virusburster problem. ständiges blinken in der taskleiste

Thema ist geschlossen!
Thema ist geschlossen!
#0
29.11.2006, 00:20
...neu hier

Beiträge: 2
#1 hey leute,
ich bin noch so spät zu dieser stunde auf, da ich mit dummerweise den virusburster eingefangen hab. habe schon in mehreren posts gelesen, dass ich nicht der einzige bin und es auch nicht so einfach ist, ihn zu deinstallieren.

hier meine hijachthis log:

Logfile of HijackThis v1.99.1
Scan saved at 00:12:33, on 29.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\WebSites\xampp\apache\bin\apache.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
d:\Programme\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
D:\WebSites\xampp\FileZillaFTP\FileZillaServer.exe
D:\WebSites\xampp\mysql\bin\mysqld-nt.exe
C:\Programme\PTBSync\PTBSync.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
D:\WebSites\xampp\apache\bin\apache.exe
C:\Programme\Gold Codec\isamonitor.exe
C:\Programme\Gold Codec\pmsngr.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\CtrlVol.exe
C:\Programme\Gold Codec\pmmon.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\Programme\Gold Codec\isamini.exe
D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\PTBSync\PTBSync.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
D:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Logitech\SetPoint\KEM.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
C:\Programme\OpenOffice.org 2.0\program\soffice.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\VMConnect.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\bmctl.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\WLANClient\WlanClient.exe
D:\PROGRA~1\MOZILL~2\FIREFOX.EXE
D:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\IE7-WindowsXP-x86-deu.exe
c:\89b23225469c6b1ab64d\update\iesetup.exe
c:\89b23225469c6b1ab64d\update\update.exe
C:\Programme\WinRAR\WinRAR.exe
D:\CloneDVDTemp\Rar$EX00.853\HijackThis.exe
C:\WINDOWS\ie7\spuninst\spuninst.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: WebSpeechBHO Class - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O2 - BHO: (no name) - {9595AE6B-2FC1-3B70-7A72-12F4A9B1FE25} - C:\DOKUME~1\chris\ANWEND~1\INTERN~1\Procwma.exe (file missing)
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Programme\Gold Codec\isaddon.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Programme\Gold Codec\iesplugin.dll
O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PTBSync] C:\Programme\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MSConfig] D:\CloneDVDTemp\Rar$EX00.813\msconfig.exe /auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] D:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O9 - Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129972628235
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6F1A3BD-6D03-4832-8B50-F5695ADF68A6}: NameServer = 139.7.30.125 139.7.30.126
O18 - Protocol: bw+0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: offline-8876480 - {9B9662F7-7E00-4A38-9A71-8D3C3CEF7B0C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - C:\WINDOWS\system32\xxfgmy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - D:\WebSites\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Backbone Service (BBDemon) - Unknown owner - d:\Programme\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\WebSites\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: mysql - Unknown owner - D:\WebSites\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Atomuhr Synchronisation (PTBSync) - ElmüSoft - C:\Programme\PTBSync\PTBSync.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

vlt könnt ihr mir weiterhelfen. weis absolut nicht weiter.
schonmal vielen dank.

griß
Seitenanfang Seitenende
29.11.2006, 01:50
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 1.
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html

2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{40dcff6e-af8d-4183-8ebe-a82270ac449e}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|gimmicks
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{4fc003c3-87a0-489c-85cd-878246eb2d18}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|amaranthaceous
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{588599f4-de26-4c28-ba14-f4eb17e33481}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|emptins
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|Virus-Bursters
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|Security

registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae18da4e-be15-4925-81bb-890c04af0200}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gold Codec
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200}
HKLM\SOFTWARE\Classes\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481}
HKLM\SOFTWARE\Classes\CLSID\{40dcff6e-af8d-4183-8ebe-a82270ac449e}
HKLM\SOFTWARE\Classes\CLSID\{4fc003c3-87a0-489c-85cd-878246eb2d18}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F83E8F99-AE49-45D6-92B4-59854BF0A759}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C97C3B7C-E022-4FA8-B1A7-1C28270FFAFF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Virus-Bursters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virus-bursters.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Virus-Bursters
HKEY_LOCAL_MACHINE\SOFTWARE\Virus-Bursters

Files to delete:
C:\WINDOWS\system32\xxfgmy.dll
C:\Dokumente und Einstellungen\%Username%\Favoriten\Antivirus Test Online.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url
C:\Dokumente und Einstellungen\%UserName%\Desktop\Virus-Bursters.lnk

Folders to delete:
C:\Programme\Gold Codec
C:\Programme\Virus-Bursters
C:\Programme\Antivirus-Golden
C:\Dokumente und Einstellungen\%Username%\Lokale Einstellungen\Temp\~nsu.tmp
C:\Dokumente und Einstellungen\%Username%\Startmenü\Virus-Bursters
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.11.2006, 15:59
...neu hier

Themenstarter

Beiträge: 2
#3 gut danke hat geklappt. nur smitfraudfix konnte ich nicht installn. aber da virusburster ja weg ist, brauch ich das sicherlich nicht mehr zu machen?!

thx
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: