| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.10.2012, 21:29
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.10.2012, 06:27
| #17 |
 | Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"Code:
ATTFilter ComboFix 12-10-04.02 - Stefan 07.10.2012 23:02:26.1.2 - x86
ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\ExcellentAdDisplay
c:\program files\ExcellentAdDisplay\uninstall.exe
c:\program files\Windows Live\Messenger\msacm32.dll
c:\users\Stefan\AppData\Roaming\AcroIEHelpe.txt
c:\users\Stefan\AppData\Roaming\srvblck2.tmp
c:\users\Stefan\Favorites\mxfilerelatedcache.mxc2
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
c:\windows\system32\comres.dll . . . ist infiziert!!
.
Infizierte Kopie von c:\windows\system32\comres.dll wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_2cb0dad7e631d923\comres.dll wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-08 bis 2012-10-08 ))))))))))))))))))))))))))))))
.
.
2012-10-07 21:12 . 2012-10-08 05:11 -------- d-----w- c:\users\Stefan\AppData\Local\temp
2012-10-07 21:12 . 2012-10-07 21:12 -------- d-----w- c:\users\Mika\AppData\Local\temp
2012-10-07 21:12 . 2012-10-07 21:12 -------- d-----w- c:\users\Marek\AppData\Local\temp
2012-10-07 21:12 . 2012-10-07 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-07 21:12 . 2012-10-07 21:12 -------- d-----w- c:\users\Alexandra\AppData\Local\temp
2012-10-07 21:11 . 2008-01-19 05:48 1291264 ----a-w- c:\windows\system32\comres.dll
2012-10-07 20:11 . 2012-10-07 20:11 -------- d-----w- C:\_OTL
2012-10-05 18:19 . 2012-10-05 18:19 -------- d-----w- c:\program files\ESET
2012-09-10 17:49 . 2012-09-10 17:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-10 17:49 . 2012-09-10 17:49 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-10 17:49 . 2010-09-29 17:02 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 15:04 . 2011-01-17 18:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 17:32 . 2012-03-31 15:40 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-03 17:32 . 2011-05-19 05:54 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 21:08 . 2012-08-30 21:08 6656 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"EaseUs Watch"="c:\program files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 69000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-04-30 1086760]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Server4PC.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk
backup=c:\windows\pss\Server4PC.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 13:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2006-10-04 15:41 86016 ----a-w- c:\magix\Video_deluxe_2007_PLUS\Trayserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:32]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 16:57]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 16:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = hxxp://www.google.com/ie
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-IMBooster - c:\program files\Iminent\IMBooster\imbooster.exe
AddRemove-Worms2 - c:\windows\IsUn0407.exe
AddRemove-UnityWebPlayer - c:\users\Stefan\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-08 07:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1524)
c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\EASEUS\Todo Backup 2.0\bin\Agent.exe
c:\program files\Motorola\MotoHelper\MotoHelperService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-08 07:15:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-08 05:15
.
Vor Suchlauf: 16 Verzeichnis(se), 120.038.522.880 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 126.102.495.232 Bytes frei
.
- - End Of File - - AE193780CBFBCE4E1A38995DC0C99E97
|
|
08.10.2012, 11:36
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" Combofix - Scripten
__________________1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Dirlook::
c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}
Filelook::
c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
08.10.2012, 19:13
| #19 | |
| | Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" Hallo! Nach dem Start erhalte ich folgende Meldung, dann bricht das Programm ab. Zitat:
|
|
09.10.2012, 10:39
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2012, 18:36
| #21 |
| | Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" Kein Problem, das tut meiner begeisterung über diesen Service hier keinen Abbruch! Die Datei heißt log.txt, aber ich denke, die ist gemeint... Code:
ATTFilter ComboFix 12-10-09.01 - Stefan 09.10.2012 19:20:36.1.2 - x86
ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Stefan\Desktop\CFScript.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-09 bis 2012-10-09 ))))))))))))))))))))))))))))))
.
.
2012-10-09 17:31 . 2012-10-09 17:31 -------- d-----w- c:\users\Stefan\AppData\Local\temp
2012-10-09 17:31 . 2012-10-09 17:31 -------- d-----w- c:\users\Mika\AppData\Local\temp
2012-10-09 17:31 . 2012-10-09 17:31 -------- d-----w- c:\users\Marek\AppData\Local\temp
2012-10-09 17:31 . 2012-10-09 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 17:31 . 2012-10-09 17:31 -------- d-----w- c:\users\Alexandra\AppData\Local\temp
2012-10-07 21:11 . 2008-01-19 05:48 1291264 ----a-w- c:\windows\system32\comres.dll
2012-10-07 20:11 . 2012-10-07 20:11 -------- d-----w- C:\_OTL
2012-10-05 18:19 . 2012-10-05 18:19 -------- d-----w- c:\program files\ESET
2012-09-10 17:49 . 2012-09-10 17:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-10 17:49 . 2012-09-10 17:49 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 19:06 . 2012-03-31 15:40 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 19:06 . 2011-05-19 05:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-10 17:49 . 2010-09-29 17:02 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 15:04 . 2011-01-17 18:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 21:08 . 2012-08-30 21:08 6656 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 6656
Created time: 2012-08-30 21:08
Modified time: 2012-08-30 21:08
MD5: 7E5E80A7E78D6C6C181E1ED23E57FD06
SHA1: 54D55F37FD9ACC06E7474FFC72F2EB5A3E9E677E
.
---- Directory of c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98} ----
.
2012-08-30 21:08 . 2012-08-30 21:08 6656 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"EaseUs Watch"="c:\program files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 69000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-04-30 1086760]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Server4PC.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk
backup=c:\windows\pss\Server4PC.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 13:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2006-10-04 15:41 86016 ----a-w- c:\magix\Video_deluxe_2007_PLUS\Trayserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:06]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 16:57]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 16:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = hxxp://www.google.com/ie
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-09 19:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5460)
c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Zeit der Fertigstellung: 2012-10-09 19:34:02
ComboFix-quarantined-files.txt 2012-10-09 17:34
ComboFix2.txt 2012-10-08 05:15
.
Vor Suchlauf: 19 Verzeichnis(se), 122.669.768.704 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 122.703.675.392 Bytes frei
.
- - End Of File - - 34958095763F88146474D56E6649323A
|
|
09.10.2012, 19:14
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"Code:
ATTFilter c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2012, 19:41
| #23 |
| | Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" https://www.virustotal.com/file/6af6f4e69e9e509a41df3ab89f1abc1c139b199aa6631852590a7f6d6a296e9c/analysis/1349807951/ |
|
09.10.2012, 20:00
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2012, 22:06
| #25 |
| | Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" Zunächst Gmer: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-09 23:03:53
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005b ST350083 rev.3.AA
Running: j7r0yzdj.exe; Driver: C:\Users\Stefan\AppData\Local\Temp\ugdiqpob.sys
---- System - GMER 1.0.15 ----
SSDT 8DE9F546 ZwCreateSection
SSDT 8DE9F550 ZwRequestWaitReplyPort
SSDT 8DE9F54B ZwSetContextThread
SSDT 8DE9F555 ZwSetSecurityObject
SSDT 8DE9F55A ZwSystemDebugControl
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8E629640]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 82EAC8D8 4 Bytes [46, F5, E9, 8D]
.text ntkrnlpa.exe!KeSetEvent + 539 82EACBFC 4 Bytes [50, F5, E9, 8D]
.text ntkrnlpa.exe!KeSetEvent + 56D 82EACC30 4 Bytes [4B, F5, E9, 8D]
.text ntkrnlpa.exe!KeSetEvent + 5D1 82EACC94 4 Bytes [55, F5, E9, 8D]
.text ntkrnlpa.exe!KeSetEvent + 619 82EACCDC 4 Bytes [5A, F5, E9, 8D]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D005340, 0x39ED97, 0xE8000020]
.text C:\Windows\system32\drivers\ACEDRV07.sys section is writeable [0x9C604000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0x9C648000]
.relo2 C:\Windows\system32\drivers\ACEDRV07.sys unknown last section [0x9C664000, 0x8E, 0x42000040]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9F512300, 0x3AF78, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9F555300, 0x1BCE, 0xE8000020]
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\Stefan\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [73F97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73FDB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73F9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73F8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73F975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73F8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FC73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73F9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [73F8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [73F8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73F871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7401CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73FBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73F8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [73F86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73F8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73F92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy11 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy12 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy13 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy20 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy14 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy21 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy22 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy15 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy23 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy16 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy24 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy17 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy25 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy18 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy26 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy19 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy27 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy28 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy29 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158307cde2
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158307cde2 (not active ControlSet)
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@\24!s!\24!y!c!`!s!i!\22!t!t!\22!i!c!s!j! 19583823
---- EOF - GMER 1.0.15 ----
|
|
10.10.2012, 05:35
| #27 |
| | Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" Und noch die die aswmbr.txt |
|
10.10.2012, 12:36
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" Warum denn in den Anhang?! Die Logs bitte nur in den Anhang (gezippt) legen, wenn sie zu groß sind um direkt gepostet zu werden! Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher übersichtlicher und man spart sich ne Menge Rumklickerei Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.10.2012, 19:45
| #29 |
| | Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" `Tschuldigung, da habe ich nicht drüber nachgedacht  Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:10:14 on 09.10.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Unable to get information Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "CplMCDec.cpl" - "MainConcept AG" - C:\Windows\system32\CplMCDec.cpl "Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "CplMCDec" - "MainConcept AG" - C:\Windows\System32\CplMCDec.cpl "CplMCDec_x86" - ? - C:\Windows\SysWOW64\CplMCDec.cpl (File not found) "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "Nero BackItUp and BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero BackItUp & Burn\Nero BurnRights\NeroBurnRights_bb.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV07.sys "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\Stefan\AppData\Local\Temp\catchme.sys (File not found) "Dynamically loaded UxdDrv" (uxddrv) - ? - E:\DIAGNOSE\WSTGER\uxddrv.sys (File not found) "EUBAKUP" (EUBAKUP) - "CHENGDU YIWO Tech Development Co., Ltd" - C:\Windows\System32\drivers\eubakup.sys "EUDSKACS" (EUDSKACS) - "CHENGDU YIWO Tech Development Co., Ltd" - C:\Windows\system32\drivers\eudskacs.sys "EUFS" (EUFS) - "CHENGDU YIWO Tech Development Co., Ltd" - C:\Windows\System32\drivers\eufs.sys "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "Logitech HD Webcam C270(UVC)" (LVUVC) - "Logitech Inc." - C:\Windows\System32\DRIVERS\lvuvc.sys "Logitech RightSound Filter Driver" (LVRS) - "Logitech Inc." - C:\Windows\System32\DRIVERS\lvrs.sys "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "ugdiqpob" (ugdiqpob) - ? - C:\Users\Stefan\AppData\Local\Temp\ugdiqpob.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell Extension Component" - "Corel Corporation" - C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {097102B5-B85D-947E-1FAC-91A86E47930F} "{097102B5-B85D-947E-1FAC-91A86E47930F}" - ? - (File not found | COM-object registry key not found) -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} "A9Helper.A9" - ? - C:\Windows\Downloaded Program Files\A9.ocx / file:///E:/components/A9.ocx {6678BE91-1E04-4A4A-9C32-63145EA79C2A} "EAFO3AXLauncher Control" - "Electronic Arts Inc." - C:\Windows\DOWNLO~1\EAFO3A~1.OCX / hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} "HidInputMonitorX Control" - "TODO: <Company name>" - C:\Windows\DOWNLO~1\HIDINP~1.OCX / file:///E:/components/hidinputmonitorx.ocx {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} "JordanUploader Class" - "IPLabs GmbH" - C:\Windows\Downloaded Program Files\JordanApplet.dll / hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab {F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx / https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\Windows\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231834711663 {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} "WMVHDRatingCtrl Class" - ? - C:\Windows\Downloaded Program Files\wmvhdrating.ocx / file:///E:/components/wmvhdrating.ocx {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@C:\Program Files\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (File not found) {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (HTTP value) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "EvernoteClipper.lnk" - "Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041" - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "EaseUs Watch" - "CHENGDU YIWO Tech Development Co., Ltd" - "C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" "LWS" - "Logitech Inc." - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide "NBAgent" - "Nero AG" - "C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "toolbar_eula_launcher" - " " - C:\Program Files\GoogleEULA\EULALauncher.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "EASEUS Agent" (EASEUS Agent) - "CHENGDU YIWO Tech Development Co., Ltd" - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleDesktopManager" (GoogleDesktopManager) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe "Macromedia Licensing Service" (Macromedia Licensing Service) - ? - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MotoHelper Service" (MotoHelper) - ? - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "UMVPFSrv" (UMVPFSrv) - "Logitech Inc." - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-09 23:13:18
-----------------------------
23:13:18.881 OS Version: Windows 6.0.6002 Service Pack 2
23:13:18.881 Number of processors: 2 586 0xF0B
23:13:18.881 ComputerName: STEFAN-PC UserName: Stefan
23:13:20.862 Initialize success
23:14:27.201 AVAST engine defs: 12100901
23:14:45.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
23:14:45.953 Disk 0 Vendor: ST350083 3.AA Size: 476940MB BusType: 6
23:14:46.155 Disk 0 MBR read successfully
23:14:46.171 Disk 0 MBR scan
23:14:46.171 Disk 0 Windows VISTA default MBR code
23:14:46.171 Disk 0 Partition - 00 0F Extended LBA 20646 MB offset 934484985
23:14:46.233 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 456291 MB offset 63
23:14:46.405 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 20646 MB offset 934485048
23:14:46.530 Disk 0 scanning sectors +976768065
23:14:47.123 Disk 0 scanning C:\Windows\system32\drivers
23:16:21.471 Service scanning
23:16:41.174 Service uxddrv E:\DIAGNOSE\WSTGER\uxddrv.sys **LOCKED** 21
23:16:44.622 Modules scanning
23:18:54.507 Disk 0 trace - called modules:
23:18:54.601 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
23:18:54.617 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b55878]
23:18:54.617 3 CLASSPNP.SYS[88db68b3] -> nt!IofCallDriver -> [0x85484db8]
23:18:54.632 5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> \Device\0000005b[0x85e13950]
23:18:55.818 AVAST engine scan C:\Windows
23:25:19.219 AVAST engine scan C:\Windows\system32
23:50:08.660 AVAST engine scan C:\Windows\system32\drivers
00:00:23.940 AVAST engine scan C:\Users\Stefan
00:56:28.080 AVAST engine scan C:\ProgramData
01:20:51.001 Scan finished successfully
06:35:06.394 Disk 0 MBR has been saved successfully to "C:\Users\Stefan\Desktop\MBR.dat"
06:35:06.394 The log file has been saved successfully to "C:\Users\Stefan\Desktop\aswMBR.txt"
|
|
11.10.2012, 12:46
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" |
| 7-zip, antivir, audiograbber, avira, bandoo, browser, converter, ebay, error, excel, firefox, flash player, geld, google, hijack, home, iexplore.exe, iminent, install.exe, intranet, logfile, mp3, ntdll.dll, office 2007, packard bell, plug-in, problem, programm, realtek, security, smartphone, software, svchost.exe, trojaner, vista, wiso |
Linear-Darstellung
