Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
isecurity.exe Virus!

isecurity.exe Virus!


Log-Analyse und Auswertung: isecurity.exe Virus!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 19.03.2012, 16:45   #1
Timothius
 
isecurity.exe Virus! - Standard

isecurity.exe Virus!


Hallo

Hab bei Euch schon einen Beitrag unter "isecurity.exe, virus?" gefunden und Ihr hattet auch eine Anleitung zur Hilfe geschrieben. Nur wollte ich dem Hinweis folgen, einen eigenen Beitrag aufzumachen, um mein Problem gesondert zu besprechen.

Ausgangslage ist absolut identisch...meine Freundin hat sich, ohne es zu merken, diese "Internetsecurity" Software auf den Rechner geholt (HP Compaq Laptop mit Vista Home Basic). Nun läuft das Programm im Hintergrund und schickt eine verrückte Warnmeldung nach der anderen und jedes Program das ich öffnen möchte (inkl. Taskmanager) ist angeblich mit diesem Wurm infiziert und lässt sich nicht öffnen. Das Program bietet angeblich Hilfe bei erfolgter online Resgistrierung, was ich nicht gemacht habe.

Ich denke Ihr wisst schon was ich meine und hoffe, mit Blick auf den anderen, oben erwähnten ganz ähnlichen Beitrag, hoffe ich Ihr könnt mir und meiner Freundin helfen. (Wichtig wäre für uns auch zu wissen, wo wir uns das eingefangen haben könnten...)

Danke schonmal im Vorraus

T. & S.

Alt 19.03.2012, 17:06   #2
markusg
/// Malware-holic
 
isecurity.exe Virus! - Standard

isecurity.exe Virus!


hi,
versuch erst mal folgendes.
neustart, f8 drücken abgesicherter modus mit netzwerk wählen, im betroffenen konto anmelden.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 20.03.2012, 00:59   #3
Timothius
 
isecurity.exe Virus! - Standard

isecurity.exe Virus!


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.03.2012 00:43:13 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Silvorum\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Alemania | Language: DEU | Date Format: dd.MM.yyyy
 
1013,31 Mb Total Physical Memory | 640,10 Mb Available Physical Memory | 63,17% Memory free
2,23 Gb Paging File | 1,99 Gb Available in Paging File | 89,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106,98 Gb Total Space | 27,35 Gb Free Space | 25,56% Space Free | Partition Type: NTFS
Drive D: | 4,81 Gb Total Space | 1,38 Gb Free Space | 28,73% Space Free | Partition Type: NTFS
 
Computer Name: SILVORUM1 | User Name: Silvorum | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.20 00:39:12 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Silvorum\Downloads\OTL.exe
PRC - [2011.12.12 03:41:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.06.26 09:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008.11.17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2006.11.19 12:32:16 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006.11.16 10:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.16 05:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.16 03:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.09 10:02:30 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Controlador del adaptador Intel(R)
DRV - [2006.08.04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.06.28 09:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.06.28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP - United States | Laptop Computers, Desktops, Printers, Servers and more
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP - United States | Laptop Computers, Desktops, Printers, Servers and more
IE - HKLM\..\SearchScopes,DefaultScope = {03B6DA69-4CAD-4571-9D65-A5EA2ECB530D}
IE - HKLM\..\SearchScopes\{03B6DA69-4CAD-4571-9D65-A5EA2ECB530D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP - United States | Laptop Computers, Desktops, Printers, Servers and more
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {03B6DA69-4CAD-4571-9D65-A5EA2ECB530D}
IE - HKCU\..\SearchScopes\{03B6DA69-4CAD-4571-9D65-A5EA2ECB530D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20120206,16981,0,27,0"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.netassistant.keyword.url: "hxxp://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={8BF95631-4CCF-46A6-83D7-27FE72935BE4}&Version=3.6.5&Vintage=20120206&Defaultbrowserid=27&Productid=2326&Vendorid=5750&Offerid=16983&searchterm="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.18 03:53:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.12.10 20:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvorum\AppData\Roaming\mozilla\Extensions
[2012.01.29 18:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvorum\AppData\Roaming\mozilla\Firefox\Profiles\mihoogpf.default\extensions
[2012.03.18 03:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\SILVORUM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MIHOOGPF.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI
() (No name found) -- C:\USERS\SILVORUM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MIHOOGPF.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI
[2012.03.18 03:53:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.10 15:26:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.10 15:26:47 | 000,003,996 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
[2012.02.10 15:26:47 | 000,001,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
[2012.02.10 15:26:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.02.10 15:26:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
[2012.02.10 15:26:47 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Archivos de programa\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Internet Security] C:\Users\Silvorum\AppData\Roaming\isecurity.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F70EFB2-51ED-46EF-94BB-BF30687A71AE}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -H-- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{81800a3c-5309-11e1-b0dd-001636d3ed93}\Shell - "" = AutoRun
O33 - MountPoints2\{81800a3c-5309-11e1-b0dd-001636d3ed93}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{c22fc88f-234a-11e1-9240-001636d3ed93}\Shell - "" = AutoRun
O33 - MountPoints2\{c22fc88f-234a-11e1-9240-001636d3ed93}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F7335613-313E-CF71-0329-E76779EE8020} - Browser Customizations
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Silvorum^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk -  - File not found
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.14 15:20:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.03.14 15:06:50 | 000,000,000 | R--D | C] -- C:\Users\Silvorum\Documents\Desktop
[2012.03.14 06:36:39 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2012.02.25 22:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2012.02.25 22:26:40 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll
[2012.02.25 22:26:40 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll
[2012.02.25 22:26:40 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll
[2012.02.25 22:26:40 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll
[2012.02.25 22:26:40 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll
[2012.02.25 22:26:40 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll
[2012.02.25 22:26:40 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll
[2012.02.25 22:26:40 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll
[2012.02.25 22:26:36 | 000,000,000 | ---D | C] -- C:\Users\Silvorum\AppData\Roaming\FreeAudioPack
[2012.02.25 22:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter
[2012.02.25 22:25:43 | 000,000,000 | ---D | C] -- C:\Users\Silvorum\AppData\Local\PackageAware
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.20 00:40:06 | 000,653,300 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012.03.20 00:40:06 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.20 00:40:06 | 000,127,228 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012.03.20 00:40:06 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.20 00:35:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.20 00:34:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.03.20 00:33:58 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012.03.20 00:33:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 00:33:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 15:43:12 | 000,000,150 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012.03.19 15:27:26 | 000,000,692 | ---- | M] () -- C:\Users\Silvorum\Desktop\Internet Security.lnk
[2012.03.19 15:27:24 | 000,861,184 | ---- | M] () -- C:\Users\Silvorum\AppData\Roaming\isecurity.exe
[2012.03.18 20:39:56 | 000,655,325 | ---- | M] () -- C:\Users\Silvorum\Desktop\nl-71997.jpg
[2012.03.18 20:38:01 | 000,354,557 | ---- | M] () -- C:\Users\Silvorum\Desktop\Imagen 1200.jpg
[2012.03.16 19:44:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012.03.15 17:08:59 | 001,692,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.14 06:02:51 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2012.03.14 06:02:43 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2012.03.12 13:21:16 | 000,010,752 | ---- | M] () -- C:\Users\Silvorum\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.03.19 15:27:26 | 000,000,692 | ---- | C] () -- C:\Users\Silvorum\Desktop\Internet Security.lnk
[2012.03.19 15:27:23 | 000,861,184 | ---- | C] () -- C:\Users\Silvorum\AppData\Roaming\isecurity.exe
[2012.03.18 20:39:51 | 000,655,325 | ---- | C] () -- C:\Users\Silvorum\Desktop\nl-71997.jpg
[2012.03.18 20:37:52 | 000,354,557 | ---- | C] () -- C:\Users\Silvorum\Desktop\Imagen 1200.jpg
[2012.03.16 19:44:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012.03.14 13:21:03 | 000,000,949 | ---- | C] () -- C:\Users\Silvorum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.03.14 02:30:00 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2012.02.28 12:17:00 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.02.28 12:17:00 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.02.28 12:17:00 | 000,153,088 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2012.02.25 22:26:41 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2012.02.25 22:26:37 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.12.19 12:06:06 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.12.16 19:33:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.12.16 15:33:29 | 000,000,160 | ---- | C] () -- C:\Users\Silvorum\AppData\Roaming\wklnhst.dat
[2011.12.10 19:40:57 | 000,010,752 | ---- | C] () -- C:\Users\Silvorum\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.19 12:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011.01.19 12:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011.01.19 12:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011.01.19 11:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
 
========== LOP Check ==========
 
[2012.02.13 15:41:04 | 000,000,000 | ---D | M] -- C:\Users\Silvorum\AppData\Roaming\FinalMediaPlayer
[2012.02.25 22:28:08 | 000,000,000 | ---D | M] -- C:\Users\Silvorum\AppData\Roaming\FreeAudioPack
[2011.12.16 14:15:06 | 000,000,000 | ---D | M] -- C:\Users\Silvorum\AppData\Roaming\OpenOffice.org
[2011.12.16 19:33:49 | 000,000,000 | ---D | M] -- C:\Users\Silvorum\AppData\Roaming\pdfforge
[2011.12.16 15:33:32 | 000,000,000 | ---D | M] -- C:\Users\Silvorum\AppData\Roaming\Template
[2012.03.20 00:33:58 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2012.03.20 00:34:45 | 000,030,822 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.12.10 18:06:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.12.10 17:28:31 | 000,000,000 | -HSD | M] -- C:\Archivos de programa
[2012.03.14 13:16:34 | 000,000,000 | -HSD | M] -- C:\boot
[2011.12.10 17:28:31 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2006.12.19 21:00:16 | 000,000,000 | -H-D | M] -- C:\HP
[2012.03.14 06:36:39 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.14 02:06:55 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.12 20:14:07 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.12.10 18:06:22 | 000,000,000 | ---D | M] -- C:\SwSetup
[2012.03.18 18:22:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.10 18:06:22 | 000,000,000 | -H-D | M] -- C:\System.sav
[2011.12.10 17:32:30 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.19 16:22:23 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2011.01.19 12:33:04 | 000,475,016 | ---- | M] () -- C:\Program Files\setup.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\drivers\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.01.19 06:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.01.19 06:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.01.19 05:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.12.12 03:41:42 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011.12.12 03:41:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\explorer.exe
[2011.12.12 03:41:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011.12.12 03:41:40 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.08.27 04:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.08.27 03:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2011.12.12 03:41:42 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\System32\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\System32\scecli.dll
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2011.12.12 03:13:30 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2011.12.12 03:13:31 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\WINDOWS\System32\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\System32\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.03.20 00:46:20 | 001,048,576 | -HS- | M] () -- C:\Users\Silvorum\NTUSER.DAT
[2012.03.20 00:46:20 | 000,262,144 | -H-- | M] () -- C:\Users\Silvorum\ntuser.dat.LOG1
[2011.12.10 17:32:30 | 000,000,000 | -H-- | M] () -- C:\Users\Silvorum\ntuser.dat.LOG2
[2012.03.20 00:34:43 | 000,065,536 | -HS- | M] () -- C:\Users\Silvorum\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2012.03.20 00:34:43 | 000,524,288 | -HS- | M] () -- C:\Users\Silvorum\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2011.12.10 19:42:38 | 000,524,288 | -HS- | M] () -- C:\Users\Silvorum\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2011.12.10 17:32:31 | 000,000,020 | -HS- | M] () -- C:\Users\Silvorum\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
--- --- ---
__________________
Alt 20.03.2012, 01:03   #4
Timothius
 
isecurity.exe Virus! - Standard

isecurity.exe Virus!


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.03.2012 00:43:13 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Silvorum\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Alemania | Language: DEU | Date Format: dd.MM.yyyy
 
1013,31 Mb Total Physical Memory | 640,10 Mb Available Physical Memory | 63,17% Memory free
2,23 Gb Paging File | 1,99 Gb Available in Paging File | 89,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106,98 Gb Total Space | 27,35 Gb Free Space | 25,56% Space Free | Partition Type: NTFS
Drive D: | 4,81 Gb Total Space | 1,38 Gb Free Space | 28,73% Space Free | Partition Type: NTFS
 
Computer Name: SILVORUM1 | User Name: Silvorum | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6060D30B-81E5-4ADE-BB52-554C4975A29B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7842413F-007D-4A94-92C6-2A56F4790999}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{84F01261-29AE-460E-9A6D-95386725E511}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe | 
"{968618A9-EE5A-41F6-9F23-C596801BB859}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{B2256F89-1142-403A-9602-8B5C5DF10517}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F2DECAD1-0906-4A29-80FF-79E3A4AC7369}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{FFCB84B9-5654-48C0-9A67-ADCCC4016041}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80DDC39C-8CB5-49de-9748-36C990922110}" = Microsoft Works
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1034-7B44-A70500000002}" = Adobe Reader 7.0.5 - Español
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}" = HP User Guide 0048
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"FinalMediaPlayer_is1" = Final Media Player 2011
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 es-ES)" = Mozilla Firefox 11.0 (x86 es-ES)
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.03.2012 21:53:25 | Computer Name = Silvorum1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2629600
 
Error - 16.03.2012 21:53:25 | Computer Name = Silvorum1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2629600
 
Error - 16.03.2012 21:53:34 | Computer Name = Silvorum1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.03.2012 21:53:35 | Computer Name = Silvorum1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2638492
 
Error - 16.03.2012 21:53:35 | Computer Name = Silvorum1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2638492
 
Error - 16.03.2012 21:53:36 | Computer Name = Silvorum1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.03.2012 21:53:36 | Computer Name = Silvorum1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2640192
 
Error - 16.03.2012 21:53:36 | Computer Name = Silvorum1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2640192
 
Error - 19.03.2012 11:23:12 | Computer Name = Silvorum1 | Source = EventSystem | ID = 4609
Description = 
 
Error - 19.03.2012 19:36:15 | Computer Name = Silvorum1 | Source = EventSystem | ID = 4609
Description = 
 
[ System Events ]
Error - 05.03.2012 10:59:55 | Computer Name = Silvorum1 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.03.2012 18:15:59 | Computer Name = Silvorum1 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.03.2012 06:32:08 | Computer Name = Silvorum1 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.03.2012 06:02:37 | Computer Name = Silvorum1 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.03.2012 06:39:32 | Computer Name = Silvorum1 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.03.2012 17:38:11 | Computer Name = Silvorum1 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.03.2012 18:36:12 | Computer Name = Silvorum1 | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 13.03.2012 19:33:22 | Computer Name = Silvorum1 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.03.2012 21:41:33 | Computer Name = Silvorum1 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 13.03.2012 21:48:18 | Computer Name = Silvorum1 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
 
< End of report >
--- --- ---
Alt 20.03.2012, 12:12   #5
markusg
/// Malware-holic
 
isecurity.exe Virus! - Standard

isecurity.exe Virus!


hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [Internet Security] C:\Users\Silvorum\AppData\Roaming\isecurity.exe ()
 :Files
C:\Users\Silvorum\AppData\Roaming\isecurity.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.03.2012, 00:12   #6
Timothius
 
isecurity.exe Virus! - Standard

isecurity.exe Virus!


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security deleted successfully.
C:\Users\Silvorum\AppData\Roaming\isecurity.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Silvorum
->Flash cache emptied: 5905 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Silvorum
->Temp folder emptied: 10066595 bytes
->Temporary Internet Files folder emptied: 1855588 bytes
->Java cache emptied: 27408 bytes
->FireFox cache emptied: 57144744 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2132511 bytes
RecycleBin emptied: 435888 bytes

Total Files Cleaned = 68,00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 03212012_000320

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




...ES HAT ALLES GUT GEKLAPPT...DANKE EUCH!

Alt 21.03.2012, 11:25   #7
markusg
/// Malware-holic
 
isecurity.exe Virus! - Standard

isecurity.exe Virus!


danke für den upload.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.03.2012, 22:17   #8
Timothius
 
isecurity.exe Virus! - Standard

isecurity.exe Virus!


Combofix Logfile:
Code:
ATTFilter
ComboFix 12-03-26.02 - Silvorum 26.03.2012  22:33:26.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.3082.18.1013.266 [GMT 2:00]
ausgeführt von:: c:\users\Silvorum\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
.
Infizierte Kopie von c:\windows\system32\Drivers\atapi.sys wurde gefunden und desinfiziert 
Kopie von - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-26 bis 2012-03-26  ))))))))))))))))))))))))))))))
.
.
2012-03-25 02:17 . 2012-03-25 02:17	--------	d-----w-	c:\program files\Windows Portable Devices
2012-03-25 00:52 . 2012-03-20 02:53	6582328	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F686080-E708-4B28-977A-1D4239AA0FD1}\mpengine.dll
2012-03-24 22:53 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2012-03-24 22:53 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2012-03-24 22:53 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2012-03-24 22:51 . 2009-10-01 01:02	31232	----a-w-	c:\windows\system32\BthMtpContextHandler.dll
2012-03-24 22:51 . 2009-10-01 01:01	60928	----a-w-	c:\windows\system32\PortableDeviceConnectApi.dll
2012-03-24 22:51 . 2009-10-01 01:01	40448	----a-w-	c:\windows\system32\drivers\WpdUsb.sys
2012-03-24 22:51 . 2009-10-01 01:02	334848	----a-w-	c:\windows\system32\PortableDeviceApi.dll
2012-03-24 22:51 . 2009-10-01 01:01	160256	----a-w-	c:\windows\system32\PortableDeviceTypes.dll
2012-03-24 22:51 . 2009-10-01 01:01	196608	----a-w-	c:\windows\system32\PortableDeviceWMDRM.dll
2012-03-24 22:51 . 2009-10-01 01:01	100864	----a-w-	c:\windows\system32\PortableDeviceClassExtension.dll
2012-03-24 22:51 . 2009-10-01 01:01	227840	----a-w-	c:\windows\system32\drivers\UMDF\WpdFs.dll
2012-03-24 22:51 . 2009-10-01 01:01	839168	----a-w-	c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2012-03-24 22:39 . 2012-03-24 22:39	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2012-03-24 22:38 . 2012-03-24 22:38	252928	----a-w-	c:\windows\system32\dxdiag.exe
2012-03-24 22:38 . 2012-03-24 22:38	195584	----a-w-	c:\windows\system32\dxdiagn.dll
2012-03-24 22:38 . 2012-03-24 22:38	519680	----a-w-	c:\windows\system32\d3d11.dll
2012-03-24 22:38 . 2012-03-24 22:38	321024	----a-w-	c:\windows\system32\PhotoMetadataHandler.dll
2012-03-24 20:26 . 2011-10-27 08:01	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-24 20:26 . 2011-10-27 08:01	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-24 20:26 . 2011-07-29 16:01	293376	----a-w-	c:\windows\system32\psisdecd.dll
2012-03-24 20:26 . 2011-07-29 16:01	217088	----a-w-	c:\windows\system32\psisrndr.ax
2012-03-24 20:26 . 2011-07-29 16:00	57856	----a-w-	c:\windows\system32\MSDvbNP.ax
2012-03-24 20:26 . 2011-07-29 16:00	69632	----a-w-	c:\windows\system32\Mpeg2Data.ax
2012-03-24 20:26 . 2011-10-14 16:00	23552	----a-w-	c:\windows\system32\mciseq.dll
2012-03-24 20:26 . 2012-02-02 15:16	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-24 20:26 . 2011-11-18 20:23	1205064	----a-w-	c:\windows\system32\ntdll.dll
2012-03-24 20:25 . 2011-10-14 16:02	429056	----a-w-	c:\windows\system32\EncDec.dll
2012-03-24 20:25 . 2011-02-22 13:33	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-24 20:25 . 2011-02-22 13:33	797696	----a-w-	c:\windows\system32\FntCache.dll
2012-03-24 20:24 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2012-03-24 20:24 . 2011-12-14 16:17	680448	----a-w-	c:\windows\system32\msvcrt.dll
2012-03-24 20:24 . 2011-09-20 21:02	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-24 20:22 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
2012-03-24 20:20 . 2012-01-31 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-03-24 20:12 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2012-03-24 20:07 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-24 20:07 . 2012-01-09 13:58	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-24 15:02 . 2012-03-24 15:03	--------	d-----w-	c:\windows\system32\ca-ES
2012-03-24 15:02 . 2012-03-24 15:03	--------	d-----w-	c:\windows\system32\eu-ES
2012-03-24 15:02 . 2012-03-24 15:03	--------	d-----w-	c:\windows\system32\vi-VN
2012-03-24 13:58 . 2012-03-24 13:58	--------	d-----w-	c:\windows\system32\EventProviders
2012-03-24 11:41 . 2009-04-11 06:28	324608	----a-w-	c:\windows\system32\sdohlp.dll
2012-03-24 11:40 . 2009-04-11 06:28	250368	----a-w-	c:\windows\system32\wevtapi.dll
2012-03-24 11:39 . 2009-04-11 06:28	274432	----a-w-	c:\windows\system32\bcrypt.dll
2012-03-24 11:38 . 2009-04-11 06:22	413696	----a-w-	c:\windows\system32\imkr80.ime
2012-03-24 11:37 . 2009-04-11 06:28	171008	----a-w-	c:\windows\system32\apphelp.dll
2012-03-24 11:36 . 2009-04-11 06:27	60928	----a-w-	c:\windows\system32\findstr.exe
2012-03-24 11:35 . 2009-04-11 06:28	67584	----a-w-	c:\windows\system32\regapi.dll
2012-03-24 11:34 . 2009-04-11 06:28	243712	----a-w-	c:\program files\Movie Maker\WMM2CLIP.dll
2012-03-24 11:33 . 2009-04-11 06:28	37888	----a-w-	c:\windows\system32\wbem\unsecapp.exe
2012-03-24 11:32 . 2009-04-11 06:28	15360	----a-w-	c:\windows\system32\inetppui.dll
2012-03-24 11:32 . 2009-04-11 06:28	17408	----a-w-	c:\windows\system32\midimap.dll
2012-03-24 11:32 . 2009-04-11 04:42	52992	----a-w-	c:\windows\system32\drivers\stream.sys
2012-03-24 11:32 . 2009-04-11 04:46	33280	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-03-24 11:32 . 2009-04-11 05:42	93696	----a-w-	c:\windows\system32\drivers\bridge.sys
2012-03-24 11:32 . 2009-04-11 04:46	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2012-03-24 11:32 . 2009-04-11 04:46	41472	----a-w-	c:\windows\system32\drivers\raspppoe.sys
2012-03-24 11:32 . 2009-04-11 06:22	7168	----a-w-	c:\windows\system32\f3ahvoas.dll
2012-03-24 11:32 . 2009-04-11 04:27	2560	----a-w-	c:\windows\system32\msimsg.dll
2012-03-24 11:31 . 2009-04-11 06:43	40960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\es\Microsoft.Ink.Resources.dll
2012-03-24 11:31 . 2009-04-11 06:28	83968	----a-w-	c:\windows\system32\wbem\wmiutils.dll
2012-03-24 11:31 . 2009-04-11 06:28	30208	----a-w-	c:\windows\system32\wbem\wbemprox.dll
2012-03-24 11:31 . 2009-04-11 06:28	189440	----a-w-	c:\windows\system32\wbem\mofd.dll
2012-03-24 11:31 . 2009-04-11 06:28	744448	----a-w-	c:\windows\system32\wbem\wbemcore.dll
2012-03-24 11:31 . 2009-04-11 06:28	265728	----a-w-	c:\windows\system32\wbem\repdrvfs.dll
2012-03-24 11:31 . 2009-04-11 06:28	614912	----a-w-	c:\windows\system32\wbem\fastprox.dll
2012-03-24 11:31 . 2009-04-11 06:28	265728	----a-w-	c:\windows\system32\wbem\esscli.dll
2012-03-24 11:30 . 2009-04-11 06:28	705536	----a-w-	c:\windows\system32\SmiEngine.dll
2012-03-24 11:30 . 2009-04-11 06:28	218624	----a-w-	c:\windows\system32\wdscore.dll
2012-03-24 11:30 . 2009-04-11 06:27	130560	----a-w-	c:\windows\system32\PkgMgr.exe
2012-03-24 11:29 . 2009-04-11 06:28	247808	----a-w-	c:\windows\system32\drvstore.dll
2012-03-22 21:26 . 2012-03-20 02:53	6582328	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-22 02:03 . 2012-03-22 02:03	--------	d-----w-	c:\program files\Microsoft.NET
2012-03-21 22:42 . 2012-03-21 22:42	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2012-03-20 23:45 . 2012-02-09 12:17	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-03-20 23:45 . 2012-02-09 12:17	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51317BFD-18BC-426F-B783-8553E09C7F12}\gapaengine.dll
2012-03-20 23:43 . 2008-05-27 04:59	18904	----a-w-	c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-03-20 23:39 . 2012-03-20 23:39	--------	d-----w-	c:\users\Default\AppData\Roaming\hpqLog
2012-03-20 23:38 . 2009-04-29 06:46	15872	----a-w-	c:\windows\system32\drivers\HpqKbFiltr.sys
2012-03-20 23:38 . 2006-11-02 05:09	1419232	----a-w-	c:\windows\system32\drivers\wdfcoinstaller01005.dll
2012-03-20 23:37 . 2012-03-20 23:37	--------	d-----w-	c:\windows\QLB
2012-03-20 23:36 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{148AB9A8-932C-480F-8180-FA90D0DF8923}\mpengine.dll
2012-03-20 23:29 . 2012-03-20 23:32	--------	d-----w-	c:\program files\Microsoft Security Client
2012-03-20 23:21 . 2009-10-09 21:55	79872	----a-w-	c:\windows\system32\wecutil.exe
2012-03-20 23:21 . 2009-10-09 21:55	146944	----a-w-	c:\windows\system32\wecsvc.dll
2012-03-20 23:21 . 2009-10-09 21:55	81408	----a-w-	c:\windows\system32\wevtfwd.dll
2012-03-20 23:21 . 2009-10-09 21:55	56320	----a-w-	c:\windows\system32\wecapi.dll
2012-03-20 23:21 . 2009-10-09 21:56	41472	----a-w-	c:\windows\system32\pwrshplugin.dll
2012-03-20 23:19 . 2010-08-26 16:34	1696256	----a-w-	c:\windows\system32\gameux.dll
2012-03-20 23:19 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2012-03-20 23:19 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2012-03-20 23:03 . 2012-03-20 23:09	--------	d-----w-	C:\_OTL
2012-03-18 02:53 . 2012-03-18 02:53	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 02:53 . 2012-03-18 02:53	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-15 15:17 . 2009-11-08 09:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2012-03-15 15:17 . 2009-11-08 09:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2012-03-15 15:17 . 2009-11-08 09:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2012-03-15 15:17 . 2009-11-08 09:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2012-03-15 15:17 . 2009-11-08 09:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2012-03-14 12:49 . 2011-02-22 13:23	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2012-03-14 12:49 . 2011-04-14 14:59	75264	----a-w-	c:\windows\system32\drivers\dfsc.sys
2012-03-14 12:47 . 2010-12-14 14:49	1169408	----a-w-	c:\windows\system32\sdclt.exe
2012-03-14 12:47 . 2010-06-17 18:08	10926592	----a-w-	c:\program files\Movie Maker\MOVIEMK.dll
2012-03-14 12:47 . 2010-06-17 16:16	150016	----a-w-	c:\program files\Movie Maker\MOVIEMK.exe
2012-03-14 12:47 . 2011-04-29 13:25	146432	----a-w-	c:\windows\system32\drivers\srv2.sys
2012-03-14 12:47 . 2011-04-29 13:25	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2012-03-14 12:47 . 2010-04-05 17:02	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2012-03-14 12:47 . 2010-08-31 15:46	954752	----a-w-	c:\windows\system32\mfc40.dll
2012-03-14 12:47 . 2010-08-31 15:46	954288	----a-w-	c:\windows\system32\mfc40u.dll
2012-03-14 12:47 . 2010-06-18 17:31	36864	----a-w-	c:\windows\system32\rtutils.dll
2012-03-14 12:47 . 2010-12-29 18:28	322560	----a-w-	c:\windows\system32\sbe.dll
2012-03-14 12:47 . 2010-12-29 18:28	153088	----a-w-	c:\windows\system32\sbeio.dll
2012-03-14 12:47 . 2010-12-29 18:26	177664	----a-w-	c:\windows\system32\mpg2splt.ax
2012-03-14 12:46 . 2010-11-04 18:55	601600	----a-w-	c:\windows\system32\schedsvc.dll
2012-03-14 12:46 . 2010-11-04 18:55	352768	----a-w-	c:\windows\system32\taskschd.dll
2012-03-14 12:46 . 2010-11-04 18:55	270336	----a-w-	c:\windows\system32\taskcomp.dll
2012-03-14 12:46 . 2010-11-04 16:34	171520	----a-w-	c:\windows\system32\taskeng.exe
2012-03-14 12:46 . 2011-05-02 17:16	739328	----a-w-	c:\windows\system32\inetcomm.dll
2012-03-14 12:46 . 2010-10-18 13:37	81920	----a-w-	c:\windows\system32\consent.exe
2012-03-14 12:46 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-03-14 12:45 . 2010-12-17 15:45	2067968	----a-w-	c:\windows\system32\mstscax.dll
2012-03-14 12:45 . 2010-12-17 13:54	677888	----a-w-	c:\windows\system32\mstsc.exe
2012-03-14 12:45 . 2009-04-11 06:28	63488	----a-w-	c:\windows\system32\tscupgrd.exe
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-24 22:41 . 2012-03-24 22:41	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-03-24 22:39 . 2012-03-24 22:39	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2012-03-24 22:39 . 2012-03-24 22:39	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2012-03-24 22:39 . 2012-03-24 22:39	258048	----a-w-	c:\windows\system32\winspool.drv
2012-03-24 22:39 . 2012-03-24 22:39	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2012-03-24 22:38 . 2012-03-24 22:38	4096	----a-w-	c:\windows\system32\drivers\es-ES\dxgkrnl.sys.mui
2012-03-24 22:38 . 2012-03-24 22:38	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2012-03-24 22:38 . 2012-03-24 22:38	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2012-03-24 22:38 . 2012-03-24 22:38	189440	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2012-03-14 05:16 . 2011-12-10 17:16	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-14 05:02 . 2006-11-02 10:32	101888	----a-w-	c:\windows\system32\ifxcardm.dll
2012-03-14 05:02 . 2006-11-02 10:32	82432	----a-w-	c:\windows\system32\axaltocm.dll
2012-02-23 08:18 . 2011-12-11 12:28	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-01-19 11:34 . 2011-01-19 11:34	3003392	----a-w-	c:\program files\openofficeorg33.msi
2012-03-18 02:53 . 2011-12-10 19:32	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Silvorum^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Silvorum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-26 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-02-10 13:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=PRESARIO&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Silvorum\AppData\Roaming\Mozilla\Firefox\Profiles\mihoogpf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-26 22:48
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-26  22:56:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-26 20:55
.
Vor Suchlauf: 29.436.051.456 bytes libres
Nach Suchlauf: 29.318.225.920 bytes libres
.
- - End Of File - - EA02B488FEFC71FAD88C90E97BB67A43
--- --- ---
Alt 27.03.2012, 09:18   #9
markusg
/// Malware-holic
 
isecurity.exe Virus! - Standard

isecurity.exe Virus!


öffne bitte c: qoobox.
rechtsklick quarantain, ebenfalls packen, im upload channel hochladen, und bitte bescheid geben, wenn dies erledigt ist.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu isecurity.exe Virus!
anleitung, bietet, eingefangen, folge, freundin, hintergrund, home, ide, infiziert, internet security, isecurity.exe, laptop, meldung, online, pishing program, problem, programm, rechner, software, taskmanager, virus, virus?, vista, warnmeldung, wichtig, wurm, öffnen


« Computer startet mit weißem Bildschirm und einer Meldung... | Aus Sicherheitsgruenden wurde ihr Windowssystem blockiert »


Ähnliche Themen: isecurity.exe Virus!


  1. isecurity.exe beim surfen eingefangen...wie werde ich das Ding sauber los!
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (24)
  2. Isecurity.exe hat auch mich getroffen...
    Log-Analyse und Auswertung - 05.03.2012 (16)
  3. isecurity.exe , virus?
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (9)
  4. Infiziert ?: isecurity u. Firewall fehlerhaft
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (1)
  5. Virus versenden; virus angriff; virus schützen; rache;
    Log-Analyse und Auswertung - 06.12.2010 (10)
  6. AVG Anti Virus free meldet Virus PSW.Generic7.BWMP, Virus läßt sich nicht beseitigen
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (21)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema isecurity.exe Virus! - Hallo Hab bei Euch schon einen Beitrag unter "isecurity.exe, virus?" gefunden und Ihr hattet auch eine Anleitung zur Hilfe geschrieben. Nur wollte ich dem Hinweis folgen, einen eigenen Beitrag aufzumachen, - isecurity.exe Virus!...
Archiv
Du betrachtest: isecurity.exe Virus! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55