scrinject.b.gen in Browser Cache

ro-mann · 01.12.2011, 10:56

Hallo!

Ich habe meinen Chrome Portable Browser in einem TrueCrypt Container. Habe jetzt Nod32 drüberlaufen lassen, dabei hat er zweimal den scrinject.b.gen Virus im Browser Cache gefunden. Nod32 hat ihn dann gelöscht, beim zweiten Scan hat er nichts gefunden. Ist der Virus jetzt weg und war er überhaupt installiert, da es ja kein Exe File war. Hier das Logfile

Code:

ATTFilter

Log
Version der Signaturdatenbank: 6673 (20111130)
Datum: 01.12.2011  Uhrzeit: 10:14:00
Geprüfte Laufwerke, Ordner und Dateien: M:\Bootsektor;M:\;V:\Bootsektor;V:\
M:\Backup\IronPortable\Profile\Default\Cache\f_0000df - HTML/ScrInject.B.Gen Virus - Aktionsauswahl aufgeschoben bis zum Abschluss des Scans

lg,
Roman
M:\Backup\IronPortable\Profile\Default\Cache\f_0000e6 - HTML/ScrInject.B.Gen Virus - Aktionsauswahl aufgeschoben bis zum Abschluss des Scans
M:\Backup\IronPortable\Profile\Default\Cache\f_0002cf » GZIP » f_0002cf - Archiv beschädigt
M:\Backup\IronPortable\Profile\Default\Cache\f_0002d0 » GZIP » f_0002d0 - Archiv beschädigt
M:\Dropbox\Software\KeePass-1.20-Setup.exe » INNO » files.info - Option wird nicht unterstützt
M:\Dropbox\Software\KeePass-2.17-Setup.exe » INNO » files.info - Option wird nicht unterstützt
M:\Eigene Dateien\pinfect.zip » ZIP » ARJ.PIF - Fehler - Datei ist passwortgeschützt
M:\Eigene Dateien\pinfect.zip » ZIP » LHA.PIF - Fehler - Datei ist passwortgeschützt
M:\Eigene Dateien\pinfect.zip » ZIP » NOCLOSE.PIF - Fehler - Datei ist passwortgeschützt
M:\Eigene Dateien\pinfect.zip » ZIP » RAR.PIF - Fehler - Datei ist passwortgeschützt
M:\Eigene Dateien\pinfect.zip » ZIP » UC.PIF - Fehler - Datei ist passwortgeschützt
M:\Eigene Dateien\Dao\material dao\SoftonicDownloader_fuer_mozilla-firefox.exe - Variante von Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung - Aktionsauswahl aufgeschoben bis zum Abschluss des Scans
V:\Backup\clockworkmod\backup\2011-11-29.16.06.48_MIUI\data.ext4.tar » TAR » data/data/com.android.email/files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\Backup\clockworkmod\backup\2011-11-29.16.06.48_MIUI\data.ext4.tar » TAR » data/data/com.ideashower.readitlater.pro/app_plugins/com.adobe.flashplayer/.macromedia/Flash_Player/ - Archiv beschädigt
V:\Backup\download\miui_ger_GALAXY_S2_1.11.25_FULL_EN_DE.zip » ZIP » system/lib/libiprouteutil.so - Archiv beschädigt - Datei kann nicht extrahiert werden
V:\Backup\download\miui_ger_GALAXY_S2_1.11.25_FULL_EN_DE.zip » ZIP »  - Archiv beschädigt
V:\Backup\MIUI\theme\Blue Dado浅色版_(798299.1).mtz.temp » ZIP » boots/bootanimation.zip » ZIP » part1/0033.jpg - Archiv beschädigt
V:\Backup\MIUI\theme\ozgurce-en_(802118.1).mtz.temp » ZIP » icons » ZIP » com.gameloft.android.GAND.GloftHAWX.Hawx.png - Archiv beschädigt
V:\Backup\MIUI\theme\雾里看花_(799447.1).mtz.temp » ZIP » wallpaper/default_lock_wallpaper.jpg - Archiv beschädigt
V:\Backup\TitaniumBackup\com.android.email-20111127-121049.tar.gz » GZIP » com.android.email-20111127-121049.tar » TAR » data/data/com.android.email/./files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\Backup\TitaniumBackup\com.samsung.swift.app.kiesair-20111127-121254.tar.gz » GZIP » com.samsung.swift.app.kiesair-20111127-121254.tar » TAR » data/data/com.samsung.swift.app.kiesair/./files/www/apps/KiesAir/js/commands/serviceCommands/musics/ - Archiv beschädigt
V:\external_sd\clockworkmod\2011-11-27.17.49.12_cm7.1\data.ext4.tar » TAR » data/data/com.android.email/files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\external_sd\clockworkmod\2011-11-27.17.49.12_cm7.1\data.ext4.tar » TAR » data/data/com.ideashower.readitlater.pro/app_plugins/com.adobe.flashplayer/.macromedia/Flash_Player/ - Archiv beschädigt
V:\external_sd\clockworkmod\2011-11-28.16.39.59_MIUI\data.ext4.tar » TAR » data/data/com.android.email/files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\external_sd\clockworkmod\2011-11-28.16.39.59_MIUI\data.ext4.tar » TAR » data/data/com.ideashower.readitlater.pro/app_plugins/com.adobe.flashplayer/.macromedia/Flash_Player/ - Archiv beschädigt
V:\external_sd\clockworkmod\2011-11-29.12.07.21_MIUI\data.ext4.tar » TAR » data/data/com.android.email/files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\external_sd\clockworkmod\2011-11-29.12.07.21_MIUI\data.ext4.tar » TAR » data/data/com.ideashower.readitlater.pro/app_plugins/com.adobe.flashplayer/.macromedia/Flash_Player/ - Archiv beschädigt
V:\external_sd\clockworkmod\2011-11-29.12.46.34_MIUI\data.ext4.tar » TAR » data/data/com.android.email/files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\external_sd\clockworkmod\2011-11-29.12.46.34_MIUI\data.ext4.tar » TAR » data/data/com.ideashower.readitlater.pro/app_plugins/com.adobe.flashplayer/.macromedia/Flash_Player/ - Archiv beschädigt
V:\external_sd\clockworkmod\2011-11-29.15.36.20_MIUI\data.ext4.tar » TAR » data/data/com.android.email/files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\external_sd\clockworkmod\2011-11-29.15.36.20_MIUI\data.ext4.tar » TAR » data/data/com.ideashower.readitlater.pro/app_plugins/com.adobe.flashplayer/.macromedia/Flash_Player/ - Archiv beschädigt
V:\external_sd\clockworkmod\2011-11-29.16.06.48_MIUI\data.ext4.tar » TAR » data/data/com.android.email/files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\external_sd\clockworkmod\2011-11-29.16.06.48_MIUI\data.ext4.tar » TAR » data/data/com.ideashower.readitlater.pro/app_plugins/com.adobe.flashplayer/.macromedia/Flash_Player/ - Archiv beschädigt
M:\Backup\IronPortable\Profile\Default\Cache\f_0000df - HTML/ScrInject.B.Gen Virus - gelöscht - in Quarantäne kopiert
M:\Backup\IronPortable\Profile\Default\Cache\f_0000e6 - HTML/ScrInject.B.Gen Virus - gelöscht - in Quarantäne kopiert
M:\Eigene Dateien\Dao\material dao\SoftonicDownloader_fuer_mozilla-firefox.exe - Variante von Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung - gelöscht - in Quarantäne kopiert
Geprüfte Objekte: 403572
Erkannte Bedrohungen: 3
Anzahl gesäuberter Objekte: 3
Abgeschlossen: 10:32:47  Benötigte Zeit: 1127 Sek. (00:18:47)

cosinus · 01.12.2011, 11:09

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

ro-mann · 01.12.2011, 13:51

Hallo!

Malwarebytes hat nichts gefunden:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8282

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

01.12.2011 13:44:52
mbam-log-2011-12-01 (13-44-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|M:\|V:\|)
Durchsuchte Objekte: 523309
Laufzeit: 1 Stunde(n), 21 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Allerdings weiß ich nicht, wie ich meinen Nod32 5 abschalten kann, damit ich den Online Scann machen kann. Im Taskmanager kann ich ihn nicht ausschalten.

lg,
Roman

ro-mann · 01.12.2011, 15:43

Hab vergessen Malwarebytes upzudaten, jetzt wirft er mir 9 Trojanerwarnungen aus:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8283

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

01.12.2011 15:40:34
mbam-log-2011-12-01 (15-40-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|M:\|V:\|)
Durchsuchte Objekte: 524118
Laufzeit: 1 Stunde(n), 21 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\glassfish3\jdk\jre\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Adobe\adobe dreamweaver cs5\JVM\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Adobe\adobe flash builder 4\jre\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Adobe\adobe flash catalyst cs5\jre\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\common files\Java\java update\jaureg.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Java\jdk1.6.0_26\jre\bin\javacpl.cpl (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Java\jdk1.6.0_26\jre\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Java\jre6\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\programdata\Adobe\CS5\jre\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.

Sind das alles False Positives?
hxxp://discussions.virtualdr.com/showthread.php?t=250801

Und wie stelle ich meinen Nod32 ab? :-)

lg,
Roman

cosinus · 02.12.2011, 11:38

Ich will das Log von ESET noch sehen

ro-mann · 02.12.2011, 12:12

Das scannt seit gestern und ist erst bei 24%.

ro-mann · 02.12.2011, 13:23

So, hier das Eset Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f84db619bb94b146a2ebaba9c5b51c12
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-02 12:20:51
# local_time=2011-12-02 01:20:51 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.0.6000 NT 
# compatibility_mode=512 16777215 100 0 3050146 3050146 0 0
# compatibility_mode=5893 16776574 100 94 9009 74389218 0 0
# compatibility_mode=8192 67108863 100 0 9142 9142 0 0
# scanned=338235
# found=5
# cleaned=0
# scan_time=70423
C:\$RECYCLE.BIN\S-1-5-21-807366929-668818633-305008010-9881\$REPCFUM.zip	Win32/RemoteAdmin.NetCat application (unable to clean)	00000000000000000000000000000000	I
C:\Programmdateien\winamp561_full_emusic-7plus_all.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
C:\Programmdateien\winamp5622_full_emusic-7plus_all.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
M:\Dropbox\Software\winamp5622_full_emusic-7plus_all.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
M:\IronPortable\Profile\Default\Cache\f_0043ec	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I

lg,
Roman

cosinus · 02.12.2011, 13:30

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

ro-mann · 02.12.2011, 14:08

Wenn ich alle Programme schliesse, dann muss ich auch den TrueCrypt-Container schliessen, wo mein Browser drinnen ist. Ist das egal?

Und File Age passt 30 tage?

lg,
Roman

cosinus · 02.12.2011, 14:46

TrueCrypt kann anbleiben

ro-mann · 02.12.2011, 14:55

Gerade ist mein Computer während des Scans abgestürzt und ich habe ihn neu starten müssen. Ist das schlimm?

ro-mann · 02.12.2011, 15:04

So, hier der Scan:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.12.2011 14:52:52 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Programmdateien
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 68,76% Memory free
6,99 Gb Paging File | 5,80 Gb Available in Paging File | 83,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,40 Gb Total Space | 78,47 Gb Free Space | 34,66% Space Free | Partition Type: NTFS
Drive D: | 5,48 Gb Total Space | 0,51 Gb Free Space | 9,32% Space Free | Partition Type: NTFS
Drive E: | 497,39 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 40,00 Gb Total Space | 19,35 Gb Free Space | 48,38% Space Free | Partition Type: NTFS
Drive V: | 40,00 Gb Total Space | 24,73 Gb Free Space | 61,82% Space Free | Partition Type: NTFS
 
Computer Name: WEBDEV27 | User Name: r. | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.02 14:05:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Programmdateien\OTL.exe
PRC - [2011.12.02 11:40:34 | 003,246,040 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.11.23 14:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2011.11.16 12:09:18 | 002,996,784 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2011.09.22 22:21:10 | 000,805,032 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.02 10:47:34 | 000,063,488 | ---- | M] () -- C:\Programme\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
PRC - [2011.06.27 12:06:02 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.07.29 14:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) -- C:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009.07.29 11:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) -- C:\Programme\Fingerprint Sensor\AtService.exe
PRC - [2009.07.24 12:29:52 | 002,066,968 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009.07.24 12:29:38 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\LMS.exe
PRC - [2009.07.06 14:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009.07.01 11:06:34 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2009.06.03 15:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009.06.03 15:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\acevents.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.08 21:46:02 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.02 11:40:34 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.11.23 14:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011.11.16 12:09:18 | 002,996,784 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011.09.22 22:21:10 | 000,805,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.02 10:47:34 | 000,063,488 | ---- | M] () [Auto | Running] -- C:\Programme\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe -- (CDMA Device Service)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.06.10 08:51:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.05 15:18:26 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2009.07.30 12:24:02 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009.07.29 14:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009.07.29 11:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Programme\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009.07.24 12:29:52 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.07.24 12:29:38 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2009.07.23 02:05:32 | 000,192,784 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2009.07.23 02:05:26 | 000,150,288 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.06 14:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009.07.01 11:06:34 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2009.06.03 15:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.02 11:40:35 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.12.02 11:40:34 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011.12.02 11:40:33 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011.12.02 11:40:26 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011.11.23 14:17:08 | 000,131,856 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011.11.02 10:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.11 18:31:24 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011.08.11 18:31:20 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011.06.27 12:06:03 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.05.19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.12.10 16:36:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
DRV - [2009.07.31 10:53:04 | 009,785,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.29 14:30:28 | 000,051,408 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009.07.29 14:30:20 | 000,012,960 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009.07.29 14:30:18 | 000,012,528 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009.07.29 14:30:16 | 000,109,216 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009.07.24 12:30:10 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009.07.14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.06.29 13:45:56 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\r.\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\r.\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\r.\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\r.\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.06.10 13:24:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.17 10:58:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2011.08.25 14:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\r.\AppData\Roaming\mozilla\Extensions
[2011.08.04 13:42:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.20 10:24:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.07.20 10:24:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2011.06.20 09:46:33 | 000,002,819 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 crl.verisign.net
O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 127.0.0.1 practivate.adobe
O1 - Hosts: 127.0.0.1 practivate.adobe
O1 - Hosts: 39 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CognizanceTS] C:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Nimbuzz] C:\Programme\Nimbuzz\Nimbuzz.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [TIMEREC - Client] C:\Programme\TIMEREC2\Client\TRC.exe (TIMEREC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.23.45.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mmc.lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1C04D7F-CACE-4170-85B1-331E2845B2C7}: DhcpNameServer = 10.23.45.5
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll) -C:\Programme\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\r.\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: PDF Complete - hkey= - key= -  File not found
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.02 14:49:31 | 000,000,000 | ---D | C] -- C:\Users\r.\AppData\Local\Diagnostics
[2011.12.02 11:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2011.12.02 11:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2011.12.02 11:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2011.12.02 11:38:23 | 000,000,000 | ---D | C] -- C:\Users\r.\AppData\Roaming\Acronis
[2011.12.02 11:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2011.12.01 16:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.01 16:14:34 | 002,396,344 | ---- | C] (ESET) -- C:\Users\r.\Desktop\esetsmartinstaller_enu.exe
[2011.12.01 10:32:43 | 000,000,000 | ---D | C] -- C:\Users\r.\AppData\Local\ESET
[2011.12.01 10:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.01 10:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.12.01 10:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.12.01 09:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011.12.01 09:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011.12.01 09:47:32 | 000,000,000 | ---D | C] -- C:\Users\r.\Documents\Anti-Malware
[2011.11.30 16:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.11.30 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.11.30 15:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011.11.30 15:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2011.11.30 15:30:24 | 000,000,000 | ---D | C] -- C:\Users\r.\AppData\Roaming\Malwarebytes
[2011.11.30 15:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.30 15:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.30 15:30:09 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.30 15:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.30 14:17:55 | 000,000,000 | ---D | C] -- C:\Users\r.\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Comparator
[2011.11.30 14:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comparator
[2011.11.30 14:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\Comparator
[2011.11.30 12:54:36 | 000,000,000 | ---D | C] -- C:\Downloads
[2011.11.30 12:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2011.11.25 13:43:17 | 000,000,000 | ---D | C] -- C:\Users\r.\Desktop\Google
[2011.11.24 14:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2011.11.24 14:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2011.11.24 13:50:03 | 000,000,000 | R--D | C] -- C:\Sandbox
[2011.11.24 13:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011.11.24 13:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2011.11.17 17:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ModuleSoft
[2011.11.17 17:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\ModuleSoft
[2011.11.03 18:22:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.02 14:52:05 | 000,000,547 | ---- | M] () -- C:\Users\r.\Desktop\scrinject.b.gen in Browser Cache - Trojaner-Board.website
[2011.12.02 14:51:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-807366929-668818633-305008010-20555UA.job
[2011.12.02 14:37:56 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.02 14:36:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.02 14:22:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-807366929-668818633-305008010-9881UA.job
[2011.12.02 13:43:50 | 000,000,642 | ---- | M] () -- C:\Users\r.\Desktop\Music.lnk
[2011.12.02 11:40:14 | 000,001,529 | ---- | M] () -- C:\Users\Public\Desktop\Acronis Online Backup.lnk
[2011.12.02 11:40:14 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2011.lnk
[2011.12.02 10:50:59 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-807366929-668818633-305008010-20555Core.job
[2011.12.02 10:22:02 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-807366929-668818633-305008010-9881Core.job
[2011.12.02 09:46:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.01 16:32:22 | 000,001,456 | ---- | M] () -- C:\Users\r.\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.12.01 16:15:38 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.01 16:15:38 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.01 16:14:36 | 002,396,344 | ---- | M] (ESET) -- C:\Users\r.\Desktop\esetsmartinstaller_enu.exe
[2011.12.01 16:08:18 | 2814,832,640 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.01 13:22:13 | 000,024,730 | ---- | M] () -- C:\Users\r.\Desktop\test2.php
[2011.12.01 10:23:39 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.01 10:23:39 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.01 10:23:39 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.01 10:23:39 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.01 10:07:16 | 000,001,862 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011.12.01 10:04:42 | 000,001,214 | ---- | M] () -- C:\Users\r.\Desktop\Spybot - Search & Destroy.lnk
[2011.12.01 09:47:52 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011.11.30 15:33:06 | 000,001,220 | ---- | M] () -- C:\prefs.js
[2011.11.30 15:30:13 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.30 14:17:57 | 000,000,953 | ---- | M] () -- C:\Users\r.\Desktop\Comparator.lnk
[2011.11.29 13:59:32 | 000,001,206 | ---- | M] () -- C:\Users\r.\Desktop\JRuler.lnk
[2011.11.28 17:36:35 | 000,002,586 | ---- | M] () -- C:\Users\r.\Desktop\Output - Verknüpfung.lnk
[2011.11.28 17:36:35 | 000,002,439 | ---- | M] () -- C:\Users\r.\Desktop\Content - Verknüpfung.lnk
[2011.11.28 17:36:35 | 000,002,296 | ---- | M] () -- C:\Users\r.\Desktop\teaser.lnk
[2011.11.28 17:36:35 | 000,002,296 | ---- | M] () -- C:\Users\r.\Desktop\Report.lnk
[2011.11.28 17:36:35 | 000,002,083 | ---- | M] () -- C:\Users\r.\Desktop\Neu.lnk
[2011.11.28 17:36:35 | 000,001,779 | ---- | M] () -- C:\Users\r.\Desktop\Packshots.lnk
[2011.11.28 17:36:35 | 000,001,607 | ---- | M] () -- C:\Users\r.\Desktop\Aufwände Krebshilfe.lnk
[2011.11.28 17:36:35 | 000,001,356 | ---- | M] () -- C:\Users\r.\Desktop\Roman Storage.lnk
[2011.11.24 15:53:25 | 000,001,205 | ---- | M] () -- C:\Users\r.\Desktop\Iron2 Sandbox.lnk
[2011.11.24 13:48:27 | 000,001,065 | ---- | M] () -- C:\Users\r.\Desktop\Sandboxed Web Browser.lnk
[2011.11.24 09:39:56 | 003,827,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.23 11:15:08 | 138,686,464 | ---- | M] () -- C:\Users\r.\Desktop\online.mdb
[2011.11.22 11:03:39 | 000,000,132 | ---- | M] () -- C:\Users\r.\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.11.17 17:28:41 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\CreateMovie.lnk
[2011.11.04 13:45:12 | 000,039,773 | ---- | M] () -- C:\Users\r.\Documents\4_11_100_Jahre_Set_klein.png
[2011.11.04 13:45:12 | 000,037,375 | ---- | M] () -- C:\Users\r.\Documents\4_11_NFM_sport_Set_klein.png
[2011.11.04 13:45:12 | 000,036,423 | ---- | M] () -- C:\Users\r.\Documents\4_11_vital_Set_klein.png
[2011.11.04 13:45:12 | 000,035,484 | ---- | M] () -- C:\Users\r.\Documents\4_11_NFM_neuheiten_S#4404ED.png
[2011.11.04 13:45:12 | 000,034,390 | ---- | M] () -- C:\Users\r.\Documents\4_11_Knuddel_mich_klein.png
[2011.11.04 13:45:12 | 000,034,342 | ---- | M] () -- C:\Users\r.\Documents\4_11_p&n_Set_klein.png
[2011.11.04 13:45:12 | 000,033,557 | ---- | M] () -- C:\Users\r.\Documents\4_11_NFM_sensitiv_Set_klein.png
[2011.11.03 18:22:09 | 255,205,912 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2011.12.02 13:43:50 | 000,000,642 | ---- | C] () -- C:\Users\r.\Desktop\Music.lnk
[2011.12.02 11:40:14 | 000,001,529 | ---- | C] () -- C:\Users\Public\Desktop\Acronis Online Backup.lnk
[2011.12.02 11:40:14 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2011.lnk
[2011.12.01 13:22:08 | 000,024,730 | ---- | C] () -- C:\Users\r.\Desktop\test2.php
[2011.12.01 11:13:05 | 000,000,547 | ---- | C] () -- C:\Users\r.\Desktop\scrinject.b.gen in Browser Cache - Trojaner-Board.website
[2011.12.01 10:04:42 | 000,001,214 | ---- | C] () -- C:\Users\r.\Desktop\Spybot - Search & Destroy.lnk
[2011.12.01 09:47:52 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011.11.30 15:30:13 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.30 14:17:57 | 000,000,953 | ---- | C] () -- C:\Users\r.\Desktop\Comparator.lnk
[2011.11.30 12:37:05 | 000,001,220 | ---- | C] () -- C:\prefs.js
[2011.11.24 13:49:13 | 000,001,065 | ---- | C] () -- C:\Users\r.\Desktop\Sandboxed Web Browser.lnk
[2011.11.24 13:49:10 | 000,001,862 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.11.22 11:03:39 | 000,000,132 | ---- | C] () -- C:\Users\r.\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.11.18 10:11:34 | 000,001,205 | ---- | C] () -- C:\Users\r.\Desktop\Iron2 Sandbox.lnk
[2011.11.17 17:28:41 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\CreateMovie.lnk
[2011.11.09 14:37:58 | 000,002,083 | ---- | C] () -- C:\Users\r.\Desktop\Neu.lnk
[2011.11.04 13:45:12 | 000,039,773 | ---- | C] () -- C:\Users\r.\Documents\4_11_100_Jahre_Set_klein.png
[2011.11.04 13:45:12 | 000,037,375 | ---- | C] () -- C:\Users\r.\Documents\4_11_NFM_sport_Set_klein.png
[2011.11.04 13:45:12 | 000,036,423 | ---- | C] () -- C:\Users\r.\Documents\4_11_vital_Set_klein.png
[2011.11.04 13:45:12 | 000,035,484 | ---- | C] () -- C:\Users\r.\Documents\4_11_NFM_neuheiten_S#4404ED.png
[2011.11.04 13:45:12 | 000,034,390 | ---- | C] () -- C:\Users\r.\Documents\4_11_Knuddel_mich_klein.png
[2011.11.04 13:45:12 | 000,034,342 | ---- | C] () -- C:\Users\r.\Documents\4_11_p&n_Set_klein.png
[2011.11.04 13:45:12 | 000,033,557 | ---- | C] () -- C:\Users\r.\Documents\4_11_NFM_sensitiv_Set_klein.png
[2011.11.03 18:22:09 | 255,205,912 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.07.12 10:08:42 | 000,000,052 | ---- | C] () -- C:\Windows\cool.ini
[2011.07.12 10:07:24 | 000,000,029 | ---- | C] () -- C:\Windows\wordpad.ini
[2011.06.29 17:41:54 | 000,037,593 | ---- | C] () -- C:\Users\r.\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2011.06.29 17:29:24 | 000,037,089 | ---- | C] () -- C:\Users\r.\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.06.27 15:28:52 | 000,001,456 | ---- | C] () -- C:\Users\r.\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.06.20 11:13:24 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.09 12:52:30 | 000,049,152 | ---- | C] () -- C:\Windows\System32\aet60.dll
[2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.04.08 02:12:15 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.04.08 02:12:15 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.04.08 02:12:15 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.04.08 02:12:15 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.04.07 16:18:17 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2010.04.07 16:18:17 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2010.04.07 16:18:17 | 001,507,328 | ---- | C] () -- C:\Windows\System32\nView.dll
[2010.04.07 16:18:17 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2010.04.07 16:18:17 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2010.04.07 16:18:17 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2010.04.07 16:18:17 | 000,267,296 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe
[2009.08.05 15:35:36 | 000,300,600 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
[2009.07.29 14:30:16 | 000,109,216 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 003,827,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.12.02 11:38:23 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Acronis
[2011.09.06 11:15:35 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Amazon
[2011.07.06 16:40:48 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.01 17:29:36 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Dropbox
[2011.07.29 12:07:05 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\DVDVideoSoft
[2011.10.27 10:35:39 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.23 11:28:08 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\FileZilla
[2011.12.02 14:02:11 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\foobar2000
[2011.07.12 09:57:55 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\GlarySoft
[2011.11.30 15:18:30 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\KeePass
[2011.07.12 11:30:59 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\mp3DirectCut
[2011.12.02 14:04:32 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Mp3tag
[2011.07.29 12:31:06 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\OpenCandy
[2011.08.30 13:15:31 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Samsung
[2011.08.17 10:59:00 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Thunderbird
[2011.06.27 13:12:57 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\TrueCrypt
[2011.10.17 17:17:11 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Wuala
[2011.11.29 09:39:59 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.02 11:38:23 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Acronis
[2011.11.22 10:27:46 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Adobe
[2011.09.06 11:15:35 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Amazon
[2011.06.28 09:12:57 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Apple Computer
[2011.07.06 16:40:48 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.01 17:29:36 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Dropbox
[2011.07.29 12:07:05 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\DVDVideoSoft
[2011.10.27 10:35:39 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.23 11:28:08 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\FileZilla
[2011.12.02 14:02:11 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\foobar2000
[2011.07.12 09:57:55 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\GlarySoft
[2011.11.24 15:17:12 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\hpqLog
[2011.06.09 10:06:37 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Identities
[2011.11.30 15:18:30 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\KeePass
[2011.06.10 13:18:21 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Macromedia
[2011.11.30 15:30:24 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Malwarebytes
[2009.07.14 08:49:10 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Media Center Programs
[2011.11.30 15:55:04 | 000,000,000 | --SD | M] -- C:\Users\r.\AppData\Roaming\Microsoft
[2011.12.01 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Mozilla
[2011.07.12 11:30:59 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\mp3DirectCut
[2011.12.02 14:04:32 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Mp3tag
[2011.07.29 12:31:06 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\OpenCandy
[2011.07.28 14:53:29 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Real
[2011.08.30 13:15:31 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Samsung
[2011.11.04 09:59:11 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Skype
[2011.08.17 10:59:00 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Thunderbird
[2011.06.27 13:12:57 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\TrueCrypt
[2011.11.17 17:29:58 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\vlc
[2011.07.12 10:00:03 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Winamp
[2011.10.17 17:17:11 | 000,000,000 | ---D | M] -- C:\Users\r.\AppData\Roaming\Wuala
 
< %APPDATA%\*.exe /s >
[2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\r.\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 21:07:18 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\r.\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.07.18 09:34:16 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\r.\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.06.10 13:23:03 | 000,010,134 | R--- | M] () -- C:\Users\r.\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2011.06.07 19:58:20 | 005,845,432 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\r.\AppData\Roaming\OpenCandy\OpenCandy_1019E966B33A458DA6FC45D9617D9EB4\driverscanner (9).exe
[2011.07.29 12:31:07 | 000,416,160 | ---- | M] () -- C:\Users\r.\AppData\Roaming\OpenCandy\OpenCandy_1019E966B33A458DA6FC45D9617D9EB4\LatestDLMgr.exe
[2011.10.17 17:16:57 | 000,438,192 | ---- | M] (LaCie) -- C:\Users\r.\AppData\Roaming\Wuala\Wuala.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\SWSetup\Drivers\MSD\Intel\IaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2006.05.30 00:00:00 | 000,064,512 | ---- | M] (VIA Technologies inc,.ltd) MD5=17CF5B0D5057DBA02F587F54FCA4EE8F -- C:\Programmdateien\VIA ComboRAID Software Package V4.40a\drvdisk\i386\NT5\viamraid.sys
[2006.05.30 00:00:00 | 000,064,512 | ---- | M] (VIA Technologies inc,.ltd) MD5=17CF5B0D5057DBA02F587F54FCA4EE8F -- C:\Programmdateien\VIA ComboRAID Software Package V4.40a\VIARAID\driver\winxp\viamraid.sys
[2006.05.30 00:00:00 | 000,068,576 | ---- | M] (VIA Technologies inc,.ltd) MD5=E7C9E2BD269C6F65941D0A71A37E1D4C -- C:\Programmdateien\VIA ComboRAID Software Package V4.40a\drvdisk\i386\NT4\viamraid.sys
[2006.05.30 00:00:00 | 000,068,576 | ---- | M] (VIA Technologies inc,.ltd) MD5=E7C9E2BD269C6F65941D0A71A37E1D4C -- C:\Programmdateien\VIA ComboRAID Software Package V4.40a\VIARAID\driver\winnt40\viamraid.sys
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.07.29 14:30:16 | 000,109,216 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\SafeBoot.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

cosinus · 02.12.2011, 19:39

Ich hoffe du hast eine gute Erklärung, warum dein AdobeCS5 diese "Hacks" in der Hostsdatei benötigt

Zitat:

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 crl.verisign.net
O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 127.0.0.1 practivate.adobe
O1 - Hosts: 127.0.0.1 practivate.adobe

ro-mann · 02.12.2011, 19:44

Hm, keine Ahnung das verwende ich nie, hat meine Schwester installiert, weil ihr Computer zu langsam ist. Soweit ich weiss hat sie es gekauft.

Lg,
Roman

cosinus · 02.12.2011, 20:00

Zitat:

Soweit ich weiss hat sie es gekauft.

Sry aber das kann nicht sein. Eine Kaufversion muss aktiviert werden. Und du kannst diese Adobe-Installation nicht aktivieren wenn o.g. Einträge in der Hosts-Datei sind. Diese sind typischerweise auf Rechnern zu finden, die eine gecrackte/illegale Version von Adobe installiert haben.

02.12.2011, 11:38	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	scrinject.b.gen in Browser Cache Ich will das Log von ESET noch sehen __________________ Logfiles bitte immer in CODE-Tags posten

02.12.2011, 14:46	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	scrinject.b.gen in Browser Cache TrueCrypt kann anbleiben __________________ Logfiles bitte immer in CODE-Tags posten

scrinject.b.gen in Browser Cache

Log-Analyse und Auswertung: scrinject.b.gen in Browser Cache