Virusburst - remove

#1

Zitat

Hallo Sabina
Habe deinen Beitrag über Virusburst gelesen, habe das gleiche schrekliche Teil aber schnalle deine Ratschläge nicht und habe keine Idee wie ich dies wieder los werde
Kannst du mir helfen?

Liebe Grüsse jetfliegen

-------------------


Information:Virusburst
http://virus-protect.org/artikel/spyware/virusburst_remove.html

----------------------------------------------------------------------------------

1.
Avenger
http://virus-protect.org/artikel/tools/avenger.html

kopiere rein:

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{728E63B0-5165-4E98-9C83-EF987EEB66C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurst
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurst
HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurst

Files to delete:
C:\WINDOWS\system32\eowygj.dll
C:\Programme\VirusBurst\blacklist.txt
C:\Programme\VirusBurst\msvcp71.dll
C:\Programme\VirusBurst\msvcr71.dll
C:\Programme\VirusBurst\ref.dat
C:\Programme\VirusBurst\uninst.exe
C:\Programme\VirusBurst\VirusBurst.exe
C:\Programme\VirusBurst\VirusBurst.url
C:\Programme\VirusBurst\Lang\English.ini

Folders to delete:
C:\Programme\VirusBurst

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log vom Avenger

2.
scanne mit smitfraudfix (option 1 und 2 )
http://virus-protect.org/artikel/tools/smitfrautfix.html

3.
Hijackthis -
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit

#2 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cpuqbroj

*******************

Script file located at: \??\F:\WINDOWS\system32\orlphckt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at F:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\system32\eowygj.dll for deletion
Deletion of file C:\WINDOWS\system32\eowygj.dll failed!

Could not process line:
C:\WINDOWS\system32\eowygj.dll
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\blacklist.txt for deletion
Deletion of file C:\Programme\VirusBurst\blacklist.txt failed!

Could not process line:
C:\Programme\VirusBurst\blacklist.txt
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\msvcp71.dll for deletion
Deletion of file C:\Programme\VirusBurst\msvcp71.dll failed!

Could not process line:
C:\Programme\VirusBurst\msvcp71.dll
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\msvcr71.dll for deletion
Deletion of file C:\Programme\VirusBurst\msvcr71.dll failed!

Could not process line:
C:\Programme\VirusBurst\msvcr71.dll
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\ref.dat for deletion
Deletion of file C:\Programme\VirusBurst\ref.dat failed!

Could not process line:
C:\Programme\VirusBurst\ref.dat
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\uninst.exe for deletion
Deletion of file C:\Programme\VirusBurst\uninst.exe failed!

Could not process line:
C:\Programme\VirusBurst\uninst.exe
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\VirusBurst.exe for deletion
Deletion of file C:\Programme\VirusBurst\VirusBurst.exe failed!

Could not process line:
C:\Programme\VirusBurst\VirusBurst.exe
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\VirusBurst.url for deletion
Deletion of file C:\Programme\VirusBurst\VirusBurst.url failed!

Could not process line:
C:\Programme\VirusBurst\VirusBurst.url
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\Lang\English.ini for deletion
Deletion of file C:\Programme\VirusBurst\Lang\English.ini failed!

Could not process line:
C:\Programme\VirusBurst\Lang\English.ini
Status: 0xc000003a



Could not open folder C:\Programme\VirusBurst for deletion
Deletion of folder C:\Programme\VirusBurst failed!

Could not process line:
C:\Programme\VirusBurst
Status: 0xc000003a



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{728E63B0-5165-4E98-9C83-EF987EEB66C9} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{728E63B0-5165-4E98-9C83-EF987EEB66C9} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurst not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurst failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurst not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurst failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurst not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurst failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

#3 jetfliegen

Hijackthis -
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit

#4 hi sbina,
hab das gleiche problem wie jetfliege.
benutze media player classic, film hat nicht gestartet, ich sollte einen neuen codec downloaden-was ich idiot dann auch ohne bedenken gemacht hab
und hab jetzt den VirusBurst 6.1 auf meinem rechner.

leider hab ich auch nicht so viel ahnung und komme mit der anleitung nicht ganz klar.
vielleicht kannst du mir ja unter die arme greifen.
vorab schon mal danke


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rapetlvw

*******************

Script file located at: \??\C:\kyafnxik.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\eowygj.dll not found!
Deletion of file C:\WINDOWS\system32\eowygj.dll failed!

Could not process line:
C:\WINDOWS\system32\eowygj.dll
Status: 0xc0000034



Could not open file C:\Programme\VirusBurst\blacklist.txt for deletion
Deletion of file C:\Programme\VirusBurst\blacklist.txt failed!

Could not process line:
C:\Programme\VirusBurst\blacklist.txt
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\msvcp71.dll for deletion
Deletion of file C:\Programme\VirusBurst\msvcp71.dll failed!

Could not process line:
C:\Programme\VirusBurst\msvcp71.dll
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\msvcr71.dll for deletion
Deletion of file C:\Programme\VirusBurst\msvcr71.dll failed!

Could not process line:
C:\Programme\VirusBurst\msvcr71.dll
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\ref.dat for deletion
Deletion of file C:\Programme\VirusBurst\ref.dat failed!

Could not process line:
C:\Programme\VirusBurst\ref.dat
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\uninst.exe for deletion
Deletion of file C:\Programme\VirusBurst\uninst.exe failed!

Could not process line:
C:\Programme\VirusBurst\uninst.exe
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\VirusBurst.exe for deletion
Deletion of file C:\Programme\VirusBurst\VirusBurst.exe failed!

Could not process line:
C:\Programme\VirusBurst\VirusBurst.exe
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\VirusBurst.url for deletion
Deletion of file C:\Programme\VirusBurst\VirusBurst.url failed!

Could not process line:
C:\Programme\VirusBurst\VirusBurst.url
Status: 0xc000003a



Could not open file C:\Programme\VirusBurst\Lang\English.ini for deletion
Deletion of file C:\Programme\VirusBurst\Lang\English.ini failed!

Could not process line:
C:\Programme\VirusBurst\Lang\English.ini
Status: 0xc000003a



Folder C:\Programme\VirusBurst not found!
Deletion of folder C:\Programme\VirusBurst failed!

Could not process line:
C:\Programme\VirusBurst
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{728E63B0-5165-4E98-9C83-EF987EEB66C9} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{728E63B0-5165-4E98-9C83-EF987EEB66C9} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurst not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurst failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurst not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurst failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurst not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurst failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


hier hijackThis
ich hoff ich hab bis jetzt alles richtig gemacht

Logfile of HijackThis v1.99.1
Scan saved at 09:02:32, on 08.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Virus-Burst\Virus-Burst.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\ewido anti-spyware 4.0\ewido.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\admin\LOKALE~1\Temp\Rar$EX00.562\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Virus-Burst] C:\Programme\Virus-Burst\Virus-Burst.exe /h
O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WISO Bewerbung 2007 Reminder.lnk = C:\Programme\WISO\Bewerbung 2007\KCReminder.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O21 - SSODL: imputable - {6570b782-1a41-4053-b2c9-12c7fcf0d84d} - C:\WINDOWS\system32\duxzj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Programme\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe

#5 Logfile of HijackThis v1.99.1
Scan saved at 13:29:53, on 08.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Programme\Java\jre1.5.0_08\bin\jusched.exe
F:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
F:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Programme\SPYWAREfighter\spfprc.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
F:\Programme\Messenger\msmsgs.exe
F:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
F:\WINDOWS\system32\CTsvcCDA.EXE
F:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Programme\Outlook Express\msimn.exe
F:\Programme\Mozilla Firefox\firefox.exe
F:\Temp\hijackthis(2)\HijackThis.exe
F:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programme\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [kis] "F:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [spywarefighterguard] F:\Programme\SPYWAREfighter\spfprc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Programme\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - F:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O20 - AppInit_DLLs: F:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - F:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: imputable - {6570b782-1a41-4053-b2c9-12c7fcf0d84d} - F:\WINDOWS\system32\duxzj.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - F:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - F:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


So jetzt habe ich begriffen wie ich dies Posten muss.
Ich hoffe du kannst mir jetzt helfen??? Wäre ja sehr froh.
Liebe Grüsse

#6 bueg

****
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme\Virus-Burst" >>files.txt
notepad files.txt

****
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

Virus-Burst

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.


------------------------------------------------------------------

1.
gehe in die registry
Start - Ausfuehren - regedit
bearbeiten - suchen - duxzj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

loesche:
imputable - {6570b782-1a41-4053-b2c9-12c7fcf0d84d}

2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{728E63B0-5165-4E98-9C83-EF987EEB66C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusBurst
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurst
HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurst

Files to delete:
C:\WINDOWS\system32\duxzj.dll

Folders to delete:
C:\Programme\Virus-Burst

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

3.
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O4 - HKLM\..\Run: [Virus-Burst] C:\Programme\Virus-Burst\Virus-Burst.exe /h
O21 - SSODL: imputable - {6570b782-1a41-4053-b2c9-12c7fcf0d84d} - C:\WINDOWS\system32\duxzj.dll

PC neustarten

**
scanne mit smitfraudfix (option 1 und 2 )
http://virus-protect.org/artikel/tools/smitfrautfix.html

**
berichte
__________
MfG Sabina

rund um die PC-Sicherheit

#7 jetfliegen

1.
gehe in die registry
Start - Ausfuehren - regedit
bearbeiten - suchen - duxzj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

loesche:
imputable - {6570b782-1a41-4053-b2c9-12c7fcf0d84d}

2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Files to delete:
F:\WINDOWS\system32\duxzj.dll

Folders to delete:
F:\Programme\Virus-Burst

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

3.
öffne das HijackThis -- Button "scan" -- vor Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000

O21 - SSODL: imputable - {6570b782-1a41-4053-b2c9-12c7fcf0d84d} - F:\WINDOWS\system32\duxzj.dll

**
berichte
__________
MfG Sabina

rund um die PC-Sicherheit

#8 Hallo Sabina

Super das Teil ist weg!! Spitze!
Vielen herzlichen dank.

jetfliegen