Roter Kreis mit X in der Task Leiste

annika231 · 02.04.2006, 18:20

Hallo!
kann mir jemand helfen, diesen Trojaner zu entfernen.
ad aware, norton anti virus und spybot haben leider nichts geholfen.
das popup erscheint alle paar sekunden mit dem titel your comuter is in danger. windows security center has ...usw

vielen dank für eure hilfe
annika

hier das log:

Running Processes:
-----------------

#:1 [smss.exe]
File Path: C:\WINDOWS\System32\smss.exe

#:2 [winlogon.exe]
File Path: C:\WINDOWS\system32\winlogon.exe

#:3 [services.exe]
File Path: C:\WINDOWS\system32\services.exe

#:4 [lsass.exe]
File Path: C:\WINDOWS\system32\lsass.exe

#:5 [ati2evxx.exe]
File Path: C:\WINDOWS\system32\Ati2evxx.exe

#:6 [svchost.exe]
File Path: C:\WINDOWS\system32\svchost.exe

#:7 [svchost.exe]
File Path: C:\WINDOWS\System32\svchost.exe

#:8 [CCSETMGR.EXE]
File Path: C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe

#:9 [CCEVTMGR.EXE]
File Path: C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe

#:10 [CCPROXY.EXE]
File Path: C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe

#:11 [SNDSrvc.exe]
File Path: C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe

#:12 [SPBBCSvc.exe]
File Path: C:\Programme\Gemeinsame Dateien\Symantec

#:13 [spoolsv.exe]
File Path: C:\WINDOWS\system32\spoolsv.exe

#:14 [ati2evxx.exe]
File Path: C:\WINDOWS\system32\Ati2evxx.exe

#:15 [SMax4PNP.exe]
File Path: C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe

#:16 [SynTPLpr.exe]
File Path: C:\Programme\Synaptics\SynTP\SynTPLpr.exe

#:17 [SynTPEnh.exe]
File Path: C:\Programme\Synaptics\SynTP\SynTPEnh.exe

#:18 [AGRSMMSG.exe]
File Path: C:\WINDOWS\AGRSMMSG.exe

#:19 [ltmoh.exe]
File Path: C:\Programme\ltmoh\Ltmoh.exe

#:20 [NAVAPSVC.EXE]
File Path: C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe

#:21 [AVStation Agent.exe]
File Path: C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe

#:22 [BatteryManager.exe]
File Path: C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe

#:23 [PDVDServ.exe]
File Path: C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

#:24 [atiptaxx.exe]
File Path: C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe

#:25 [acrotray.exe]
File Path: C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

#:26 [SuperRAMBooster.exe]
File Path: C:\Programme\SuperRAMBooster\SuperRAMBooster.exe

#:27 [CCAPP.EXE]
File Path: C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe

#:28 [svchost.exe]
File Path: C:\WINDOWS\System32\svchost.exe
ProcessID: 1804
Threads: 2
Priority: Normal
File Size: 14 KB
Version: 5.1.2600.2180
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Version: 5.1.2600.2180
Copyright: © Microsoft Corporation. All rights reserved.
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
Internal Name: svchost.exe
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Created on: 30.08.2005 19:19:04
Last accessed: 02.04.2006 19:00:06
Last modified: 04.08.2004 14:00:00

#:29 [realsched.exe]
File Path: C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
ProcessID: 1876
Threads: 4
Priority: Normal
File Size: 176 KB
Version: 0.1.0.3427
File Version: 0.1.0.3427
Product Version: 0.1.0.3427
Copyright: Copyright © RealNetworks, Inc. 1995-2004
Company Name: RealNetworks, Inc.
File Description: RealNetworks Scheduler
Internal Name: schedapp
Original Filename: realsched.exe
Product Name: RealPlayer (32-bit)
Created on: 14.02.2006 00:28:44
Last accessed: 02.04.2006 18:52:55
Last modified: 14.02.2006 00:28:44

#:30 [netfilt4.exe]
File Path: C:\WINDOWS\system32\netfilt4.exe
ProcessID: 2136
Threads: 9
Priority: Normal
File Size: 11 KB
Created on: 02.04.2006 16:20:14
Last accessed: 02.04.2006 18:52:55
Last modified: 02.04.2006 16:20:12

#:31 [ctfmon.exe]
File Path: C:\WINDOWS\system32\ctfmon.exe
ProcessID: 2168
Threads: 1
Priority: Normal
File Size: 15 KB
Version: 5.1.2600.2180
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Version: 5.1.2600.2180
Copyright: © Microsoft Corporation. All rights reserved.
Company Name: Microsoft Corporation
File Description: CTF Loader
Internal Name: CTFMON
Original Filename: CTFMON.EXE
Product Name: Microsoft® Windows® Operating System
Created on: 30.08.2005 19:19:11
Last accessed: 02.04.2006 18:52:55
Last modified: 04.08.2004 14:00:00

#:32 [xpupdate.exe]
File Path: C:\Windows\xpupdate.exe
ProcessID: 2244
Threads: 5
Priority: Normal
File Size: 18 KB
Created on: 02.04.2006 11:54:59
Last accessed: 02.04.2006 18:52:55
Last modified: 02.04.2006 11:54:22

#:33 [MagicKBD.exe]
File Path: C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
ProcessID: 2292
Threads: 2
Priority: Normal
File Size: 352 KB
Version: 6.7.19.0
File Version: 6, 7, 19, 0
Product Version: 6, 7, 19, 0
Copyright: Copyright(c) 2001 SAMSUNG Electronics Co., Ltd.
Company Name: SAMSUNG Electronics Co., Ltd.
File Description: MagicKBD V5 Launcher
Internal Name: MagicKBD
Original Filename: MagicKBD.exe
Product Name: Magic Keyboard for Samsung
Created on: 30.08.2005 10:44:31
Last accessed: 02.04.2006 18:52:55
Last modified: 27.06.2005 19:30:06

#:34 [Desktop Lunar Calendar.exe]
File Path: C:\Programme\Desktop Lunar Calendar\Desktop Lunar Calendar.exe
ProcessID: 2420
Threads: 1
Priority: Normal
File Size: 612 KB
Version: 1.4.2.0
File Version: 1.42
Product Version: 1.42
Copyright: 2004-2006(c) MoonPhaseSoftware. All rights reserved.
Company Name: MoonPhaseSoftware.com
File Description: Desctop Lunar Calendar
Internal Name: Desktop Lunar Calendar.exe
Original Filename: Desctop Lunar Calendar.exe
Product Name: Desctop Lunar Calendar
Created on: 22.03.2006 18:39:40
Last accessed: 02.04.2006 18:52:56
Last modified: 22.03.2006 18:39:40

#:35 [SNMWLANService.exe]
File Path: C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
ProcessID: 2464
Threads: 1
Priority: Normal
File Size: 36 KB
Created on: 28.05.2005 08:35:56
Last accessed: 02.04.2006 18:52:56
Last modified: 28.05.2005 08:35:56

#:36 [SMAgent.exe]
File Path: C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
ProcessID: 2500
Threads: 2
Priority: Normal
File Size: 44 KB
Version: 3.2.6.0
File Version: 3, 2, 6, 0
Product Version: 3, 2, 6, 0
Copyright: Copyright © 2002
Company Name: Analog Devices, Inc.
File Description: SoundMAX service agent component
Internal Name: SMAgent
Original Filename: SMAgent.exe
Product Name: SoundMAX service agent
Created on: 30.08.2005 10:41:33
Last accessed: 02.04.2006 18:52:56
Last modified: 20.09.2002 15:50:10

#:37 [NOPDB.exe]
File Path: C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
ProcessID: 2532
Threads: 3
Priority: Normal
File Size: 177 KB
Version: 18.0.0.62
File Version: 7.00.0.24
Product Version: 7.00.0.24
Copyright: Copyright (c) 1997-2004 Symantec Corporation
Company Name: Symantec Corporation
File Description: NOPDB
Internal Name: NOPDB
Original Filename: NOPDB.dll
Product Name: Norton Speed Disk
Created on: 08.09.2004 14:03:16
Last accessed: 02.04.2006 18:52:56
Last modified: 08.09.2004 14:03:16

#:38 [symlcsvc.exe]
File Path: C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
ProcessID: 2560
Threads: 6
Priority: Normal
File Size: 1093 KB
Version: 1.9.1.762
File Version: 1.9.1.762
Product Version: 1.9.1.762
Copyright: Copyright (C) 2003
Company Name: Symantec Corporation
File Description: Symantec Core Component
Internal Name: symlcsvc
Original Filename: symlcsvc.exe
Product Name: Symantec Core Component
Created on: 26.01.2006 00:43:19
Last accessed: 02.04.2006 18:52:56
Last modified: 28.02.2006 20:30:47

#:39 [taskmgr.exe]
File Path: C:\WINDOWS\system32\taskmgr.exe
ProcessID: 3120
Threads: 3
Priority: High
File Size: 137 KB
Version: 5.1.2600.2180
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Version: 5.1.2600.2180
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Company Name: Microsoft Corporation
File Description: Windows Task-Manager
Internal Name: taskmgr
Original Filename: taskmgr.exe
Product Name: Betriebssystem Microsoft® Windows®
Created on: 30.08.2005 19:19:04
Last accessed: 02.04.2006 18:58:48
Last modified: 04.08.2004 14:00:00

#:40 [NSCSRVCE.EXE]
File Path: C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
ProcessID: 3712
Threads: 13
Priority: Normal
File Size: 732 KB
Version: 2006.1.3.2
File Version: 2006.1.3.2
Product Version: 2006.1.3
Copyright: Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
Company Name: Symantec Corporation
File Description: Norton Security Console Norton Protection Center Service
Internal Name: NSCService
Original Filename: NSCSrvce.exe
Product Name: Norton Security Console
Created on: 24.09.2005 18:10:58
Last accessed: 02.04.2006 18:52:56
Last modified: 11.01.2006 16:43:27

#:41 [SAVAdminService.exe]
File Path: c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
ProcessID: 2456
Threads: 4
Priority: Normal
File Size: 56 KB
Version: 1.0.0.180
File Version: 1.0.0.180
Product Version: 5.1.0
Copyright: Copyright (c) 1998-2005 Sophos Plc. All rights reserved.
Company Name: Sophos plc
File Description: Sophos Administrator Service
Internal Name: SavAdminService.exe
Original Filename: SavAdminService.exe
Product Name: Sophos Anti-Virus for Windows XP, 2000, 2003
Created on: 07.09.2005 10:13:32
Last accessed: 02.04.2006 18:52:57
Last modified: 07.09.2005 10:13:32

#:42 [ALsvc.exe]
File Path: c:\Programme\Sophos\AutoUpdate\ALsvc.exe
ProcessID: 1732
Threads: 7
Priority: Normal
File Size: 124 KB
Version: 3.4.17.8
File Version: 3.4.17.8
Product Version: 1.4.0.2
Copyright: Copyright © 2004,2005 Sophos plc
Company Name: Sophos plc
File Description:
Internal Name: Sophos AutoUpdate Service
Original Filename: Alsvc.exe
Product Name: Sophos AntiVirus
Created on: 05.01.2006 12:41:52
Last accessed: 02.04.2006 18:52:57
Last modified: 05.01.2006 12:41:52

#:43 [ALMon.exe]
File Path: c:\Programme\Sophos\AutoUpdate\ALMon.exe
ProcessID: 3296
Threads: 5
Priority: Normal
File Size: 236 KB
Version: 3.4.43.1
File Version: 3.5.44.1
Product Version: 1.4.0.3
Copyright: Copyright © 2004, 2005 Sophos plc
Company Name: Sophos plc
File Description:
Internal Name: ALMonitor
Original Filename: almon.exe
Product Name: Sophos AutoUpdate
Created on: 05.01.2006 12:41:36
Last accessed: 02.04.2006 18:52:57
Last modified: 05.01.2006 12:41:36

#:44 [618E.tmp]
File Path: C:\WINDOWS\TEMP\618E.tmp
ProcessID: 660
Threads: 2
Priority: Normal
File Size: 44 KB
Created on: 02.04.2006 18:18:56
Last accessed: 02.04.2006 18:52:57
Last modified: 02.04.2006 18:18:56

#:45 [NAVW32.EXE]
File Path: C:\PROGRA~1\NORTON~3\NORTON~1\navw32.exe
ProcessID: 2488
Threads: 9
Priority: Normal
File Size: 169 KB
Version: 12.2.0.13
File Version: 12.2.0.13
Product Version: 12.2.0
Copyright: Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
Company Name: Symantec Corporation
File Description: Norton AntiVirus Scanner Module
Internal Name: Navw32
Original Filename: Navw32.exe
Product Name: Norton AntiVirus
Created on: 23.09.2005 20:37:56
Last accessed: 02.04.2006 18:53:01
Last modified: 05.02.2006 10:03:38

#:46 [Spyware.exe]
File Path: C:\Programme\BulletProofSoft.com\SpywareRemover\Spyware.exe
ProcessID: 3480
Threads: 2
Priority: Normal
File Size: 1047 KB
Version: 8.2.0.2
File Version: 8.02.0002
Product Version: 8.02.0002
Copyright: BulletProofSoft.com
Company Name: BulletProofSoft.com
File Description: BPS Spyware and Adware Remover
Internal Name: Spyware
Original Filename: Spyware.exe
Product Name: BPS Spyware and Adware Remover
Created on: 27.01.2004 21:03:37
Last accessed: 02.04.2006 18:52:58
Last modified: 27.01.2004 21:03:37

#:47 [A11941E7.DLL]
File Path: C:\Programme\BulletProofSoft.com\SpywareRemover\A11941E7.DLL
ProcessID: 2988
Threads: 1
Priority: Normal
File Size: 2584 KB
Version: 8.2.0.2
File Version: 8.02.0002
Product Version: 8.02.0002
Copyright: BulletProofSoft.com
Company Name: BulletProofSoft.com
File Description: BPS Spyware and Adware Remover
Internal Name: Spyware
Original Filename: Spyware.exe
Product Name: BPS Spyware and Adware Remover
Created on: 02.04.2006 18:51:59
Last accessed: 02.04.2006 18:52:58
Last modified: 02.04.2006 18:51:59

#:48 [explorer.exe]
File Path: C:\WINDOWS\explorer.exe
ProcessID: 2460
Threads: 21
Priority: Normal
File Size: 1011 KB
Version: 6.0.2900.2180
File Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Product Version: 6.00.2900.2180
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Company Name: Microsoft Corporation
File Description: Windows Explorer
Internal Name: explorer
Original Filename: EXPLORER.EXE
Product Name: Betriebssystem Microsoft® Windows®
Created on: 30.08.2005 19:18:46
Last accessed: 02.04.2006 18:56:05
Last modified: 04.08.2004 14:00:00

#:49 [HiJack.exe]
File Path: C:\Programme\BulletProofSoft.com\SpywareRemover\HS\HiJack.exe
ProcessID: 3232
Threads: 5
Priority: Normal
File Size: 404 KB
Version: 1.0.0.1
File Version: 1, 0, 0, 1
Product Version: 1, 0, 0, 1
Copyright: Copyright (C) 2003
Company Name:
File Description: HiJack MFC Application
Internal Name: System Hijack Scanner
Original Filename: HiJackNT.EXE
Product Name: System Hijack Scanner
Created on: 14.05.2003 20:19:48
Last accessed: 02.04.2006 18:59:07
Last modified: 14.05.2003 20:19:48

System Hijack Scanner Entries:
---------------

R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page=about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Local Page=C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Local Page=C:\WINDOWS\system32\blank.htm
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, SearchAssistant=http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_page_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_search_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main, search bar=http://www.google.com/ie
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E89097ED-3400-411D-9647-D368C3311C98} - C:\WINDOWS\system32\IeHelperExVSS.dll
O3 - ToolBar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - ToolBar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - ToolBar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - ToolBar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - ToolBar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe (file missing)
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [AVStation premium] "C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe"
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Super RAM Booster] C:\Programme\SuperRAMBooster\SuperRAMBooster.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot (file missing)
O4 - HKLM\..\Run: [Kaspersky] C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KAV Personal Pro\5.0\Save Kaspersky.bat (file missing)
O4 - HKLM\..\Run: [netfilt4] C:\WINDOWS\system32\netfilt4.exe
O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programme\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (file missing)
O4 - HKCU\..\Run: [WeatherWatcher] C:\Programme\Weather Watcher\ww.exe (file missing)
O4 - HKCU\..\Run: [wetterde.newstool] C:\Programme\wetterde\wettermelder.exe (file missing)
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [netfilt4] C:\WINDOWS\system32\netfilt4.exe
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKLM\..\RunServices: [netfilt4] C:\WINDOWS\system32\netfilt4.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe
O4 - Start Up: C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\Desktop Lunar Calendar.lnk
O4 - Start Up: C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\desktop.ini
O4 - User Start Up: C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\Desktop Lunar Calendar.lnk
O4 - User Start Up: C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\desktop.ini
O4 - Global Start Up: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoUpdate Monitor.lnk
O4 - Global Start Up: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
O4 - Global User Start Up: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoUpdate Monitor.lnk
O4 - Global User Start Up: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
O5 - HKCU\control panel\don't load: ncpa.cpl = No
O5 - HKCU\control panel\don't load: odbccp32.cpl = No
O8 - Extra Context Menu Items: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra Context Menu Items: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra Context Menu Items: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra Context Menu Items: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra Context Menu Items: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra Context Menu Items: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra Context Menu Items: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra Context Menu Items: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra Context Menu Items: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra Context Menu Items: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra Context Menu Items: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra Context Menu Items: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra Context Menu Items: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra Context Menu Items: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137448666300
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TCPIP\Parameters\Interfaces\{EA4BE3AF-8FD8-4C8E-8CD3-E5056382CC16}, NameServer=192.168.0.1
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll

Rene-gad · 02.04.2006, 18:32

@annika231

Zitat:

kann mir jemand helfen, diesen Trojaner zu entfernen.

Diesen? Diese

Zitat:

O4 - HKLM\..\Run: [netfilt4] C:\WINDOWS\system32\netfilt4.exe
O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [netfilt4] C:\WINDOWS\system32\netfilt4.exe
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKLM\..\RunServices: [netfilt4] C:\WINDOWS\system32\netfilt4.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe

Trojaner kann man nur über eine Neuinstallation von Windows enfernen. Anleitung ist in meiner Signatur verlinkt. Alle anderen Methoden bringen in Deinem Fall kein positives Ergebnis.

Roter Kreis mit X in der Task Leiste

Log-Analyse und Auswertung: Roter Kreis mit X in der Task Leiste

Roter Kreis mit X in der Task Leiste

Roter Kreis mit X in der Task Leiste

Ähnliche Themen: Roter Kreis mit X in der Task Leiste