| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: trojaner "Win32:Trojan-Gen {other}" entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.02.2009, 22:23
| #1 |
 |  trojaner "Win32:Trojan-Gen {other}" entfernen Hallo habe grad meine Festplatten gescannt und habe 2 mal " Win32:Trojan-Gen {other}" und einmal "Win32:Trojan-Gen {other} (4x)" gefunden ... sie lassen sich nicht Desinfizieren  , nun weiß ich nicht was ich machen soll ... Habe im Forum und bei Google keine passenden lösungen gefunden .. Danke schonmal im Vorraus Virenprüfung Protokoll + HiJack Virenprüfung mit G DATA AntiVirus Version 18.2.7310.844 Virensignaturen vom 03.02.2009 Startzeit: 03.02.2009 19:24 Engine(s): Engine A (AVK 19.2779), Engine B (AVB 19.209) Heuristik: Ein Archive: Ein Systembereiche: Ein Prüfung der Systembereiche... Prüfung aller lokalen Festplatten... Objekt: ONENOTEM.EXE In Archiv: C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\HomeSrWW.cab Status: Virus gefunden Virus: Win32:Trojan-gen {Other} (Engine B) Objekt: HomeSrWW.cab Pfad: C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C Status: Datei in Quarantäne verschoben Virus: Win32:Trojan-gen {Other} (Engine B) Objekt: Data1.cab\reader_sl.exe In Archiv: C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1031-7B44-A81300000003}\AdbeRdr813_de_DE.msi Status: Virus gefunden Virus: Win32:Trojan-gen {Other} (Engine B) Objekt: AdbeRdr813_de_DE.msi Pfad: C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1031-7B44-A81300000003} Status: Datei in Quarantäne verschoben Virus: Win32:Trojan-gen {Other} (Engine B) Objekt: Data1.cab\reader_sl.exe In Archiv: C:\System Rollback Data\Restore\Current\50123\46\Target\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1031-7B44-A81300000003}\AdbeRdr813_de_DE.msi Status: Virus gefunden Virus: Win32:Trojan-gen {Other} (Engine B) Objekt: AdbeRdr813_de_DE.msi Pfad: C:\System Rollback Data\Restore\Current\50123\46\Target\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1031-7B44-A81300000003} Status: Datei in Quarantäne verschoben Virus: Win32:Trojan-gen {Other} (4x) (Engine B) Analyse vollständig durchgeführt: 03.02.2009 22:09 162916 Dateien überprüft 3 infizierte Dateien gefunden 0 verdächtige Dateien gefunden Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:21:48, on 03.02.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Windows\System32\nvraidservice.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe C:\Program Files\avmwlanstick\FRITZWLanMini.exe C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ICQ6\ICQ.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\G DATA TotalCare\GUI\avkis.exe C:\Windows\system32\DllHost.exe C:\Program Files\G DATA TotalCare\AVK\Avk.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe C:\Program Files\Java\jre6\bin\java.exe C:\Users\*\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ht*p://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\program files\g data totalcare\avkkid\avkcks.exe O1 - Hosts: ::1 localhost O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AVKWebIE.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AVKWebIE.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe O4 - HKLM\..\Run: [RPT Msgsrv] "C:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe" /NRPT Network Printer /S O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: ASETRES.EXE O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: G DATA Firewall Tray.lnk = ? O4 - Global Startup: Office-Bibliothek-Direktsuche.lnk = C:\pc-bib\PCLib.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKService.exe O23 - Service: AntiVirus Wächter (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKWCtl.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe O23 - Service: BOTService - Sonic Solutions - c:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe O23 - Service: Roxio File Backup Service (CEEBC40A-FDED-4C59-B354-939132350B01) - Unknown owner - c:\Program Files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVKTuner\AVKTunerService.exe O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA TotalCare\Firewall\GDFwSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 11047 bytes |
| Themen zu trojaner "Win32:Trojan-Gen {other}" entfernen |
| adobe, bho, defender, desinfizieren, entfernen, explorer, festplatte, firefox, firewall, g data, google, helper, hijackthis, infizierte, infizierte dateien, internet, internet explorer, magix, mozilla, pdf, plug-in, popup, port, proxy, rundll, software, stick, trojaner, userinit.exe, vista, win32:trojan-gen, windows, windows defender, windows sidebar |
Baum-Darstellung