Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/BProtector.Gen in C:\ProgrammData

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 28.03.2014, 14:09   #3
oschikowski
 
TR/BProtector.Gen in C:\ProgrammData - Standard

TR/BProtector.Gen in C:\ProgrammData



Soo
habe ComboFix nach deiner Anleitung mal laufen lassen. Es hat jedoch vorher gemeckert, dass Avira Desktop noch läuft, hatte es aber vorher ausgeschaltet.

Hier ist der Log:
Code:
ATTFilter
ComboFix 14-03-24.01 - Jan 28.03.2014  13:58:35.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4044.2548 [GMT 1:00]
ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\go_0molg.pad
c:\programdata\ism_0_llatsni.pad
c:\programdata\ldod2.pad
c:\programdata\oleodf.pad
c:\programdata\ras_0oed.pad
c:\users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0FC1D9C0-C7EC-46C8-9879-DBEBC4BA9F46}.xps
c:\users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7A322022-94A2-4EA5-9615-1925107A55BF}.xps
c:\users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7EDA360D-AC10-4F91-A8D7-09962D1AFDAD}.xps
c:\users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A1FD92D-E794-4CD8-8E81-6A486BA40316}.xps
c:\users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A2411E4A-9B58-43B8-966F-B0C9E26B9450}.xps
c:\users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F355FAF3-4A1F-4C53-BFC0-3B96A4B4D8C8}.xps
c:\users\Jan\AppData\Roaming\AcroIEHelpe.txt
c:\users\Jan\AppData\Roaming\srvblck5.tmp
c:\users\Public\sdelevURL.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-02-28 bis 2014-03-28  ))))))))))))))))))))))))))))))
.
.
2014-03-28 13:03 . 2014-03-28 13:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-03-28 12:21 . 2014-03-28 12:22	--------	d-----w-	C:\FRST
2014-03-28 12:09 . 2014-03-28 12:45	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1C149BA-6E36-41CE-9BE6-7C1F5D9A4032}\offreg.dll
2014-03-28 11:57 . 2014-03-17 09:16	10521840	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1C149BA-6E36-41CE-9BE6-7C1F5D9A4032}\mpengine.dll
2014-03-28 11:50 . 2014-02-04 02:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-03-28 11:50 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-02-28 12:37 . 2014-02-28 12:37	--------	d-----w-	c:\windows\Migration
2014-02-27 16:41 . 2014-02-27 16:41	--------	d-----w-	c:\users\Jan\AppData\Local\Skype
2014-02-27 16:41 . 2014-02-27 16:41	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-02-27 16:41 . 2014-02-27 16:41	--------	d-----r-	c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 12:16 . 2014-02-12 20:05	23170048	----a-w-	c:\windows\system32\mshtml.dll
2014-02-06 11:30 . 2014-02-12 20:05	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-02-06 11:30 . 2014-02-12 20:05	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 . 2014-02-12 20:05	2765824	----a-w-	c:\windows\system32\iertutil.dll
2014-02-06 11:07 . 2014-02-12 20:05	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-02-06 11:06 . 2014-02-12 20:05	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-02-06 10:57 . 2014-02-12 20:05	53760	----a-w-	c:\windows\system32\jsproxy.dll
2014-02-06 10:56 . 2014-02-12 20:05	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-02-06 10:52 . 2014-02-12 20:05	574976	----a-w-	c:\windows\system32\ieui.dll
2014-02-06 10:49 . 2014-02-12 20:05	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-02-06 10:48 . 2014-02-12 20:05	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-02-06 10:48 . 2014-02-12 20:05	708608	----a-w-	c:\windows\system32\jscript9diag.dll
2014-02-06 10:32 . 2014-02-12 20:05	218624	----a-w-	c:\windows\system32\ie4uinit.exe
2014-02-06 10:20 . 2014-02-12 20:05	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-02-06 10:17 . 2014-02-12 20:05	195584	----a-w-	c:\windows\system32\msrating.dll
2014-02-06 10:11 . 2014-02-12 20:05	5768704	----a-w-	c:\windows\system32\jscript9.dll
2014-02-06 10:01 . 2014-02-12 20:05	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-02-06 10:00 . 2014-02-12 20:05	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:57 . 2014-02-12 20:05	627200	----a-w-	c:\windows\system32\msfeeds.dll
2014-02-06 09:50 . 2014-02-12 20:05	2041856	----a-w-	c:\windows\system32\inetcpl.cpl
2014-02-06 09:47 . 2014-02-12 20:05	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46 . 2014-02-12 20:05	553472	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:25 . 2014-02-12 20:05	4244480	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-02-06 09:24 . 2014-02-12 20:05	2334208	----a-w-	c:\windows\system32\wininet.dll
2014-02-06 09:22 . 2014-02-12 20:05	13051392	----a-w-	c:\windows\system32\ieframe.dll
2014-02-06 09:09 . 2014-02-12 20:05	1964032	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:55 . 2014-02-12 20:05	1393664	----a-w-	c:\windows\system32\urlmon.dll
2014-02-06 08:41 . 2014-02-12 20:05	1820160	----a-w-	c:\windows\SysWow64\wininet.dll
2014-02-06 08:40 . 2014-02-12 20:05	817664	----a-w-	c:\windows\system32\ieapfltr.dll
2010-09-22 09:06 . 2012-12-05 11:38	2327040	----a-w-	c:\program files (x86)\splan70.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-12-04 15:54	294456	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-22 21:49	220632	----a-w-	c:\users\Jan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-22 21:49	220632	----a-w-	c:\users\Jan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-22 21:49	220632	----a-w-	c:\users\Jan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-08 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-04-08 586808]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-12-07 1243656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2216193180-2632632919-2539195565-1000Core.job
- c:\users\Jan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-15 18:42]
.
2014-03-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2216193180-2632632919-2539195565-1000UA.job
- c:\users\Jan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-15 18:42]
.
2013-11-23 c:\windows\Tasks\HPCeeScheduleForJan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
2013-10-22 c:\windows\Tasks\User_Feed_Synchronization-{311A4606-B843-4ED8-AF4C-49B50D65BC73}.job
- c:\windows\system32\msfeedssync.exe [2013-11-19 20:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-12-04 15:54	357432	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-22 21:49	244696	----a-w-	c:\users\Jan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-22 21:49	244696	----a-w-	c:\users\Jan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-22 21:49	244696	----a-w-	c:\users\Jan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-07 1128448]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-11-19 21720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~3\BitGuard\271832~1.68\{C16C1~1\loader.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\u7zz4wt0.default-1389362424330\
FF - prefs.js: browser.search.selectedEngine - Ask Search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-sPlan_70_Demo_is1 - c:\program files (x86)\sPlan70 (Demo)\unins000.exe
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-03-28  14:05:55
ComboFix-quarantined-files.txt  2014-03-28 13:05
.
Vor Suchlauf: 11 Verzeichnis(se), 355.068.710.912 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 360.276.107.264 Bytes frei
.
- - End Of File - - 905232D6A9C0B861FC4F8321DEEFD41C
         
Einen Neustart habe ich noch nicht gemacht, Avira läuft auch noch nicht wieder.

gruß jan
__________________

 

Themen zu TR/BProtector.Gen in C:\ProgrammData
adobe, antivir, antivirus, askbar, avira, branding, browser, converter, defender, desktop, dvdvideosoft ltd., error, excel, failed, firefox, flash player, home, launch, minidump, mozilla, mp3, realtek, registry, security, software, symantec, system, temp, trojaner, usb




Ähnliche Themen: TR/BProtector.Gen in C:\ProgrammData


  1. regsvr32.exe "C:\ProgrammData\EqniLexce\EqniLexce.dat" im Systemstart
    Plagegeister aller Art und deren Bekämpfung - 02.09.2014 (15)
  2. TR/BProtector.Gen
    Plagegeister aller Art und deren Bekämpfung - 04.06.2014 (12)
  3. TR/BProtector.Gen auf Windows 7
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (21)
  4. TR/BProtector.Gen
    Log-Analyse und Auswertung - 03.04.2014 (9)
  5. TR/BProtector.gen
    Plagegeister aller Art und deren Bekämpfung - 02.04.2014 (9)
  6. TR/BProtector.Gen
    Log-Analyse und Auswertung - 30.03.2014 (3)
  7. C:\ProgrammData/BitGuard\2.7.1832.68\...\loader.dll
    Plagegeister aller Art und deren Bekämpfung - 29.03.2014 (3)
  8. Windows, 8 Avira meldet 5 mal Befall: TR/BProtector.Gen in BitGuard.exe in Programmdata
    Log-Analyse und Auswertung - 31.01.2014 (17)
  9. adware/bprotector.E
    Plagegeister aller Art und deren Bekämpfung - 22.01.2014 (26)
  10. Win7 x64 | Bitguard-Trojaner? - BProtector.F , BProtector.E , BHO.Bprotector.1.4
    Log-Analyse und Auswertung - 15.12.2013 (11)
  11. ADWARE/BProtector.E
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (43)
  12. ADWARE/BProtector.E bei mir
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (5)
  13. Adware/BProtector.E
    Plagegeister aller Art und deren Bekämpfung - 05.12.2013 (6)
  14. ADWARE/BProtector.E
    Log-Analyse und Auswertung - 03.12.2013 (13)
  15. APPL/BProtector.Gen
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (2)
  16. bProtector for windows in C:\ProgrammData\
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (5)
  17. C\ProgrammData\42989176.exe
    Log-Analyse und Auswertung - 25.04.2011 (1)

Zum Thema TR/BProtector.Gen in C:\ProgrammData - Soo habe ComboFix nach deiner Anleitung mal laufen lassen. Es hat jedoch vorher gemeckert, dass Avira Desktop noch läuft, hatte es aber vorher ausgeschaltet. Hier ist der Log: Code: Alles - TR/BProtector.Gen in C:\ProgrammData...
Archiv
Du betrachtest: TR/BProtector.Gen in C:\ProgrammData auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.