| |
| |||||||
Log-Analyse und Auswertung: Windows-Delayed write failure / Exp./Java.Niabil.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.03.2012, 19:01
| #1 |
| |  Windows-Delayed write failure / Exp./Java.Niabil.Gen Hallo Mitglieder des Trojaner-Boards, habe mir wohl gestern was eingefangen als ich auf einer seriösen Seite eines Motorradmagazins surfte. Avira meldete "Exp./Java.Niabil.Gen" gefunden. Diese Datei wurde dann gelöscht. Kurz danach fuhr der Rechner ohne mein Zutun herunter. Das dauerte ungewöhnlich lange. Nach dem anschließenen autom. Neustart gab´s mehrere Fehlermeldungen. Alle brauchbaren Google-Funde führten zum Trojaner-Board mit individuellen Lösungen. Die Meldungen im Detail: #Beim Start von Windows öffnen sich mehrere Fenster mit Fehlermeldungen "Windows - Delayed Write Failed. Failed to save all components for the file \system32\00005b0a". The file is corrupt or unreadable. The error may be caused by a PC hardware problem." oder andere Adressen. #Es öffnet sich ein Fenster "PC Performance & Stability analysis report", welches auf 8 vermeintliche My Computer, Sytem Drive, RAM Memory bzw. System Registry Error hinweist. Klick auf "Fix Errors" bestätigt die Fehler. Das Fenster lässt sich nicht schließen. #Später erscheint ein weiteres Fenster mit der Meldung "Files indexation process failed". Bei Klick auf "Resolve this issue" öffnet sich ein Internet-Explorer Fenster mit der Adresse www.system-check.com/payments, die mir einen Check für 84,50$ anbietet. #Zwischendurch poppen noch andere Memory- oder Harddrive-error Meldungen kurz auf. #nahezu alle Symbole von meinem Desktop, aus der Startleiste, aus Eigene Dateien sind verschwunden. Avira scannt sie aber noch. #Die gestern auf dem Desktop gespeicherten Logfiles sind auch wieder verschwunden. Offensichtlich sind sie aber noch vorhanden, denn wenn ich z.B. dds neu speichern will, erscheint eine entsprechende Meldung. Wenn ich heute den Defogger starte, erscheint die Meldung "Unable to create log". Ausser im abgesicherten Modus einen kompletten Virenscan habe ich noch nichts gemacht. Ich bin völlig überfordert mit dieser Situation und hoffe daher sehr, mir kann jemand helfen. Hier die neuen log-Files von heute: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by het5due at 17:38:09 on 2012-03-19 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1346 [GMT 1:00] . AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\nvvsvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe D:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe C:\Windows\system32\svchost.exe -k imgsvc C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\alg.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\C&E\OSD\osd.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\WinTV\EPG Services\System\EPGClient.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe C:\ProgramData\ycVEDYkOmkxvLr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Eraser\Eraser.exe C:\Users\het5due\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\ProgramData\41hfZUaSNpqbYO.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Windows\system32\conime.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyServer = http=;ftp=;https=; uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: Winamp Toolbar BHO: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll BHO: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll BHO: AusweisApp 1.7.0.0: {c9ee92b7-edd5-4ad9-8029-2ec6818e653a} - c:\program files\ausweisapp\siqeCardClient.ols BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - No File TB: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No File TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Philips Intelligent Agent] "d:\programme\nas philips\intelligent agent\Philips Intelligent Agent.exe" /SILENT uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide uRun: [SansaDispatch] c:\users\het5due\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe mRun: [OSD] c:\program files\c&e\osd\osd.exe mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [EPGServiceTool] c:\progra~1\wintv\epg services\system\EPGClient.exe mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [<NO NAME>] mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe" mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized mRun: [ycVEDYkOmkxvLr.exe] c:\programdata\ycVEDYkOmkxvLr.exe StartupFolder: c:\users\het5due\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-explorer: NoResolveTrack = 1 (0x1) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Winamp Toolbar Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: cleverreach.com\novastor Trusted Zone: google-analytics.com Trusted Zone: novastor.com DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{92FA38E9-0D30-451C-81E4-D40038BCED69} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{AFE33788-7D80-4C18-BBA2-5BDB35F28FCD} : DhcpNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\het5due\appdata\roaming\mozilla\firefox\profiles\vxuupaa0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\ausweisapp\mozilla\ecardclientpin_ffxx_win\plugins\npeCC30.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll . ============= SERVICES / DRIVERS =============== . R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-2-15 42664] R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-2-23 39472] R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2008-11-12 12288] R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-2-5 212520] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-4-29 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-29 269480] R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-3-4 748440] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-29 66616] R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-5 21504] R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2012-2-1 198160] R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;d:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2011-12-20 196904] R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\starmoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-3-12 690352] R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\drivers\BthAvrcp.sys [2010-2-5 28048] R3 CEBFilter;CEBFilter;c:\program files\c&e\osd\osdservice\cebuffer.sys [2007-9-4 5120] R3 CEIO;CEIO;c:\program files\c&e\osd\osdservice\ceio.sys [2007-8-31 4608] R3 cKBFilter;cKBFilter;c:\program files\c&e\osd\osdservice\kbfiltr.sys [2007-8-31 7168] R3 csr_a2dp;Bluetooth-AV-Profil;c:\windows\system32\drivers\bthav.sys [2010-2-5 66952] R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-1-23 46592] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 40912] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 10448] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-4-1 4232704] S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\symantec\liveupdate\AluSchedulerSvc.exe [2008-1-23 554352] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1c9defe8b3f54b3;Google Update Service (gupdate1c9defe8b3f54b3);c:\program files\google\update\GoogleUpdate.exe [2009-5-27 133104] S2 OsdService;OsdService;c:\program files\c&e\osd\osdservice\OsdService.exe [2007-9-3 53248] S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2011-4-29 406016] S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-27 133104] S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\HCWTVS~1.EXE [2008-2-23 815104] S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [2008-2-23 487424] S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [2008-2-23 15488] S3 SCL01132;SCL011 Contactless Reader;c:\windows\system32\drivers\SCL01132.sys [2010-5-7 61824] S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 EPGService;EPGService;c:\progra~1\wintv\epg services\system\EPGService.exe [2008-2-23 431104] . =============== Created Last 30 ================ . 2012-03-18 12:11:50 356352 ---ha-w- c:\programdata\41hfZUaSNpqbYO.exe 2012-03-18 12:02:30 445440 ---ha-w- c:\programdata\ycVEDYkOmkxvLr.exe 2012-03-17 19:00:41 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4aef6a6c-84e9-496e-b3b3-4d17058d2995}\mpengine.dll 2012-03-12 15:40:08 -------- d-----w- c:\program files\pdfforge Toolbar 2012-03-12 15:40:08 -------- d-----w- c:\program files\common files\Spigot 2012-03-12 15:40:08 -------- d-----w- c:\program files\Application Updater 2012-03-10 16:22:50 -------- d-----w- c:\program files\Das Postleitzahlen-Diagramm 3.8 2012-02-28 17:43:19 -------- d-----w- c:\program files\gs 2012-02-28 17:41:11 -------- d-----w- c:\program files\Ghostgum 2012-02-28 17:20:11 -------- d--h--w- c:\users\het5due\.gnome2 2012-02-28 17:02:09 27664 ----a-w- c:\windows\system32\nitrolocalmon.dll 2012-02-28 17:02:09 18960 ----a-w- c:\windows\system32\nitrolocalui.dll 2012-02-28 17:01:58 -------- d-----w- c:\program files\Nitro PDF 2012-02-22 13:15:48 -------- d--h--w- c:\users\het5due\.thumbnails 2012-02-22 13:14:01 -------- d--h--w- c:\users\het5due\.gimp-2.6 2012-02-22 13:13:28 -------- d-----w- c:\program files\GIMP-2.0 2012-02-21 07:06:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2009-05-21 09:09:19 7349752 ----a-w- c:\program files\FLV PlayerATBSetup.exe . ============= FINISH: 17:38:46,37 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 21.02.2008 11:02:54 System Uptime: 19.03.2012 15:54:10 (2 hours ago) . Motherboard: FUJITSU SIEMENS | | F41 Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 2100/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 100 GiB total, 21,394 GiB free. D: is FIXED (NTFS) - 121 GiB total, 69,101 GiB free. E: is CDROM () R: is FIXED (FAT) - 0 GiB total, 0 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1063: 11.03.2012 15:25:41 - Geplanter Prüfpunkt RP1064: 12.03.2012 17:38:22 - Geplanter Prüfpunkt RP1065: 13.03.2012 08:30:48 - Geplanter Prüfpunkt RP1066: 13.03.2012 20:00:11 - Windows Update RP1067: 14.03.2012 08:30:22 - Geplanter Prüfpunkt RP1068: 15.03.2012 20:11:02 - Installed Garmin Lifetime Updater RP1069: 16.03.2012 10:38:17 - Geplanter Prüfpunkt RP1070: 17.03.2012 20:00:11 - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 7-Zip 4.57 Activation Assistant for the 2007 Microsoft Office suites Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.2) - Deutsch Adobe Shockwave Player 11.5 AnyDVD Apple Application Support Apple Mobile Device Support Apple Software Update Applian FLV Player Ashampoo Registry Cleaner v.1.00 Ashampoo WinOptimizer 6.60 Ask Toolbar Audiograbber 1.83 SE AusweisApp Avira AntiVir Personal - Free Antivirus Bonjour CdCoverCreator 2.5.3 Compatibility Pack für 2007 Office System Conduit Engine CoreFLAC Audio Decoder+Source Filter (remove only) CrystalDiskInfo 4.0.1 Das Postleitzahlen-Diagramm 3.8 Dicker Turm Eraser eReg FirstSteps Diagnostics FLAC 1.2.1b (remove only) Free Hide IP Free M4a to MP3 Converter 7.0 FreeCommander 2009.02b FSCLounge Garmin City Navigator Europe NT 2010 Update Garmin City Navigator Europe NT 2011.40 Update Garmin Communicator Plugin Garmin Lifetime Updater Garmin MapSource Garmin POI Loader Garmin USB Drivers Garmin WebUpdater GIMP 2.6.12 Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Updater GPL Ghostscript GSview 5.0 Hauppauge German Help Files and Resources Hauppauge WinTV Hauppauge WinTV DVB-T EPG Service Hauppauge WinTV Infrared Remote Hauppauge WinTV Scheduler Hauppauge WinTV TV Services Haus zum Haus Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Product Detection inSSIDer 2.0 Intel(R) PROSet/Wireless WiFi-Software InterVideo FilterSDK for Hauppauge IrfanView (remove only) iTunes Java Auto Updater Java(TM) 6 Update 29 Java(TM) 6 Update 3 Java(TM) 6 Update 4 Java(TM) 6 Update 5 KONICA MINOLTA magicolor 1690MF LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Logitech SetPoint 6.22 Müller Foto Marktplatz MediaMonkey 3.2 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (German) 2007 Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Outlook-Sicherung für Persönliche Ordner Microsoft Silverlight Microsoft Sync Framework 2.0 Core Components (x86) ENU Microsoft Sync Framework 2.0 Provider Services (x86) ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mobile Partner Motorola SM56 Data Fax Modem MOTORRAD Tourenplaner 2008/2009 Mozilla Firefox 6.0.2 (x86 de) Mp3tag v2.42 MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyAshampoo Toolbar Nero 7 Essentials neroxml Nitro PDF Professional Nitro PDF Reader 2 NVIDIA Drivers NVIDIA PhysX Opera 11.50 OSDInstall Paragon Partition Manager 2007 PC Inspector File Recovery PDFCreator pdfforge Toolbar v5.1 Philips Intelligent Agent Philips network storage wizard Photo Collage Maker 1.51 Pixum Fotobuch Poensgenpark PVSonyDll QuickPar 0.9 QuickTime QuickTime Alternative 1.81 Radio Decoder Realtek High Definition Audio Driver Safari Sansa Updater SCL011 Generic Contactless Reader Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) ServicePack 1 MOTORRAD Tourenplaner 2008/2009 SpeedFan (remove only) Spelling Dictionaries Support For Adobe Reader 8 Spencerberus System Nucleus StarMoney StarMoney 8.0 Switch Sound File Converter SyncToy 2.1 (x86) TV-Browser 3.1 Tyre Uninstall 1.0.0.1 Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2583910) UseNeXT VideoLAN VLC media player 0.8.6d Virtual DJ - Atomix Productions VTPlus32 für WinTV (German) WavePad Sound Editor WebCam Winamp Winamp Toolbar for Internet Explorer Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) WinRAR Yahoo! Detect Zusatzmodul GPS-Tourenplaner MTP09 . ==== End Of File =========================== GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-03-19 18:41:35 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 Running: ereystyw.exe; Driver: C:\Users\het5due\AppData\Local\Temp\uxtdrpod.sys ---- System - GMER 1.0.15 ---- SSDT 8DBFEEAE ZwCreateSection SSDT 8DBFEEB3 ZwSetContextThread SSDT 8DBFEE4F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 215 82CF7998 4 Bytes [AE, EE, BF, 8D] .text ntkrnlpa.exe!KeSetEvent + 56D 82CF7CF0 4 Bytes [B3, EE, BF, 8D] .text ntkrnlpa.exe!KeSetEvent + 621 82CF7DA4 4 Bytes [4F, EE, BF, 8D] ? C:\Users\het5due\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\ProgramData\41hfZUaSNpqbYO.exe[1960] explorer.exe 03DC1C52 2 Bytes [B4, 00] {MOV AH, 0x0} .text C:\ProgramData\41hfZUaSNpqbYO.exe[1960] explorer.exe 03DC1C56 2 Bytes [B2, 00] {MOV DL, 0x0} .text C:\ProgramData\41hfZUaSNpqbYO.exe[1960] explorer.exe 03DC1C5A 2 Bytes [B4, 00] {MOV AH, 0x0} .text C:\ProgramData\41hfZUaSNpqbYO.exe[1960] explorer.exe 03DC1C5E 2 Bytes [B2, 00] {MOV DL, 0x0} .text C:\ProgramData\41hfZUaSNpqbYO.exe[1960] explorer.exe 03DC1C62 2 Bytes [B2, 00] {MOV DL, 0x0} .text ... .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5504] USER32.dll!SetWindowLongA 7706E7CD 5 Bytes JMP 5EEBA800 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5504] USER32.dll!SetWindowLongW 770713B4 5 Bytes JMP 5EEBA792 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5504] USER32.dll!GetWindowInfo 7707428E 5 Bytes JMP 5ECC229C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5504] USER32.dll!TrackPopupMenu 770814F3 5 Bytes JMP 5ECC2861 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5540] ntdll.dll!LdrLoadDll 773093A8 5 Bytes JMP 01301410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 kbfiltr.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:3492] 9217E26E ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d01dab Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d01dab@000d18a04786 0x3B 0xA5 0x0A 0x2B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d026a1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application@Sources MSDMine?DfSdk Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d01dab (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d01dab@000d18a04786 0x3B 0xA5 0x0A 0x2B ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d026a1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Application@Sources MSDMine?DfSdk ---- EOF - GMER 1.0.15 ---- |
|
19.03.2012, 19:15
| #2 |
| /// Malware-holic   | Windows-Delayed write failure / Exp./Java.Niabil.Gen hi,
__________________ist es möglich den link zur infizierten seite als private nachicht zu bekommen?
__________________ |
|
25.03.2012, 18:15
| #3 | |
| | Windows-Delayed write failure / Exp./Java.Niabil.GenZitat:
den link zur infizierten seite habe habe ich vorige woche per pn geschickt. Avira hat in c:\ProgramData\ycVEDYuOmkxvlr.exe denVirus TR/FakeSysdef.kox gefunden und gelöscht. Durch ausführen von unhide.exe sind die daten wieder sichtbar, das startmenue ist aber noch unvollständig. Habe inzwischen unter dem Thema "Neuer fall des windows sperr virus mit bezahlaufforderung" wohl einen leidensgenossen gefunden. Die darin beschriebenen scans mit Malwarebytes und eset habe ich ausgeführt. Malwareytes hat drei threats gefunden und gelöscht, eset 13, die nicht beseitigt werden können. Hier die logs. Kann mir bitte jemand weiterhelfen? Schon jetzt mal Danke und noch einen schönen Sonntag! Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.21.04 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 het5due :: AMILOXI [Administrator] 21.03.2012 17:30:19 mbam-log-2012-03-21 (17-30-19).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206884 Laufzeit: 4 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.21.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 het5due :: AMILOXI [Administrator] 25.03.2012 12:40:06 mbam-log-2012-03-25 (12-40-06).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 404114 Laufzeit: 1 Stunde(n), 31 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 D:\Eigene Daten\Downloads\WirelessKeyView\wirelesskeyview131\WirelessKeyView.exe (PUP.WirelessKeyView) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\UseNext\wizard\1_Software\Adobe Acrobat X Pro v10.0.1 Multilingual - by Nald\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\UseNext\wizard\1_Software\Adobe Acrobat X Pro v10.0.1 Multilingual - by Nald\CORE\keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=30d10126c033c94680d7a191f21c0571 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-03-21 06:39:33 # local_time=2012-03-21 07:39:33 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775166 100 94 277977 68885125 77270 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 41883 169881032 0 0 # compatibility_mode=8192 67108863 100 0 3904 3904 0 0 # scanned=219906 # found=14 # cleaned=0 # scan_time=6868 C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RW6AF5A.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I ${Memory} a variant of Win32/Adware.Toolbar.Dealio application 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=30d10126c033c94680d7a191f21c0571 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-03-21 08:37:01 # local_time=2012-03-21 09:37:01 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775166 100 94 285227 68892375 84520 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 49133 169888282 0 0 # compatibility_mode=8192 67108863 100 0 11154 11154 0 0 # scanned=219883 # found=13 # cleaned=0 # scan_time=6666 C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RW6AF5A.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internet# version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=30d10126c033c94680d7a191f21c0571 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-03-25 09:59:51 # local_time=2012-03-25 11:59:51 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775166 100 94 595869 69203017 391562 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 359775 170198924 0 0 # compatibility_mode=8192 67108863 100 0 287 287 0 0 # scanned=116875 # found=13 # cleaned=0 # scan_time=3394 C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R1KVPZY.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R5J2BAM.7 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R5NYRHK.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R7DLEMK.10 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R7NESUD.exe probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R91M614.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RBKSES3.12 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RNA98NH.8 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RRCOFFR.9 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RW6AF5A.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RXGMX43.11 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RYNFN5M.6 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RZZM19P.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=30d10126c033c94680d7a191f21c0571 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-03-25 04:24:56 # local_time=2012-03-25 06:24:56 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775166 100 94 615657 69222805 411350 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 18937 170218712 0 0 # compatibility_mode=8192 67108863 100 0 20075 20075 0 0 # scanned=220220 # found=13 # cleaned=0 # scan_time=6712 C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R1KVPZY.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R5J2BAM.7 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R5NYRHK.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R7DLEMK.10 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R7NESUD.exe probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R91M614.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RBKSES3.12 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RNA98NH.8 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RRCOFFR.9 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RW6AF5A.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RXGMX43.11 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RYNFN5M.6 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RZZM19P.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I |
|
25.03.2012, 18:25
| #4 |
| /// Malware-holic | Windows-Delayed write failure / Exp./Java.Niabil.Gen D:\UseNext\wizard\1_Software\Adobe Acrobat X Pro v10.0.1 Multilingual - by Nald\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und damit ist der suport beendet, illegal geladene und gecrackte software unterstützen wir hier nicht. da gibts nur hilfe beim formatieren und neu aufsetzen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.03.2012, 20:29
| #5 |
| | Windows-Delayed write failure / Exp./Java.Niabil.Gen Danke für die Info! Sorry, das habe ich nicht gewusst, nicht runtergeladen, nicht installiert und daher den kompletten Ordner soeben komplett gelöscht. Wenn ich´s richtig sehe war das Prg. nicht installiert. Gruß het5due25 |
|
26.03.2012, 10:02
| #6 |
| /// Malware-holic | Windows-Delayed write failure / Exp./Java.Niabil.Gen das ist egal, wie gesagt sind die forenregeln da deutlich.
__________________ --> Windows-Delayed write failure / Exp./Java.Niabil.Gen |
|
| Themen zu Windows-Delayed write failure / Exp./Java.Niabil.Gen |
| 32 bit, acrobat update, antivir, antivir guard, askbar, bonjour, computer, converter, cpu, defender, desktop, eraser, error, firefox, flash player, fontcache, ftp, getwindowinfo, google earth, home, mehrere fenster, mozilla, mp3, ntdll.dll, office 2007, pdfforge toolbar, performance, plug-in, registry, registry cleaner, rundll, scan, security, security update, software, starmoney, start von windows, svchost.exe, symantec, system, vista 32 bit, windows |
Linear-Darstellung
