 19:33 . 2011-11-03 19:33 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 19:33 . 2011-11-03 19:33 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 19:33 . 2011-11-03 19:33 152064 ----a-w- c:\windows\system32\wextract.exe
2011-11-03 19:33 . 2011-11-03 19:33 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-11-03 19:33 . 2011-11-03 19:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 19:33 . 2011-11-03 19:33 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 19:33 . 2011-11-03 19:33 11776 ----a-w- c:\windows\system32\mshta.exe
2011-11-03 19:33 . 2011-11-03 19:33 101888 ----a-w- c:\windows\system32\admparse.dll
2011-11-03 19:32 . 2011-11-03 19:32 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-11-03 19:32 . 2011-11-03 19:32 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-11-03 19:32 . 2011-11-03 19:32 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-11-03 19:32 . 2011-11-03 19:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-11-03 19:32 . 2011-11-03 19:32 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-11-03 19:32 . 2011-11-03 19:32 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-11-03 19:32 . 2011-11-03 19:32 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-11-03 19:32 . 2011-11-03 19:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-11-03 19:32 . 2011-11-03 19:32 3181568 ----a-w- c:\windows\system32\mf.dll
2011-11-03 19:32 . 2011-11-03 19:32 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-10-15 12:16 . 2011-03-13 10:20 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 12:16 . 2011-03-13 10:20 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-11-21 04:21 . 2011-12-03 22:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-08 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 87656]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\k5hp0c5o.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Spyware Doctor - c:\users\Miriam\Desktop\sdsetup_revwire207.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-08 14:01:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-08 13:01
.
Vor Suchlauf: 8 Verzeichnis(se), 215.244.877.824 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 219.375.517.696 Bytes frei
.
- - End Of File - - 632CA4DB650EE55D8CE761C11DDF5DAB

#6
Render

Posted 08 December 2011 - 10:56 AM

Trusted Helper

Malware Removal
4,195 posts

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK button.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.

#7
WatchMC

Posted 08 December 2011 - 01:47 PM

New Member

Topic Starter
Member
4 posts

Hi Render.

Thank you for your reply. I not be able to tend to this step for a few weeks because I have no time. Too much work. I will complete the next step during the holidays. I hope that works. Thanks a lot for your great support.

#8
Render

Posted 08 December 2011 - 03:50 PM

Trusted Helper

Malware Removal
4,195 posts

OK. It's not a problem. Just don't use this computer as it's still infected.

#9
Render

Posted 30 January 2012 - 09:25 AM

Trusted Helper

Malware Removal
4,195 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.