Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows-Delayed write failure / Exp./Java.Niabil.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 19.03.2012, 19:01   #1
het5due25
 
Windows-Delayed write failure / Exp./Java.Niabil.Gen - Standard

Windows-Delayed write failure / Exp./Java.Niabil.Gen



Hallo Mitglieder des Trojaner-Boards,

habe mir wohl gestern was eingefangen als ich auf einer seriösen Seite eines Motorradmagazins surfte.
Avira meldete "Exp./Java.Niabil.Gen" gefunden. Diese Datei wurde dann gelöscht. Kurz danach fuhr der Rechner ohne mein Zutun herunter. Das dauerte ungewöhnlich lange. Nach dem anschließenen autom. Neustart gab´s mehrere Fehlermeldungen. Alle brauchbaren Google-Funde führten zum Trojaner-Board mit individuellen Lösungen.

Die Meldungen im Detail:

#Beim Start von Windows öffnen sich mehrere Fenster mit Fehlermeldungen "Windows - Delayed Write Failed. Failed to save all components for the file \system32\00005b0a". The file is corrupt or unreadable. The error may be caused by a PC hardware problem." oder andere Adressen.

#Es öffnet sich ein Fenster "PC Performance & Stability analysis report", welches auf 8 vermeintliche My Computer, Sytem Drive, RAM Memory bzw. System Registry Error hinweist. Klick auf "Fix Errors" bestätigt die Fehler. Das Fenster lässt sich nicht schließen.

#Später erscheint ein weiteres Fenster mit der Meldung "Files indexation process failed". Bei Klick auf "Resolve this issue" öffnet sich ein Internet-Explorer Fenster mit der Adresse www.system-check.com/payments, die mir einen Check für 84,50$ anbietet.

#Zwischendurch poppen noch andere Memory- oder Harddrive-error Meldungen kurz auf.

#nahezu alle Symbole von meinem Desktop, aus der Startleiste, aus Eigene Dateien sind verschwunden. Avira scannt sie aber noch.

#Die gestern auf dem Desktop gespeicherten Logfiles sind auch wieder verschwunden. Offensichtlich sind sie aber noch vorhanden, denn wenn ich z.B. dds neu speichern will, erscheint eine entsprechende Meldung. Wenn ich heute den Defogger starte, erscheint die Meldung "Unable to create log".

Ausser im abgesicherten Modus einen kompletten Virenscan habe ich noch nichts gemacht.

Ich bin völlig überfordert mit dieser Situation und hoffe daher sehr, mir kann jemand helfen. Hier die neuen log-Files von heute:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by het5due at 17:38:09 on 2012-03-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1346 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
D:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\C&E\OSD\osd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\ProgramData\ycVEDYkOmkxvLr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Eraser\Eraser.exe
C:\Users\het5due\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ProgramData\41hfZUaSNpqbYO.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = http=;ftp=;https=;
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Winamp Toolbar BHO: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
BHO: AusweisApp 1.7.0.0: {c9ee92b7-edd5-4ad9-8029-2ec6818e653a} - c:\program files\ausweisapp\siqeCardClient.ols
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - No File
TB: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No File
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Philips Intelligent Agent] "d:\programme\nas philips\intelligent agent\Philips Intelligent Agent.exe" /SILENT
uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide
uRun: [SansaDispatch] c:\users\het5due\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [OSD] c:\program files\c&e\osd\osd.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [EPGServiceTool] c:\progra~1\wintv\epg services\system\EPGClient.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [ycVEDYkOmkxvLr.exe] c:\programdata\ycVEDYkOmkxvLr.exe
StartupFolder: c:\users\het5due\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Toolbar Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{92FA38E9-0D30-451C-81E4-D40038BCED69} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AFE33788-7D80-4C18-BBA2-5BDB35F28FCD} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\het5due\appdata\roaming\mozilla\firefox\profiles\vxuupaa0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\ausweisapp\mozilla\ecardclientpin_ffxx_win\plugins\npeCC30.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-2-15 42664]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-2-23 39472]
R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2008-11-12 12288]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-2-5 212520]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-4-29 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-29 269480]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-3-4 748440]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-29 66616]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-5 21504]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2012-2-1 198160]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;d:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2011-12-20 196904]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\starmoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-3-12 690352]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\drivers\BthAvrcp.sys [2010-2-5 28048]
R3 CEBFilter;CEBFilter;c:\program files\c&e\osd\osdservice\cebuffer.sys [2007-9-4 5120]
R3 CEIO;CEIO;c:\program files\c&e\osd\osdservice\ceio.sys [2007-8-31 4608]
R3 cKBFilter;cKBFilter;c:\program files\c&e\osd\osdservice\kbfiltr.sys [2007-8-31 7168]
R3 csr_a2dp;Bluetooth-AV-Profil;c:\windows\system32\drivers\bthav.sys [2010-2-5 66952]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-1-23 46592]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 10448]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-4-1 4232704]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\symantec\liveupdate\AluSchedulerSvc.exe [2008-1-23 554352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9defe8b3f54b3;Google Update Service (gupdate1c9defe8b3f54b3);c:\program files\google\update\GoogleUpdate.exe [2009-5-27 133104]
S2 OsdService;OsdService;c:\program files\c&e\osd\osdservice\OsdService.exe [2007-9-3 53248]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2011-4-29 406016]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-27 133104]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\HCWTVS~1.EXE [2008-2-23 815104]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [2008-2-23 487424]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [2008-2-23 15488]
S3 SCL01132;SCL011 Contactless Reader;c:\windows\system32\drivers\SCL01132.sys [2010-5-7 61824]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 EPGService;EPGService;c:\progra~1\wintv\epg services\system\EPGService.exe [2008-2-23 431104]
.
=============== Created Last 30 ================
.
2012-03-18 12:11:50 356352 ---ha-w- c:\programdata\41hfZUaSNpqbYO.exe
2012-03-18 12:02:30 445440 ---ha-w- c:\programdata\ycVEDYkOmkxvLr.exe
2012-03-17 19:00:41 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4aef6a6c-84e9-496e-b3b3-4d17058d2995}\mpengine.dll
2012-03-12 15:40:08 -------- d-----w- c:\program files\pdfforge Toolbar
2012-03-12 15:40:08 -------- d-----w- c:\program files\common files\Spigot
2012-03-12 15:40:08 -------- d-----w- c:\program files\Application Updater
2012-03-10 16:22:50 -------- d-----w- c:\program files\Das Postleitzahlen-Diagramm 3.8
2012-02-28 17:43:19 -------- d-----w- c:\program files\gs
2012-02-28 17:41:11 -------- d-----w- c:\program files\Ghostgum
2012-02-28 17:20:11 -------- d--h--w- c:\users\het5due\.gnome2
2012-02-28 17:02:09 27664 ----a-w- c:\windows\system32\nitrolocalmon.dll
2012-02-28 17:02:09 18960 ----a-w- c:\windows\system32\nitrolocalui.dll
2012-02-28 17:01:58 -------- d-----w- c:\program files\Nitro PDF
2012-02-22 13:15:48 -------- d--h--w- c:\users\het5due\.thumbnails
2012-02-22 13:14:01 -------- d--h--w- c:\users\het5due\.gimp-2.6
2012-02-22 13:13:28 -------- d-----w- c:\program files\GIMP-2.0
2012-02-21 07:06:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2009-05-21 09:09:19 7349752 ----a-w- c:\program files\FLV PlayerATBSetup.exe
.
============= FINISH: 17:38:46,37 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 21.02.2008 11:02:54
System Uptime: 19.03.2012 15:54:10 (2 hours ago)
.
Motherboard: FUJITSU SIEMENS | | F41
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 2100/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 21,394 GiB free.
D: is FIXED (NTFS) - 121 GiB total, 69,101 GiB free.
E: is CDROM ()
R: is FIXED (FAT) - 0 GiB total, 0 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1063: 11.03.2012 15:25:41 - Geplanter Prüfpunkt
RP1064: 12.03.2012 17:38:22 - Geplanter Prüfpunkt
RP1065: 13.03.2012 08:30:48 - Geplanter Prüfpunkt
RP1066: 13.03.2012 20:00:11 - Windows Update
RP1067: 14.03.2012 08:30:22 - Geplanter Prüfpunkt
RP1068: 15.03.2012 20:11:02 - Installed Garmin Lifetime Updater
RP1069: 16.03.2012 10:38:17 - Geplanter Prüfpunkt
RP1070: 17.03.2012 20:00:11 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.57
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2) - Deutsch
Adobe Shockwave Player 11.5
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Ashampoo Registry Cleaner v.1.00
Ashampoo WinOptimizer 6.60
Ask Toolbar
Audiograbber 1.83 SE
AusweisApp
Avira AntiVir Personal - Free Antivirus
Bonjour
CdCoverCreator 2.5.3
Compatibility Pack für 2007 Office System
Conduit Engine
CoreFLAC Audio Decoder+Source Filter (remove only)
CrystalDiskInfo 4.0.1
Das Postleitzahlen-Diagramm 3.8
Dicker Turm
Eraser
eReg
FirstSteps Diagnostics
FLAC 1.2.1b (remove only)
Free Hide IP
Free M4a to MP3 Converter 7.0
FreeCommander 2009.02b
FSCLounge
Garmin City Navigator Europe NT 2010 Update
Garmin City Navigator Europe NT 2011.40 Update
Garmin Communicator Plugin
Garmin Lifetime Updater
Garmin MapSource
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
GIMP 2.6.12
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPL Ghostscript
GSview 5.0
Hauppauge German Help Files and Resources
Hauppauge WinTV
Hauppauge WinTV DVB-T EPG Service
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV TV Services
Haus zum Haus
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Product Detection
inSSIDer 2.0
Intel(R) PROSet/Wireless WiFi-Software
InterVideo FilterSDK for Hauppauge
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
KONICA MINOLTA magicolor 1690MF
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech SetPoint 6.22
Müller Foto
Marktplatz
MediaMonkey 3.2
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Outlook-Sicherung für Persönliche Ordner
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mobile Partner
Motorola SM56 Data Fax Modem
MOTORRAD Tourenplaner 2008/2009
Mozilla Firefox 6.0.2 (x86 de)
Mp3tag v2.42
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyAshampoo Toolbar
Nero 7 Essentials
neroxml
Nitro PDF Professional
Nitro PDF Reader 2
NVIDIA Drivers
NVIDIA PhysX
Opera 11.50
OSDInstall
Paragon Partition Manager 2007
PC Inspector File Recovery
PDFCreator
pdfforge Toolbar v5.1
Philips Intelligent Agent
Philips network storage wizard
Photo Collage Maker 1.51
Pixum Fotobuch
Poensgenpark
PVSonyDll
QuickPar 0.9
QuickTime
QuickTime Alternative 1.81
Radio Decoder
Realtek High Definition Audio Driver
Safari
Sansa Updater
SCL011 Generic Contactless Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
ServicePack 1 MOTORRAD Tourenplaner 2008/2009
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
Spencerberus System Nucleus
StarMoney
StarMoney 8.0
Switch Sound File Converter
SyncToy 2.1 (x86)
TV-Browser 3.1
Tyre
Uninstall 1.0.0.1
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
UseNeXT
VideoLAN VLC media player 0.8.6d
Virtual DJ - Atomix Productions
VTPlus32 für WinTV (German)
WavePad Sound Editor
WebCam
Winamp
Winamp Toolbar for Internet Explorer
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
WinRAR
Yahoo! Detect
Zusatzmodul GPS-Tourenplaner MTP09
.
==== End Of File ===========================

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-19 18:41:35
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: ereystyw.exe; Driver: C:\Users\het5due\AppData\Local\Temp\uxtdrpod.sys


---- System - GMER 1.0.15 ----

SSDT 8DBFEEAE ZwCreateSection
SSDT 8DBFEEB3 ZwSetContextThread
SSDT 8DBFEE4F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 215 82CF7998 4 Bytes [AE, EE, BF, 8D]
.text ntkrnlpa.exe!KeSetEvent + 56D 82CF7CF0 4 Bytes [B3, EE, BF, 8D]
.text ntkrnlpa.exe!KeSetEvent + 621 82CF7DA4 4 Bytes [4F, EE, BF, 8D]
? C:\Users\het5due\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\ProgramData\41hfZUaSNpqbYO.exe[1960] explorer.exe 03DC1C52 2 Bytes [B4, 00] {MOV AH, 0x0}
.text C:\ProgramData\41hfZUaSNpqbYO.exe[1960] explorer.exe 03DC1C56 2 Bytes [B2, 00] {MOV DL, 0x0}
.text C:\ProgramData\41hfZUaSNpqbYO.exe[1960] explorer.exe 03DC1C5A 2 Bytes [B4, 00] {MOV AH, 0x0}
.text C:\ProgramData\41hfZUaSNpqbYO.exe[1960] explorer.exe 03DC1C5E 2 Bytes [B2, 00] {MOV DL, 0x0}
.text C:\ProgramData\41hfZUaSNpqbYO.exe[1960] explorer.exe 03DC1C62 2 Bytes [B2, 00] {MOV DL, 0x0}
.text ...
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5504] USER32.dll!SetWindowLongA 7706E7CD 5 Bytes JMP 5EEBA800 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5504] USER32.dll!SetWindowLongW 770713B4 5 Bytes JMP 5EEBA792 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5504] USER32.dll!GetWindowInfo 7707428E 5 Bytes JMP 5ECC229C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5504] USER32.dll!TrackPopupMenu 770814F3 5 Bytes JMP 5ECC2861 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5540] ntdll.dll!LdrLoadDll 773093A8 5 Bytes JMP 01301410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 kbfiltr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:3492] 9217E26E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d01dab
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d01dab@000d18a04786 0x3B 0xA5 0x0A 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d026a1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application@Sources MSDMine?DfSdk
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d01dab (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d01dab@000d18a04786 0x3B 0xA5 0x0A 0x2B ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d026a1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Application@Sources MSDMine?DfSdk

---- EOF - GMER 1.0.15 ----

Alt 19.03.2012, 19:15   #2
markusg
/// Malware-holic
 
Windows-Delayed write failure / Exp./Java.Niabil.Gen - Standard

Windows-Delayed write failure / Exp./Java.Niabil.Gen



hi,
ist es möglich den link zur infizierten seite als private nachicht zu bekommen?
__________________

__________________

Alt 25.03.2012, 18:15   #3
het5due25
 
Windows-Delayed write failure / Exp./Java.Niabil.Gen - Standard

Windows-Delayed write failure / Exp./Java.Niabil.Gen



Zitat:
Zitat von markusg Beitrag anzeigen
hi,
ist es möglich den link zur infizierten seite als private nachicht zu bekommen?
Hallo markusg,

den link zur infizierten seite habe habe ich vorige woche per pn geschickt.

Avira hat in c:\ProgramData\ycVEDYuOmkxvlr.exe denVirus TR/FakeSysdef.kox gefunden und gelöscht. Durch ausführen von unhide.exe sind die daten wieder sichtbar, das startmenue ist aber noch unvollständig.

Habe inzwischen unter dem Thema "Neuer fall des windows sperr virus mit bezahlaufforderung" wohl einen leidensgenossen gefunden.
Die darin beschriebenen scans mit Malwarebytes und eset habe ich ausgeführt. Malwareytes hat drei threats gefunden und gelöscht, eset 13, die nicht beseitigt werden können. Hier die logs. Kann mir bitte jemand weiterhelfen? Schon jetzt mal Danke und noch einen schönen Sonntag!

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.21.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
het5due :: AMILOXI [Administrator]

21.03.2012 17:30:19
mbam-log-2012-03-21 (17-30-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206884
Laufzeit: 4 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.21.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
het5due :: AMILOXI [Administrator]

25.03.2012 12:40:06
mbam-log-2012-03-25 (12-40-06).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 404114
Laufzeit: 1 Stunde(n), 31 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
D:\Eigene Daten\Downloads\WirelessKeyView\wirelesskeyview131\WirelessKeyView.exe (PUP.WirelessKeyView) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\UseNext\wizard\1_Software\Adobe Acrobat X Pro v10.0.1 Multilingual - by Nald\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\UseNext\wizard\1_Software\Adobe Acrobat X Pro v10.0.1 Multilingual - by Nald\CORE\keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)




ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=30d10126c033c94680d7a191f21c0571
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-21 06:39:33
# local_time=2012-03-21 07:39:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775166 100 94 277977 68885125 77270 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 41883 169881032 0 0
# compatibility_mode=8192 67108863 100 0 3904 3904 0 0
# scanned=219906
# found=14
# cleaned=0
# scan_time=6868
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RW6AF5A.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Application Updater\ApplicationUpdater.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
${Memory}	a variant of Win32/Adware.Toolbar.Dealio application	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=30d10126c033c94680d7a191f21c0571
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-21 08:37:01
# local_time=2012-03-21 09:37:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775166 100 94 285227 68892375 84520 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 49133 169888282 0 0
# compatibility_mode=8192 67108863 100 0 11154 11154 0 0
# scanned=219883
# found=13
# cleaned=0
# scan_time=6666
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RW6AF5A.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Application Updater\ApplicationUpdater.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I


ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=30d10126c033c94680d7a191f21c0571
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-25 09:59:51
# local_time=2012-03-25 11:59:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775166 100 94 595869 69203017 391562 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 359775 170198924 0 0
# compatibility_mode=8192 67108863 100 0 287 287 0 0
# scanned=116875
# found=13
# cleaned=0
# scan_time=3394
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R1KVPZY.5	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R5J2BAM.7	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R5NYRHK.dll	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R7DLEMK.10	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R7NESUD.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R91M614.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RBKSES3.12	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RNA98NH.8	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RRCOFFR.9	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RW6AF5A.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RXGMX43.11	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RYNFN5M.6	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RZZM19P.exe	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=30d10126c033c94680d7a191f21c0571
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-25 04:24:56
# local_time=2012-03-25 06:24:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775166 100 94 615657 69222805 411350 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 18937 170218712 0 0
# compatibility_mode=8192 67108863 100 0 20075 20075 0 0
# scanned=220220
# found=13
# cleaned=0
# scan_time=6712
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R1KVPZY.5	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R5J2BAM.7	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R5NYRHK.dll	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R7DLEMK.10	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R7NESUD.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$R91M614.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RBKSES3.12	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RNA98NH.8	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RRCOFFR.9	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RW6AF5A.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RXGMX43.11	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RYNFN5M.6	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-3912173562-2122318401-1964717987-1000\$RZZM19P.exe	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
         
__________________

Alt 25.03.2012, 18:25   #4
markusg
/// Malware-holic
 
Windows-Delayed write failure / Exp./Java.Niabil.Gen - Standard

Windows-Delayed write failure / Exp./Java.Niabil.Gen



D:\UseNext\wizard\1_Software\Adobe Acrobat X Pro v10.0.1 Multilingual - by Nald\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und
damit ist der suport beendet, illegal geladene und gecrackte software unterstützen wir hier nicht.
da gibts nur hilfe beim formatieren und neu aufsetzen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.03.2012, 20:29   #5
het5due25
 
Windows-Delayed write failure / Exp./Java.Niabil.Gen - Standard

Windows-Delayed write failure / Exp./Java.Niabil.Gen



Danke für die Info!
Sorry, das habe ich nicht gewusst, nicht runtergeladen, nicht installiert und daher den kompletten Ordner soeben komplett gelöscht. Wenn ich´s richtig sehe war das Prg. nicht installiert.

Gruß
het5due25


Alt 26.03.2012, 10:02   #6
markusg
/// Malware-holic
 
Windows-Delayed write failure / Exp./Java.Niabil.Gen - Standard

Windows-Delayed write failure / Exp./Java.Niabil.Gen



das ist egal, wie gesagt sind die forenregeln da deutlich.
__________________
--> Windows-Delayed write failure / Exp./Java.Niabil.Gen

Antwort

Themen zu Windows-Delayed write failure / Exp./Java.Niabil.Gen
32 bit, acrobat update, antivir, antivir guard, askbar, bonjour, computer, converter, cpu, defender, desktop, eraser, error, firefox, flash player, fontcache, ftp, getwindowinfo, google earth, home, mehrere fenster, mozilla, mp3, ntdll.dll, office 2007, pdfforge toolbar, performance, plug-in, registry, registry cleaner, rundll, scan, security, security update, software, starmoney, start von windows, svchost.exe, symantec, system, vista 32 bit, windows



Ähnliche Themen: Windows-Delayed write failure / Exp./Java.Niabil.Gen


  1. Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG
    Log-Analyse und Auswertung - 02.04.2012 (18)
  2. Windows-Delayed Write Failed
    Log-Analyse und Auswertung - 25.03.2012 (3)
  3. Windows - Delayed Write Failed
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (1)
  4. Fehlermeldung Windows - Delayed Write Failed. Alle Daten weg?
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (18)
  5. Windows Delayed Write Failed (Dateien weg, Bildschirm schwarz,kein Internet)
    Plagegeister aller Art und deren Bekämpfung - 01.03.2012 (1)
  6. [Windows 7] Windows - Delayed Write Failed
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (3)
  7. windows - Delayed Write Failed
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (37)
  8. Festplatte weg, windows - delayed write failed & weitere Fehler
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (4)
  9. Windows - Delayed Write Failed (2012-01-25)
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (45)
  10. Hard drive clusters are partly damaged / Windows - Delayed Write Failed / Critical Error und andere
    Plagegeister aller Art und deren Bekämpfung - 24.01.2012 (1)
  11. Windows - Delayed Write Failed
    Log-Analyse und Auswertung - 25.12.2011 (2)
  12. Windows detected a hard disk problem / Windows - Delayed Write Failed
    Plagegeister aller Art und deren Bekämpfung - 12.12.2011 (8)
  13. Windows - Delayed Write Failed/Windows detected a hard disk problem
    Log-Analyse und Auswertung - 12.12.2011 (1)
  14. WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 25.11.2011 (7)
  15. Windows Delayed Write File, auch bei mir!
    Log-Analyse und Auswertung - 11.11.2011 (31)
  16. schwarzer Bildschirm, windows delayed write failed
    Plagegeister aller Art und deren Bekämpfung - 19.10.2011 (16)
  17. schwarzer Bildschirm, windows delayed write failed
    Log-Analyse und Auswertung - 18.10.2011 (17)

Zum Thema Windows-Delayed write failure / Exp./Java.Niabil.Gen - Hallo Mitglieder des Trojaner-Boards, habe mir wohl gestern was eingefangen als ich auf einer seriösen Seite eines Motorradmagazins surfte. Avira meldete "Exp./Java.Niabil.Gen" gefunden. Diese Datei wurde dann gelöscht. Kurz danach - Windows-Delayed write failure / Exp./Java.Niabil.Gen...
Archiv
Du betrachtest: Windows-Delayed write failure / Exp./Java.Niabil.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.