Jump to content

Recommended Posts

Hi!

I have a Chrome Portable Browser in a TrueCrypt container. Now I've checked it with Nod32 and it found 2 scrinject.b.gen Viruses in the browser cache. Nod32 then deleted it, when scanning again it diedn't find anything. Am I infected?

Here the Nod32 Scan:

Version der Signaturdatenbank: 6673 (20111130)
Datum: 01.12.2011 Uhrzeit: 10:14:00
Geprüfte Laufwerke, Ordner und Dateien: M:\Bootsektor;M:\;V:\Bootsektor;V:\
M:\Backup\IronPortable\Profile\Default\Cache\f_000 0df - HTML/ScrInject.B.Gen Virus - Aktionsauswahl aufgeschoben bis zum Abschluss des Scans
M:\Backup\IronPortable\Profile\Default\Cache\f_000 0e6 - HTML/ScrInject.B.Gen Virus - Aktionsauswahl aufgeschoben bis zum Abschluss des Scans
M:\Backup\IronPortable\Profile\Default\Cache\f_000 2cf » GZIP » f_0002cf - Archiv beschädigt
M:\Backup\IronPortable\Profile\Default\Cache\f_000 2d0 » GZIP » f_0002d0 - Archiv beschädigt
M:\Dropbox\Software\KeePass-1.20-Setup.exe » INNO » files.info - Option wird nicht unterstützt
M:\Dropbox\Software\KeePass-2.17-Setup.exe » INNO » files.info - Option wird nicht unterstützt
M:\Eigene Dateien\pinfect.zip » ZIP » ARJ.PIF - Fehler - Datei ist passwortgeschützt
M:\Eigene Dateien\pinfect.zip » ZIP » LHA.PIF - Fehler - Datei ist passwortgeschützt
M:\Eigene Dateien\pinfect.zip » ZIP » NOCLOSE.PIF - Fehler - Datei ist passwortgeschützt
M:\Eigene Dateien\pinfect.zip » ZIP » RAR.PIF - Fehler - Datei ist passwortgeschützt
M:\Eigene Dateien\pinfect.zip » ZIP » UC.PIF - Fehler - Datei ist passwortgeschützt
M:\Eigene Dateien\Dao\material dao\SoftonicDownloader_fuer_mozilla-firefox.exe - Variante von Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung - Aktionsauswahl aufgeschoben bis zum Abschluss des Scans
V:\Backup\clockworkmod\backup\2011-11-29.16.06.48_MIUI\data.ext4.tar » TAR » data/data/com.android.email/files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\Backup\clockworkmod\backup\2011-11-29.16.06.48_MIUI\data.ext4.tar » TAR » data/data/com.ideashower.readitlater.pro/app_plugins/com.adobe.flashplayer/.macromedia/Flash_Player/ - Archiv beschädigt
V:\Backup\download\miui_ger_GALAXY_S2_1.11.25_FULL _EN_DE.zip » ZIP » system/lib/libiprouteutil.so - Archiv beschädigt - Datei kann nicht extrahiert werden
V:\Backup\download\miui_ger_GALAXY_S2_1.11.25_FULL _EN_DE.zip » ZIP » - Archiv beschädigt
V:\Backup\MIUI\theme\Blue Dado浅色版_(798299.1).mtz.temp » ZIP » boots/bootanimation.zip » ZIP » part1/0033.jpg - Archiv beschädigt
V:\Backup\MIUI\theme\ozgurce-en_(802118.1).mtz.temp » ZIP » icons » ZIP » com.gameloft.android.GAND.GloftHAWX.Hawx.png - Archiv beschädigt
V:\Backup\MIUI\theme\雾里看花_(799447.1).mtz.temp » ZIP » wallpaper/default_lock_wallpaper.jpg - Archiv beschädigt
V:\Backup\TitaniumBackup\com.android.email-20111127-121049.tar.gz » GZIP » com.android.email-20111127-121049.tar » TAR » data/data/com.android.email/./files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\Backup\TitaniumBackup\com.samsung.swift.app.kie sair-20111127-121254.tar.gz » GZIP » com.samsung.swift.app.kiesair-20111127-121254.tar » TAR » data/data/com.samsung.swift.app.kiesair/./files/www/apps/KiesAir/js/commands/serviceCommands/musics/ - Archiv beschädigt
V:\external_sd\clockworkmod\2011-11-27.17.49.12_cm7.1\data.ext4.tar » TAR » data/data/com.android.email/files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\external_sd\clockworkmod\2011-11-27.17.49.12_cm7.1\data.ext4.tar » TAR » data/data/com.ideashower.readitlater.pro/app_plugins/com.adobe.flashplayer/.macromedia/Flash_Player/ - Archiv beschädigt
V:\external_sd\clockworkmod\2011-11-28.16.39.59_MIUI\data.ext4.tar » TAR » data/data/com.android.email/files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\external_sd\clockworkmod\2011-11-28.16.39.59_MIUI\data.ext4.tar » TAR » data/data/com.ideashower.readitlater.pro/app_plugins/com.adobe.flashplayer/.macromedia/Flash_Player/ - Archiv beschädigt
V:\external_sd\clockworkmod\2011-11-29.12.07.21_MIUI\data.ext4.tar » TAR » data/data/com.android.email/files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\external_sd\clockworkmod\2011-11-29.12.07.21_MIUI\data.ext4.tar » TAR » data/data/com.ideashower.readitlater.pro/app_plugins/com.adobe.flashplayer/.macromedia/Flash_Player/ - Archiv beschädigt
V:\external_sd\clockworkmod\2011-11-29.12.46.34_MIUI\data.ext4.tar » TAR » data/data/com.android.email/files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\external_sd\clockworkmod\2011-11-29.12.46.34_MIUI\data.ext4.tar » TAR » data/data/com.ideashower.readitlater.pro/app_plugins/com.adobe.flashplayer/.macromedia/Flash_Player/ - Archiv beschädigt
V:\external_sd\clockworkmod\2011-11-29.15.36.20_MIUI\data.ext4.tar » TAR » data/data/com.android.email/files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\external_sd\clockworkmod\2011-11-29.15.36.20_MIUI\data.ext4.tar » TAR » data/data/com.ideashower.readitlater.pro/app_plugins/com.adobe.flashplayer/.macromedia/Flash_Player/ - Archiv beschädigt
V:\external_sd\clockworkmod\2011-11-29.16.06.48_MIUI\data.ext4.tar » TAR » data/data/com.android.email/files/tempFile » MIME - - OK (eingebettete Archive NICHT geprüft)
V:\external_sd\clockworkmod\2011-11-29.16.06.48_MIUI\data.ext4.tar » TAR » data/data/com.ideashower.readitlater.pro/app_plugins/com.adobe.flashplayer/.macromedia/Flash_Player/ - Archiv beschädigt
M:\Backup\IronPortable\Profile\Default\Cache\f_000 0df - HTML/ScrInject.B.Gen Virus - gelöscht - in Quarantäne kopiert
M:\Backup\IronPortable\Profile\Default\Cache\f_000 0e6 - HTML/ScrInject.B.Gen Virus - gelöscht - in Quarantäne kopiert
M:\Eigene Dateien\Dao\material dao\SoftonicDownloader_fuer_mozilla-firefox.exe - Variante von Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung - gelöscht - in Quarantäne kopiert
Geprüfte Objekte: 403572
Erkannte Bedrohungen: 3
Anzahl gesäuberter Objekte: 3
Abgeschlossen: 10:32:47 Benötigte Zeit: 1127 Sek. (00:18:47)

Then I've checked with Malwarebytes. There 9 Trojan warnings come up. However, I've read that these are false positives:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8283

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

01.12.2011 15:40:34
mbam-log-2011-12-01 (15-40-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|M:\|V:\|)
Durchsuchte Objekte: 524118
Laufzeit: 1 Stunde(n), 21 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\glassfish3\jdk\jre\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Adobe\adobe dreamweaver cs5\JVM\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Adobe\adobe flash builder 4\jre\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Adobe\adobe flash catalyst cs5\jre\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\common files\Java\java update\jaureg.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Java\jdk1.6.0_26\jre\bin\javacpl.cpl (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Java\jdk1.6.0_26\jre\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Java\jre6\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\programdata\Adobe\CS5\jre\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.

Then I've scanned with Eset Online Scan:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f84db619bb94b146a2ebaba9c5b51c12
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-02 12:20:51
# local_time=2011-12-02 01:20:51 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=512 16777215 100 0 3050146 3050146 0 0
# compatibility_mode=5893 16776574 100 94 9009 74389218 0 0
# compatibility_mode=8192 67108863 100 0 9142 9142 0 0
# scanned=338235
# found=5
# cleaned=0
# scan_time=70423
C:\$RECYCLE.BIN\S-1-5-21-807366929-668818633-305008010-9881\$REPCFUM.zip Win32/RemoteAdmin.NetCat application (unable to clean) 00000000000000000000000000000000 I
C:\Programmdateien\winamp561_full_emusic-7plus_all.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Programmdateien\winamp5622_full_emusic-7plus_all.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\Dropbox\Software\winamp5622_full_emusic-7plus_all.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\IronPortable\Profile\Default\Cache\f_0043ec Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I

Then I've scanned with OTL (File attached, because too long

And Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:08, on 01.12.2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Nimbuzz\Nimbuzz.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
M:\IronPortable\Iron\iron.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterM odule
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [TIMEREC - Client] C:\Program Files\TIMEREC2\Client\TRC.exe
O4 - HKCU\..\Run: [Nimbuzz] C:\Program Files\Nimbuzz\Nimbuzz.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\r.\AppData\Local\Google\Update\GoogleUpd ate.exe" /c
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5 017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mmc.lan
O17 - HKLM\Software\..\Telephony: DomainName = mmc.lan
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mmc.lan
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mmc.lan
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: CDMA Device Service - Unknown owner - C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Gerätesperre/Überwachung (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 11879 bytes

Is the computer infected?

Regards,

Roman

Here the OTL Scan.

otl.txt

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.