|
Log-Analyse und Auswertung: Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.04.2011, 17:37 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Downloade Dir bitte WVCheck von Artellos.com
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2011, 21:20 | #17 |
| Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Hallo Arne,
__________________Hab nochmal eine Installation versucht, wieder nix. hier das log: Code:
ATTFilter Windows Validation Check Version: 1.9.11.5 Log Created On: 2215_08-04-2011 ----------------------- Windows Information ----------------------- Windows Version: Windows Vista Windows Mode: Normal Systemroot Path: C:\Windows WVCheck's Auto Update Check ----------------------- Auto-Update Option: Download updates and install them automatically. ----------------------- Last Success Time for Update Detection: 2011-04-08 19:24:22 Last Success Time for Update Download: 2011-04-08 19:29:51 Last Success Time for Update Installation: 2011-04-08 19:54:28 WVCheck's Registry Check Check ----------------------- Antiwpa: Not Found ----------------------- Chew7Hale: Not Found ----------------------- WVCheck's File Dump ----------------------- WVCheck found no known bad files. WVCheck's Dir Dump ----------------------- WVCheck found no known bad directories. WVCheck's Missing File Check ----------------------- WVCheck found no missing Windows files. WVCheck's MBAM Quarantine Check ----------------------- There were no bad files quarantined by MBAM. WVCheck's HOSTS File Check ----------------------- WVCheck found no bad lines in the hosts file. WVCheck's MD5 Check EXPERIMENTAL!! ----------------------- user32.dll - 63b4f59d7c89b1bf5277f1ffefd491cd -------- End of File, program close at 2215_08-04-2011 -------- Stephi |
09.04.2011, 14:09 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ |
10.04.2011, 09:25 | #19 |
| Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Hallo Arne, habe alles erledigt. Hier kommen die logs: GMER: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net Rootkit scan 2011-04-10 10:08:29 Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500BEVS-22UST0 rev.01.01A01 Running: ygfyry6u.exe; Driver: C:\Users\Zaphod\AppData\Local\Temp\uwlyipow.sys ---- System - GMER 1.0.15 ---- SSDT 90DA7A80 ZwAlertResumeThread SSDT 90DA7B60 ZwAlertThread SSDT 91D01528 ZwAllocateVirtualMemory SSDT 90CBC308 ZwAlpcConnectPort SSDT 90DA7228 ZwAssignProcessToJobObject SSDT 90DA77D0 ZwCreateMutant SSDT 90DFDF18 ZwCreateSymbolicLinkObject SSDT 91D01A30 ZwCreateThread SSDT 90DA7308 ZwDebugActiveProcess SSDT 91D016F8 ZwDuplicateObject SSDT 91D01348 ZwFreeVirtualMemory SSDT 90DA78C0 ZwImpersonateAnonymousToken SSDT 90DA79A0 ZwImpersonateThread SSDT 90C96CE8 ZwLoadDriver SSDT 91D01248 ZwMapViewOfSection SSDT 90DA76F0 ZwOpenEvent SSDT 91D018D8 ZwOpenProcess SSDT 91D01618 ZwOpenProcessToken SSDT 90DA7530 ZwOpenSection SSDT 91D017E8 ZwOpenThread SSDT 90DA7138 ZwProtectVirtualMemory SSDT 90DA7C40 ZwResumeThread SSDT 90DA7EE0 ZwSetContextThread SSDT 90DA7FC0 ZwSetInformationProcess SSDT 90DA73E8 ZwSetSystemInformation SSDT 90DA7610 ZwSuspendProcess SSDT 90DA7D20 ZwSuspendThread SSDT 91D01B10 ZwTerminateProcess SSDT 90DA7E00 ZwTerminateThread SSDT 91D01168 ZwUnmapViewOfSection SSDT 91D01438 ZwWriteVirtualMemory SSDT 90DA7038 ZwCreateThreadEx ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 53C 82880A48 4 Bytes CALL 9318D3B9 .text ntkrnlpa.exe!ZwCallbackReturn + 5CC 82880AD8 4 Bytes CALL FA19DAF4 .text ntkrnlpa.exe!ZwCallbackReturn + 7AC 82880CB8 4 Bytes CALL 4B18E730 .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xAF534300, 0x3ACC8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x8BCE0300, 0x1B7E, 0xE8000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b44e39c Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6b44e39c (not active ControlSet) Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\Electronic Arts\Der Pate\xae Das Spiel\eauninstall.exe 1 ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:17:56 on 10.04.2011 OS: Windows Vista Business Edition (Build 6000), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "Bdeadmin.cpl" - ? - C:\Windows\system32\Bdeadmin.cpl "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime Alternative\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%systemroot%\system32\sstpsvc.dll,-202" (RasSstp) - ? - C:\Windows\System32\DRIVERS\rassstp.sys (File not found) "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys "catchme" (catchme) - ? - C:\Users\Zaphod\AppData\Local\Temp\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys (File found, but it contains no detailed information) "IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110408.001\IDSvix86.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "mailKmd" (mailKmd) - ? - C:\Windows\system32\drivers\mailKmd.sys (File not found) "Motorola USB Modem Driver for MPT XP" (usbsermptxp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbsermptxp.sys "NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110409.002\NAVENG.SYS "NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110409.002\NAVEX15.SYS "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SVKP" (SVKP) - "AntiCracking" - C:\Windows\system32\SVKP.sys "Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1205000.07D\SYMDS.SYS "Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1205000.07D\SYMEFA.SYS "Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS "Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS "Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS "Symantec Vista Network Dispatch Driver" (SYMTDIv) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS "SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS "uwlyipow" (uwlyipow) - ? - C:\Users\Zaphod\AppData\Local\Temp\uwlyipow.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} "vsharechrome" - ? - (File not found | COM-object registry key not found) {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll {2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - ? - C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll {09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI239C~1\shellext.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - ? - C:\Program Files\Logitech\SetPoint\kbcplext.dll {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - ? - C:\Program Files\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corp." - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "CtrlVol" - ? - C:\Program Files\Launch Manager\CtrlVol.exe (File not found) "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "LaunchAp" - ? - C:\Program Files\Launch Manager\LaunchAp.exe (File not found) "Wbutton" - ? - C:\Program Files\Launch Manager\WButton.exe (File not found) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "Logitech Bluetooth Service" (LBTServ) - ? - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "SeaPort" (SeaPort) - "Microsoft Corp." - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Business Edition Windows Information: (build 6000), 32-bit Base Board Manufacturer: FUJITSU SIEMENS BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: FUJITSU SIEMENS System Product Name: ESPRIMO Mobile V5505 Logical Drives Mask: 0x00000024 Kernel Drivers (total 158): 0x82800000 \SystemRoot\system32\ntkrnlpa.exe 0x82BA1000 \SystemRoot\system32\hal.dll 0x802C6000 \SystemRoot\system32\kdcom.dll 0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8025D000 \SystemRoot\system32\PSHED.dll 0x80255000 \SystemRoot\system32\BOOTVID.dll 0x8021A000 \SystemRoot\system32\CLFS.SYS 0x8051F000 \SystemRoot\system32\CI.dll 0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80461000 \SystemRoot\system32\drivers\acpi.sys 0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS 0x80459000 \SystemRoot\system32\drivers\msisadrv.sys 0x80434000 \SystemRoot\system32\drivers\pci.sys 0x80425000 \SystemRoot\system32\drivers\volmgr.sys 0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8041B000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8040B000 \SystemRoot\System32\drivers\mountmgr.sys 0x80404000 \SystemRoot\system32\drivers\intelide.sys 0x807F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x807A8000 \SystemRoot\System32\drivers\volmgrx.sys 0x807A0000 \SystemRoot\system32\drivers\atapi.sys 0x80782000 \SystemRoot\system32\drivers\ataport.SYS 0x80778000 \SystemRoot\system32\drivers\msahci.sys 0x80747000 \SystemRoot\system32\drivers\fltmgr.sys 0x806F0000 \SystemRoot\system32\drivers\NIS\1205000.07D\SYMDS.SYS 0x806E0000 \SystemRoot\system32\drivers\fileinfo.sys 0x8063C000 \SystemRoot\system32\drivers\NIS\1205000.07D\SYMEFA.SYS 0x80632000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x826FC000 \SystemRoot\system32\drivers\ndis.sys 0x80607000 \SystemRoot\system32\drivers\msrpc.sys 0x826C3000 \SystemRoot\system32\drivers\NETIO.SYS 0x882F8000 \SystemRoot\System32\Drivers\Ntfs.sys 0x82659000 \SystemRoot\System32\Drivers\ksecdd.sys 0x82623000 \SystemRoot\system32\drivers\volsnap.sys 0x8261B000 \SystemRoot\System32\Drivers\spldr.sys 0x8260C000 \SystemRoot\System32\drivers\partmgr.sys 0x882E9000 \SystemRoot\System32\Drivers\mup.sys 0x882C4000 \SystemRoot\System32\drivers\ecache.sys 0x882B3000 \SystemRoot\system32\drivers\disk.sys 0x88292000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x82603000 \SystemRoot\system32\drivers\crcdisk.sys 0x8B415000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8902B000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x89034000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8B407000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8CD45000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8BC43000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8BD3D000 \SystemRoot\System32\drivers\watchdog.sys 0x8BC38000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8CD08000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8BC2A000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8BC18000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8BC01000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x8D5D1000 \SystemRoot\system32\DRIVERS\NETw4v32.sys 0x8B4F5000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8BD1D000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8BD12000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8CCDD000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8B53E000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8BCF7000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8CCC5000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8CC30000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8D591000 \SystemRoot\system32\DRIVERS\storport.sys 0x8CC25000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8CC0E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8CC03000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8D56E000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x88CE8000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8D55B000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8D4D4000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0x8D4BA000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8B530000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8D490000 \SystemRoot\system32\DRIVERS\ks.sys 0x8CC5B000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8BD57000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8D45C000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x89150000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x90B0D000 \SystemRoot\system32\drivers\CHDRT32.sys 0x90A90000 \SystemRoot\system32\drivers\portcls.sys 0x90A6B000 \SystemRoot\system32\drivers\drmk.sys 0x90A54000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x90A45000 \SystemRoot\system32\drivers\RTSTOR.SYS 0x89061000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x89160000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8B485000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8B5C0000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys 0x8B5C8000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8B5D0000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys 0x90A14000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0x89073000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8B44D000 \SystemRoot\System32\Drivers\Null.SYS 0x8B454000 \SystemRoot\System32\Drivers\Beep.SYS 0x90A08000 \SystemRoot\System32\drivers\vga.sys 0x90F9F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8B588000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8B590000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8D4C9000 \SystemRoot\System32\Drivers\Msfs.SYS 0x90F71000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8907C000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x9112B000 \SystemRoot\System32\drivers\tcpip.sys 0x90EB8000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x90EA3000 \SystemRoot\system32\DRIVERS\tdx.sys 0x90E4B000 \SystemRoot\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS 0x90E25000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS 0x90E11000 \SystemRoot\system32\DRIVERS\smb.sys 0x910E4000 \SystemRoot\system32\drivers\afd.sys 0x910B2000 \SystemRoot\System32\DRIVERS\netbt.sys 0x9109C000 \SystemRoot\system32\DRIVERS\pacer.sys 0x90E03000 \SystemRoot\system32\DRIVERS\netbios.sys 0x91089000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x91065000 \SystemRoot\system32\drivers\NIS\1205000.07D\Ironx86.SYS 0x9105A000 \SystemRoot\system32\drivers\NIS\1205000.07D\SRTSPX.SYS 0x9101F000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x90ED1000 \SystemRoot\system32\drivers\nsiproxy.sys 0x917A5000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110408.001\IDSvix86.sys 0x8B4B5000 \SystemRoot\System32\Drivers\Hotkey.SYS 0x91752000 \SystemRoot\system32\drivers\csc.sys 0x91730000 \SystemRoot\System32\Drivers\dfsc.sys 0x92339000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys 0x8BDD9000 \SystemRoot\System32\Drivers\crashdmp.sys 0x92289000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x90EE5000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x97400000 \SystemRoot\System32\win32k.sys 0x90EEF000 \SystemRoot\System32\drivers\Dxapi.sys 0x9553C000 \SystemRoot\system32\DRIVERS\monitor.sys 0xACE00000 \SystemRoot\System32\TSDDD.dll 0xACE10000 \SystemRoot\System32\cdd.dll 0x973E5000 \SystemRoot\system32\drivers\luafv.sys 0xB24C2000 \SystemRoot\system32\drivers\spsys.sys 0x891E0000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xB2497000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x90F53000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB2484000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xB2EB7000 \SystemRoot\system32\drivers\HTTP.sys 0xB2E5E000 \SystemRoot\system32\DRIVERS\bowser.sys 0xB2E3E000 \SystemRoot\system32\drivers\mrxdav.sys 0xB2E20000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xB2F27000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xB2E0E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xAF534000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x8BCE0000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xAF416000 \SystemRoot\system32\drivers\peauth.sys 0x90F0D000 \SystemRoot\System32\Drivers\secdrv.SYS 0xB3844000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x91621000 \??\C:\Windows\system32\SVKP.sys 0x922E1000 \SystemRoot\System32\drivers\tcpipreg.sys 0xB3820000 \SystemRoot\System32\DRIVERS\srv2.sys 0xB972F000 \SystemRoot\System32\DRIVERS\srv.sys 0xBD37B000 \SystemRoot\System32\Drivers\NIS\1205000.07D\SRTSP.SYS 0xBD311000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x922AA000 \SystemRoot\system32\drivers\tdtcp.sys 0x973A0000 \SystemRoot\System32\DRIVERS\tssecsrv.sys 0xBD223000 \SystemRoot\System32\Drivers\RDPWD.SYS 0xC1629000 \??\C:\Users\Zaphod\AppData\Local\Temp\uwlyipow.sys 0xBDCAD000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110409.002\NAVEX15.SYS 0xB2430000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110409.002\NAVENG.SYS 0x77660000 \Windows\System32\ntdll.dll Processes (total 51): 0 System Idle Process 4 System 464 C:\Windows\System32\smss.exe 528 csrss.exe 568 C:\Windows\System32\wininit.exe 580 csrss.exe 612 C:\Windows\System32\services.exe 624 C:\Windows\System32\lsass.exe 632 C:\Windows\System32\lsm.exe 680 C:\Windows\System32\winlogon.exe 820 C:\Windows\System32\svchost.exe 876 C:\Windows\System32\svchost.exe 1024 C:\Windows\System32\svchost.exe 1056 C:\Windows\System32\svchost.exe 1072 C:\Windows\System32\svchost.exe 1180 C:\Windows\System32\audiodg.exe 1204 C:\Windows\System32\svchost.exe 1236 C:\Windows\System32\SLsvc.exe 1292 C:\Windows\System32\svchost.exe 1480 C:\Windows\System32\svchost.exe 1688 C:\Windows\System32\spoolsv.exe 1712 C:\Windows\System32\svchost.exe 1916 C:\Windows\System32\dwm.exe 1960 C:\Windows\explorer.exe 1116 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1336 C:\Windows\System32\hkcmd.exe 1276 C:\Windows\System32\igfxpers.exe 1444 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 1476 C:\Program Files\Launch Manager\HotkeyApp.exe 1752 C:\Windows\System32\igfxsrvc.exe 1364 C:\Windows\System32\svchost.exe 828 C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe 1496 C:\Windows\System32\svchost.exe 1740 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2060 C:\Windows\System32\svchost.exe 2132 C:\Windows\System32\svchost.exe 2176 C:\Windows\System32\SearchIndexer.exe 2576 WmiPrvSE.exe 2632 C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe 2996 C:\Windows\System32\taskeng.exe 3124 C:\Program Files\Google\Update\GoogleUpdate.exe 3132 C:\Windows\System32\taskeng.exe 3156 C:\Program Files\Launch Manager\WisLMSvc.exe 3324 dllhost.exe 4076 C:\Windows\System32\wbem\unsecapp.exe 2152 C:\Windows\System32\notepad.exe 276 C:\Program Files\Mozilla Firefox\firefox.exe 3608 C:\Windows\System32\SearchProtocolHost.exe 3860 C:\Windows\System32\SearchFilterHost.exe 564 C:\Users\Zaphod\Downloads\MBRCheck.exe 3392 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`80c12600 (NTFS) PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: D7559364D4ED70B962EE3D1B080F121404E36EA2 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! Stephi |
10.04.2011, 19:13 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
15.04.2011, 18:06 | #21 |
| Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Hallo Arne, hatte leider erst jetzt Zeit, die Scans durchzuführen. Antispyware log: Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 04/15/2011 at 06:51 PM Application Version : 4.50.1002 Core Rules Database Version : 6847 Trace Rules Database Version: 4659 Scan type : Complete Scan Total Scan Time : 01:40:39 Memory items scanned : 610 Memory threats detected : 0 Registry items scanned : 10241 Registry threats detected : 0 File items scanned : 141207 File threats detected : 3 Adware.Tracking Cookie serving-sys.com [ C:\Users\Zaphod\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZA3MULHG ] www.pornme.com [ C:\Users\Zaphod\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZA3MULHG ] Application.PowerReg Scheduler C:\WINDOWS\PSS\POWERREG SCHEDULER V3.EXE.STARTUP Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6368 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 15.04.2011 16:08 mbam-log-2011-04-15 (16-08-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Durchsuchte Objekte: 291924 Laufzeit: 1 Stunde(n), 11 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Grüße und , Stephi |
15.04.2011, 18:34 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Sieht nach einem Fehlalarm und zwei Cookies aus. Rechner wieder ok?
__________________ Logfiles bitte immer in CODE-Tags posten |
15.04.2011, 19:34 | #23 |
| Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.Lieber Arne, ja, es ist alles supstens, alle Probleme sind weg (Dass ich, warum auch immer, keine SP's installieren kann, damit muss ich mich wohl abfinden, ist hoffentlich nicht schlimm.) Bin jedenfalls sehr und finde es toll, dass Ihr hier Eure freie Zeit investiert (für Fremde und für lau). Tausend Dank und Grüße aus B, Stephi |
15.04.2011, 20:55 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Wieso kannst du keine SPs installieren? Fehlermeldung? SP1 schon mal manuell versucht zu installieren, danach das SP2? SP1 => Detail Seite Windows Vista Service Pack 1 Five Language Standalone (KB936330) Sp2 => Detail Seite Windows Server 2008 Service Pack 2 und Windows Vista Service Pack 2 - Five Language Standalone (KB948465)
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. |
anti-malware, appdata, dateien, explorer, explorer.exe, funktioniert, funktioniert nicht mehr, google, infected, leitet, malwarebytes, microsoft, nicht mehr, probleme, roaming, software, svchost.exe, system, taskleiste, temp, update, vista, windows, windows dienst, windows update, windows vista, winlogon |