|
versuch das script ma wie folgt :OTL O20 - HKU\salva_ON_C Winlogon: Shell - (C:\Users\salva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7L03ZXXE\calc[1].exe) - C:\Users\salva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7L03ZXXE\calc[1].exe (Gvqid :Files C:\Users\salva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7L03ZXXE\calc[1].exe :Commands [Reboot] |
das ende des 020 so lassen oder soll ich " Chqvjb)" ergänzen? weil ich glaube das hast du oben auch schon vergessen.. in deinem screenshot war das aber drin. |
sorry hatte das nur von oben kopiert. genau das musst du noch dazu fügen. und bitte achte darauf das das alles in einer zeile steht, wie im screenshot auch. die zweite zeile beginnt dann mit :files |
leider auch nicht erfolgreich.. es kommt wieder der BKA bildschirm.. um das nochmal kurz klarzustellen, weil du grad geschrieben hast dass die zweite zeile mit :files beginnen soll.. das müsste aber eigentlich die dritte sein oder? 1.zeile: :OTL 2.zeile: O20 .... 3.zeile: :Files |
genau. gib mir mal nen moment. |
Code: :OTL |
hey. das ist ja das gleiche script wie du schonmal geschriben hast und das geht leider auch nicht.. hast du vielleicht noch eine andere idee? vielen dank gruß hauke |
nutze mal aviras rescue disk Avira AntiVir Rescue System - Download |
ok nagut dann werde ich das mal laden.. dann einfach auf cd brennen und von dieser booten? oder muss ich noch was beachten? |
ne von der cd booten evtl. updaten falls möglich und scannen |
hey..hab ich gemacht und komme jetzt auch wieder normal in windows. brauchst jetzt wahrscheinlich die log datei richtig? bin gerade unterwegs..werde sie nachher von zuhause posten. |
falls du sie hast. |
hey hier hast du die log datei. gruß hauke Avira / Linux Version 1.9.152.0 Copyright (c) 2010 by Avira GmbH All rights reserved. engine set: 8.2.4.208 VDF Version: 7.11.6.145 Scan start time: Mon Apr 18 09:20:11 2011 configuration file: /etc/avira/scancl.conf WARNING: [Bad compressed data] /media/Devices/sda2/Program Files/CDex_170b2/uninstall.exe WARNING: [Unexpected end of file] /media/Devices/sda2/Program Files/REAPER/Uninstall.exe ALERT: [TR/FraudPack.crue] /media/Devices/sda2/Users/salva/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/7L03ZXXE/calc[1].exe <<< Is the Trojan horse TR/FraudPack.crue [renamed] WARNING: [Unexpected end of file] /media/Devices/sda2/Users/salva/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/801ITZET/WLAN_Vista32_V12439[1].zip ALERT: [HTML/Gerico.ffd] /media/Devices/sda2/Users/salva/AppData/Local/Mozilla/Firefox/Profiles/m3shcb80.default/Cache/4BB0F73Cd01 --> /media/Devices/sda2/Users/salva/AppData/Local/Mozilla/Firefox/Profiles/m3shcb80 <<< Contains signature of the HTML script virus HTML/Gerico.ffd [archive scan abort] WARNING: [All files in archive are encrypted] /media/Devices/sda2/Users/salva/AppData/Local/Temp/SQZABF9.tmp/Kanonen Auf Spatzen - PS 2252.rar ALERT: [Java/Exdoer.BC.1] /media/Devices/sda2/Users/salva/AppData/Local/Temp/jar_cache7011435773750123100.tmp <<< Contains signature of the Java virus JAVA/Exdoer.BC.1 [renamed] ALERT: [EXP/Java.CVE-2009-3867.8861] /media/Devices/sda2/Users/salva/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/33/1108a961-16924ee8 --> dev/s/AdgredY.class <<< Contains signature of the exploits EXP/Java.CVE-2009-3867.8861 [archive scan abort] ALERT: [JAVA/C-2009-3867.EH] /media/Devices/sda2/Users/salva/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/4/5541aec4-114b48d9 --> vmain.class <<< Contains signature of the Java virus JAVA/C-2009-3867.EH [archive scan abort] ALERT: [EXP/Java.CVE-2009-3867.8861] /media/Devices/sda2/Users/salva/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/48/6631f570-24579297 --> dev/s/AdgredY.class <<< Contains signature of the exploits EXP/Java.CVE-2009-3867.8861 [archive scan abort] ALERT: [Java/Exdoer.BI] /media/Devices/sda2/Users/salva/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/48e15bc6-25b3ead3 --> blor/hytji.class <<< Contains signature of the Java virus JAVA/Exdoer.BI [archive scan abort] ALERT: [EXP/Java.CVE-2009-3867.8861] /media/Devices/sda2/Users/salva/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/8/5a289588-7b91afdf --> dev/s/AdgredY.class <<< Contains signature of the exploits EXP/Java.CVE-2009-3867.8861 [archive scan abort] WARNING: [Unexpected end of file] /media/Devices/sda2/Users/salva/Documents/ICQ/234337574/ReceivedFiles/276588139 Danko Jones/Angebot Knüffelmann.docx WARNING: [File is encrypted] /media/Devices/sda2/Users/salva/Documents/Downloads/Manager_11_Update_1.exe WARNING: [File is encrypted] /media/Devices/sda2/Users/salva/Documents/Downloads/The__International__Noise_Conspiracy-The_Cross_Of_My_Calling-_Advance_-2008-RTB.rar WARNING: [Unexpected end of file] /media/Devices/sda2/Windows/System32/Macromed/Flash/uninstall_activeX.exe WARNING: [File is encrypted] /media/Devices/sda5/psp/ProEvo6 password=elmo/PES6.part01.rar WARNING: [File is encrypted] /media/Devices/sda5/psp/ProEvo6 password=elmo/PES6.part02.rar WARNING: [File is encrypted] /media/Devices/sda5/psp/ProEvo6 password=elmo/PES6.part03.rar WARNING: [File is encrypted] /media/Devices/sda5/psp/ProEvo6 password=elmo/PES6.part04.rar WARNING: [File is encrypted] /media/Devices/sda5/psp/ProEvo6 password=elmo/PES6.part05.rar WARNING: [File is encrypted] /media/Devices/sda5/psp/ProEvo6 password=elmo/PES6.part06.rar WARNING: [File is encrypted] /media/Devices/sda5/psp/ProEvo6 password=elmo/PES6.part07.rar WARNING: [File is encrypted] /media/Devices/sda5/psp/ProEvo6 password=elmo/PES6.part08.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda5/salva_data/music/bands/1. new shit/tiga/www.NewAlbumReleases.net_Tiga - Ciao (2009).part1.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda5/salva_data/music/bands/1. new shit/tiga/www.NewAlbumReleases.net_Tiga - Ciao (2009).part2.rar WARNING: [All files in archive are encrypted] /media/Devices/sda5/salva_data/music/bands/ODI/Odi_-_I-Empire_(Acoustic_Cover).rar WARNING: [The files in archive are multiple volume] /media/Devices/sda5/salva_data/sonstiges/Geburtstag/FOTOS FELIX/Gebi.part1.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda5/salva_data/sonstiges/Geburtstag/FOTOS FELIX/Gebi.part2.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda5/salva_data/sonstiges/Geburtstag/FOTOS FELIX/Gebi.part3.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda5/salva_data/sonstiges/Geburtstag/FOTOS FELIX/Gebi.part4.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda5/salva_data/sonstiges/Geburtstag/FOTOS FELIX/Gebi.part5.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda5/salva_data/sonstiges/Geburtstag/FOTOS FELIX/Gebi.part6.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda5/salva_data/sonstiges/pro evo patches/neu/PESEdit.com 2010 Patch 2.3.part1.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda5/salva_data/sonstiges/pro evo patches/neu/PESEdit.com 2010 Patch 2.3.part2.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda5/salva_data/sonstiges/pro evo patches/neu/PESEdit.com 2010 Patch 2.3.part3.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda5/salva_data/sonstiges/pro evo patches/neu/PESEdit.com 2010 Patch 2.3.part4.rar WARNING: [The files in archive are multiple volume] /media/Devices/sda5/salva_data/sonstiges/pro evo patches/neu/PESEdit.com 2010 Patch 2.3.part5.rar WARNING: [File is encrypted] /media/Devices/sda5/salva_data/studium/materialien/1.BKs/2. Semester/BGB Nr.2/BK_BGB_II_-_3._Stunde.zip WARNING: [File is encrypted] /media/Devices/sda5/salva_data/studium/materialien/1.BKs/2. Semester/BGB Nr.2/BK_BGB_II_-_10._Stunde.zip WARNING: [File is encrypted] /media/Devices/sda5/salva_data/studium/materialien/1.BKs/2. Semester/BGB Nr.2/BK_BGB_II_-_11._Stunde.zip WARNING: [File is encrypted] /media/Devices/sda5/salva_data/studium/materialien/1.BKs/2. Semester/BGB Nr.2/BK_BGB_II_-_2._Stunde.zip WARNING: [File is encrypted] /media/Devices/sda5/salva_data/studium/materialien/1.BKs/2. Semester/BGB Nr.2/BK_BGB_II_-_4._Stunde.zip WARNING: [File is encrypted] /media/Devices/sda5/salva_data/studium/materialien/1.BKs/2. Semester/BGB Nr.2/BK_BGB_II_-_5._Stunde.zip WARNING: [File is encrypted] /media/Devices/sda5/salva_data/studium/materialien/1.BKs/2. Semester/BGB Nr.2/BK_BGB_II_-_6._Stunde(2).zip WARNING: [File is encrypted] /media/Devices/sda5/salva_data/studium/materialien/1.BKs/2. Semester/BGB Nr.2/BK_BGB_II_-_6._Stunde.zip WARNING: [File is encrypted] /media/Devices/sda5/salva_data/studium/materialien/1.BKs/2. Semester/BGB Nr.2/BK_BGB_II_-_7._Stunde.zip WARNING: [File is encrypted] /media/Devices/sda5/salva_data/studium/materialien/1.BKs/2. Semester/BGB Nr.2/BK_BGB_II_-_8._Stunde.zip WARNING: [File is encrypted] /media/Devices/sda5/salva_data/studium/materialien/1.BKs/2. Semester/BGB Nr.2/BK_BGB_II_-_9._Stunde.zip WARNING: [File is encrypted] /media/Devices/sda5/salva_data/studium/materialien/1.BKs/2. Semester/BGB Nr.2/BK_BGB_II_1.Stunde(2).zip WARNING: [File is encrypted] /media/Devices/sda5/salva_data/studium/materialien/1.BKs/2. Semester/BGB Nr.2/BK_BGB_II_1.Stunde.zip Statistics : Directories............... : 34434 Archives.................. : 3637 Files..................... : 675892 Infected.............. : 8 Renamed........... : 8 Warnings.............. : 43 Suspicious............ : 0 Infections................ : 8 |
ok. download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten. |
so hab malwarebytes drübergejagt. hier die logdatei: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6399 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 19.04.2011 23:27:36 mbam-log-2011-04-19 (23-27-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 364220 Laufzeit: 1 Stunde(n), 53 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 3 Infizierte Dateien: 18 Infizierte Speicherprozesse: c:\program files\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> 3440 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RelevantKnowledge (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.FakeAlert) -> Value: Shell -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\program files\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully. Infizierte Dateien: c:\program files\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\Users\salva\AppData\Local\Temp\temp2_u992.zip\u992.exe (Trojan.UltraSurf) -> Quarantined and deleted successfully. c:\Users\salva\AppData\Local\Temp\temp3_u992.zip\u992.exe (Trojan.UltraSurf) -> Quarantined and deleted successfully. c:\Users\salva\AppData\Local\Temp\temp4_u992.zip\u992.exe (Trojan.UltraSurf) -> Quarantined and deleted successfully. c:\Users\salva\AppData\Local\Temp\temp5_u992.zip\u992.exe (Trojan.UltraSurf) -> Quarantined and deleted successfully. c:\Users\salva\AppData\Local\Temp\temp6_u992.zip\u992.exe (Trojan.UltraSurf) -> Quarantined and deleted successfully. c:\Users\salva\AppData\Local\Temp\temp1_u992.zip\u992.exe (Trojan.UltraSurf) -> Quarantined and deleted successfully. c:\Users\salva\documents\downloads\autoi(2).exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\salva\documents\downloads\autoi.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. d:\salva_data\software\vst plugins\4front truepianos vsti v1.4.1 incl keygen-air\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\programdata\sysreserve.ini (Malware.Trace) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\uninstall instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 11:16 Uhr. |
Copyright ©2000-2025, Trojaner-Board