Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7 : Avast fand Win32:BProtect-D [Trj] - Löschung nicht möglich

Windows 7 : Avast fand Win32:BProtect-D [Trj] - Löschung nicht möglich


Log-Analyse und Auswertung: Windows 7 : Avast fand Win32:BProtect-D [Trj] - Löschung nicht möglich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 22.05.2014, 22:23   #1
nightdoc
 
Windows 7 : Avast fand Win32:BProtect-D [Trj] - Löschung nicht möglich - Standard

Windows 7 : Avast fand Win32:BProtect-D [Trj] - Löschung nicht möglich


Guten Abend,

ich bin ein wenig-wissender, reiner Alltag-user. Mein Avast fand gestern den Win32:BProtect-D [Trj]. Alle Avast-Lösungen (löschen, verschieben in Virencontainer) schlugen fehl, Avast fand die Bedrohung wieder bei der Startzeitüberprüfung. Mehr habe ich noch nicht versucht.

Ich habe versucht die "Anleitung für Hilfesuchende" zu befolgen und übermittle mal meine so gewonnenen Logfiles (für mich schon ein Erfolg):

FRST.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014
Ran by ***** (administrator) on *****-PC on 22-05-2014 22:22:15
Running from C:\Users\*****\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-04] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
HKU\S-1-5-21-3169450413-3546552983-2688890216-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42C5460E1251CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {43887385-E99F-4870-9046-F94DE7BBA597} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kqe0d6sa.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-06]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-04] (AVAST Software)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-22 22:22 - 2014-05-22 22:22 - 00005859 _____ () C:\Users\*****\Downloads\FRST.txt
2014-05-22 22:22 - 2014-05-22 22:22 - 00000000 ____D () C:\FRST
2014-05-22 22:21 - 2014-05-22 22:21 - 01056768 _____ (Farbar) C:\Users\*****\Downloads\FRST.exe
2014-05-22 22:18 - 2014-05-22 22:18 - 00000480 _____ () C:\Users\*****\Downloads\defogger_disable.log
2014-05-22 22:18 - 2014-05-22 22:18 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-05-22 22:16 - 2014-05-22 22:16 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe
2014-05-22 21:36 - 2014-05-22 21:36 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieUserList
2014-05-22 21:36 - 2014-05-22 21:36 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieSiteList
2014-05-22 14:03 - 2014-05-22 14:09 - 00000000 ____D () C:\AdwCleaner
2014-05-22 14:02 - 2014-05-22 14:02 - 01326389 _____ () C:\Users\*****\Downloads\adwcleaner_3.210.exe
2014-05-14 22:29 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:29 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:29 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 21:43 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 21:43 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 21:43 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 21:43 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 21:43 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 21:43 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 21:43 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 21:43 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 21:43 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 21:43 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 21:43 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 21:43 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 21:43 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 21:43 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 21:43 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 21:43 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 21:43 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 21:43 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 21:43 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 21:43 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 21:43 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 21:43 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 21:43 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 21:43 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 21:43 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 21:43 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 21:42 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-11 21:02 - 2014-05-11 21:02 - 00001003 _____ () C:\Users\*****\Downloads\MailShield.der
2014-05-09 23:17 - 2014-05-09 23:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-07 22:12 - 2014-05-07 22:12 - 00284318 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-05-07 22:11 - 2014-05-07 22:12 - 00292038 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-05-07 22:11 - 2014-05-07 22:11 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-05-07 18:44 - 2014-05-07 18:44 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Nero
2014-05-07 18:41 - 2014-05-07 18:41 - 00000000 ____D () C:\Users\*****\AppData\Local\Ahead
2014-05-07 18:41 - 2014-05-07 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
2014-05-07 18:41 - 2014-05-07 18:41 - 00000000 ____D () C:\Program Files\NeroInstall.bak
2014-05-07 18:39 - 2014-05-07 18:39 - 00001024 _____ () C:\Users\*****\.rnd
2014-05-07 18:38 - 2014-05-07 18:42 - 00000297 _____ () C:\Windows\system32\MsiExec.exe.log
2014-05-07 18:32 - 2014-05-07 18:38 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-05-07 18:32 - 2014-05-07 18:32 - 00000000 ____D () C:\ProgramData\Nero
2014-05-07 18:32 - 2014-05-07 18:32 - 00000000 ____D () C:\Program Files\Nero
2014-05-07 18:15 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-05-07 18:15 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-05-07 18:14 - 2014-05-07 18:15 - 00027367 _____ () C:\Windows\DirectX.log
2014-05-06 13:46 - 2014-05-15 14:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-04 22:20 - 2014-05-04 22:20 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-04 22:20 - 2014-05-04 22:20 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-04 20:18 - 2014-05-04 20:18 - 00002000 _____ () C:\Users\Public\Desktop\StarMoney 9.0.lnk
2014-05-04 20:18 - 2014-05-04 20:18 - 00000000 ____D () C:\ProgramData\StarMoney 9.0
2014-05-04 20:18 - 2014-05-04 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0
2014-05-04 20:12 - 2014-05-22 13:55 - 00000000 ____D () C:\Program Files\StarMoney 9.0
2014-05-04 19:50 - 2014-05-04 20:09 - 184705400 _____ () C:\Users\*****\Downloads\SM_9_retail.exe
2014-05-04 19:20 - 2014-05-04 19:20 - 00000000 ____D () C:\ProgramData\StarMoney 8.0
2014-05-04 19:20 - 2014-05-04 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 8.0 S-Edition
2014-05-04 19:18 - 2014-05-04 19:18 - 00000000 ____D () C:\Program Files\Business Objects
2014-05-04 19:17 - 2014-05-04 19:46 - 00000000 ____D () C:\Program Files\StarMoney 8.0 S-Edition
2014-05-04 19:17 - 2014-05-04 19:17 - 00000000 ____D () C:\Program Files\Common Files\StarFinanz
2014-04-30 16:02 - 2014-05-01 09:56 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-23 20:50 - 2014-04-23 20:50 - 00000000 ____D () C:\Program Files\Intel

==================== One Month Modified Files and Folders =======

2014-05-22 22:22 - 2014-05-22 22:22 - 00005859 _____ () C:\Users\*****\Downloads\FRST.txt
2014-05-22 22:22 - 2014-05-22 22:22 - 00000000 ____D () C:\FRST
2014-05-22 22:21 - 2014-05-22 22:21 - 01056768 _____ (Farbar) C:\Users\*****\Downloads\FRST.exe
2014-05-22 22:18 - 2014-05-22 22:18 - 00000480 _____ () C:\Users\*****\Downloads\defogger_disable.log
2014-05-22 22:18 - 2014-05-22 22:18 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-05-22 22:18 - 2014-04-05 22:58 - 00000000 ____D () C:\Users\*****
2014-05-22 22:16 - 2014-05-22 22:16 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe
2014-05-22 21:43 - 2014-04-06 14:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 21:42 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-22 21:42 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 21:38 - 2014-04-05 22:39 - 01157748 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 21:36 - 2014-05-22 21:36 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieUserList
2014-05-22 21:36 - 2014-05-22 21:36 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieSiteList
2014-05-22 21:35 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 21:34 - 2009-07-14 06:39 - 00041900 _____ () C:\Windows\setupact.log
2014-05-22 14:24 - 2010-11-20 23:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-22 14:10 - 2010-11-20 23:48 - 00055492 _____ () C:\Windows\PFRO.log
2014-05-22 14:09 - 2014-05-22 14:03 - 00000000 ____D () C:\AdwCleaner
2014-05-22 14:02 - 2014-05-22 14:02 - 01326389 _____ () C:\Users\*****\Downloads\adwcleaner_3.210.exe
2014-05-22 13:55 - 2014-05-04 20:12 - 00000000 ____D () C:\Program Files\StarMoney 9.0
2014-05-20 13:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 21:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 15:27 - 2014-04-06 10:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 15:01 - 2014-04-06 08:46 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 15:01 - 2014-04-06 08:45 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 15:01 - 2014-04-06 08:45 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 14:56 - 2014-05-06 13:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 14:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 22:41 - 2014-04-06 15:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:34 - 2014-04-06 15:19 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 20:45 - 2014-04-06 14:38 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-13 20:45 - 2014-04-06 14:38 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 13:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-11 21:08 - 2014-04-06 09:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-11 21:02 - 2014-05-11 21:02 - 00001003 _____ () C:\Users\*****\Downloads\MailShield.der
2014-05-09 23:17 - 2014-05-09 23:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 09:06 - 2014-05-14 21:43 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 21:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 22:12 - 2014-05-07 22:12 - 00284318 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-05-07 22:12 - 2014-05-07 22:11 - 00292038 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-05-07 22:11 - 2014-05-07 22:11 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-05-07 18:44 - 2014-05-07 18:44 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Nero
2014-05-07 18:42 - 2014-05-07 18:38 - 00000297 _____ () C:\Windows\system32\MsiExec.exe.log
2014-05-07 18:41 - 2014-05-07 18:41 - 00000000 ____D () C:\Users\*****\AppData\Local\Ahead
2014-05-07 18:41 - 2014-05-07 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
2014-05-07 18:41 - 2014-05-07 18:41 - 00000000 ____D () C:\Program Files\NeroInstall.bak
2014-05-07 18:39 - 2014-05-07 18:39 - 00001024 _____ () C:\Users\*****\.rnd
2014-05-07 18:38 - 2014-05-07 18:32 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-05-07 18:32 - 2014-05-07 18:32 - 00000000 ____D () C:\ProgramData\Nero
2014-05-07 18:32 - 2014-05-07 18:32 - 00000000 ____D () C:\Program Files\Nero
2014-05-07 18:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Cursors
2014-05-07 18:15 - 2014-05-07 18:14 - 00027367 _____ () C:\Windows\DirectX.log
2014-05-06 05:25 - 2014-05-14 22:29 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 22:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 23:07 - 2014-04-06 07:40 - 00068704 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 22:39 - 2009-07-14 06:33 - 00303000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-04 22:20 - 2014-05-04 22:20 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-04 22:20 - 2014-05-04 22:20 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-04 22:20 - 2014-04-06 08:46 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-04 22:20 - 2014-04-06 08:45 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400158865359
2014-05-04 22:20 - 2014-04-06 08:45 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400158865359
2014-05-04 22:20 - 2014-04-06 08:45 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-04 22:20 - 2014-04-06 08:45 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-04 22:20 - 2014-04-06 08:45 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-04 22:20 - 2014-04-06 08:45 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-04 20:18 - 2014-05-04 20:18 - 00002000 _____ () C:\Users\Public\Desktop\StarMoney 9.0.lnk
2014-05-04 20:18 - 2014-05-04 20:18 - 00000000 ____D () C:\ProgramData\StarMoney 9.0
2014-05-04 20:18 - 2014-05-04 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0
2014-05-04 20:16 - 2009-07-14 04:04 - 00017486 _____ () C:\Windows\system32\Drivers\etc\services
2014-05-04 20:11 - 2014-04-06 15:14 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-04 20:09 - 2014-05-04 19:50 - 184705400 _____ () C:\Users\*****\Downloads\SM_9_retail.exe
2014-05-04 19:46 - 2014-05-04 19:17 - 00000000 ____D () C:\Program Files\StarMoney 8.0 S-Edition
2014-05-04 19:20 - 2014-05-04 19:20 - 00000000 ____D () C:\ProgramData\StarMoney 8.0
2014-05-04 19:20 - 2014-05-04 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 8.0 S-Edition
2014-05-04 19:18 - 2014-05-04 19:18 - 00000000 ____D () C:\Program Files\Business Objects
2014-05-04 19:17 - 2014-05-04 19:17 - 00000000 ____D () C:\Program Files\Common Files\StarFinanz
2014-05-02 16:15 - 2014-04-06 17:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-05-01 09:56 - 2014-04-30 16:02 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-30 14:47 - 2014-04-06 10:21 - 00000000 ____D () C:\Users\*****\AppData\Local\Thunderbird
2014-04-23 20:50 - 2014-04-23 20:50 - 00000000 ____D () C:\Program Files\Intel

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\OEMCFG.dll
C:\Users\*****\AppData\Local\Temp\OEMDM.dll
C:\Users\*****\AppData\Local\Temp\OEMIMG.dll
C:\Users\*****\AppData\Local\Temp\OEMTW.dll
C:\Users\*****\AppData\Local\Temp\OEMUI.dll
C:\Users\*****\AppData\Local\Temp\ose00000.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\Ssdevm.dll
C:\Users\*****\AppData\Local\Temp\Ssusbpn.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 21:43] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-20 13:25

==================== End Of Log ============================


Additions.txt

[CODE]
Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-05-2014
Ran by ***** at 2014-05-22 22:22:38
Running from C:\Users\*****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{E64404F1-98DC-4CC8-A1A7-EF36E4E21031}) (Version: 8.3.99 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Samsung SCX-4200 Series (HKLM\...\Samsung SCX-4200 Series) (Version: - Samsung Electronics CO.,LTD)
StarMoney (Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 8.0 S-Edition (HKLM\...\{E811C2F3-E507-444E-BB97-DE42658E2809}) (Version: 8.0 - Star Finanz GmbH)
StarMoney 9.0 (HKLM\...\{F71EFEE2-252B-41A8-8427-39BD21DADB1E}) (Version: 9.0 - Star Finanz GmbH)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)

==================== Restore Points =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {167674F8-028C-416E-A2C3-93D42B414045} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {706F5870-8121-4910-99F1-E58AF59E978F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {909E2015-6D62-410E-A055-0C07519F23C1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A64AB5A8-8B48-4FAD-AB11-6E0DEB4AAC9A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-04] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-05-22 19:40 - 2014-05-22 19:40 - 02254848 _____ () C:\Program Files\AVAST Software\Avast\defs\14052200\algo.dll
2009-11-19 03:34 - 2009-11-19 03:34 - 00022723 _____ () C:\Windows\System32\suge1l3.dll
2014-05-04 19:31 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files\StarMoney 8.0 S-Edition\ouservice\PATCHW32.dll
2014-04-06 08:45 - 2014-04-06 08:45 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-04 20:19 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files\StarMoney 9.0\ouservice\PATCHW32.dll
2009-07-14 02:56 - 2009-07-14 03:16 - 00159232 _____ () C:\Windows\system32\SaMinDrv.dll
2014-05-09 23:17 - 2014-05-09 23:17 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-30 16:02 - 2014-04-30 16:02 - 03019888 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-04-30 16:02 - 2014-04-30 16:02 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-04-30 16:02 - 2014-04-30 16:02 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-05-13 20:45 - 2014-05-13 20:45 - 16361136 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2014 09:36:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2014 02:12:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2014 02:07:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2014 08:00:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2014 07:35:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2014 10:48:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2014 09:26:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2014 00:56:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 08:43:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 01:26:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/22/2014 05:17:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (05/22/2014 10:16:53 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/21/2014 04:59:05 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/14/2014 10:28:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/13/2014 09:25:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (05/13/2014 09:25:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/04/2014 07:11:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (04/28/2014 10:49:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.

Error: (04/28/2014 05:12:56 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (04/20/2014 04:03:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 3035.17 MB
Available physical RAM: 1798.17 MB
Total Pagefile: 6068.63 MB
Available Pagefile: 4783.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:112.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: BAB21F87)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Gmer.txt
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-22 22:45:33
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-22UST0 rev.01.01A01 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\BEIERL~1\AppData\Local\Temp\kwdiauoc.sys


---- System - GMER 2.1 ----

SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwAddBootEntry [0x8B4C6AA0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwAssignProcessToJobObject [0x8B4C757E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwCreateEvent [0x8B4D35C8]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwCreateEventPair [0x8B4D3614]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwCreateIoCompletion [0x8B4D37AE]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwCreateMutant [0x8B4D3536]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                 ZwCreateSection [0x8B57D6D2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwCreateSemaphore [0x8B4D357E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwCreateThread [0x8B4C7AB4]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwCreateThreadEx [0x8B4C7CD0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwCreateTimer [0x8B4D3768]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwDebugActiveProcess [0x8B4C836C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwDeleteBootEntry [0x8B4C6B06]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwDuplicateObject [0x8B4CBB40]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwLoadDriver [0x8B4C66F2]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                 ZwMapViewOfSection [0x8B57D7B2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwModifyBootEntry [0x8B4C6B6C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwNotifyChangeKey [0x8B4CBF36]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwNotifyChangeMultipleKeys [0x8B4C8E54]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwOpenEvent [0x8B4D35F2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwOpenEventPair [0x8B4D3636]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwOpenIoCompletion [0x8B4D37D2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwOpenMutant [0x8B4D355C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwOpenProcess [0x8B4CB43A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwOpenSection [0x8B4D36E6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwOpenSemaphore [0x8B4D35A6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwOpenThread [0x8B4CB822]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwOpenTimer [0x8B4D378C]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                 ZwProtectVirtualMemory [0x8B57D556]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwQueryObject [0x8B4C8CC8]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwQueueApcThreadEx [0x8B4C89D6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwSetBootEntryOrder [0x8B4C6BD2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwSetBootOptions [0x8B4C6C38]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                 ZwSetContextThread [0x8B57D8AE]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwSetSystemInformation [0x8B4C678C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwSetSystemPowerState [0x8B4C695E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwShutdownSystem [0x8B4C68EC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwSuspendProcess [0x8B4C8536]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwSuspendThread [0x8B4C8698]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwSystemDebugControl [0x8B4C69E6]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                 ZwTerminateProcess [0x8B57D624]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwTerminateThread [0x8B4C81C6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwVdmControl [0x8B4C6C9E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                ZwWriteVirtualMemory [0x8B4C75DA]

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                               82A8DA15 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                 82AC7212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                    82ACE460 4 Bytes  [A0, 6A, 4C, 8B]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                    82ACE4E8 4 Bytes  [7E, 75, 4C, 8B]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                    82ACE53C 8 Bytes  [C8, 35, 4D, 8B, 14, 36, 4D, ...]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                    82ACE548 4 Bytes  [AE, 37, 4D, 8B]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                    82ACE564 4 Bytes  [36, 35, 4D, 8B]
.text  ...                                                                                                    
PAGE   ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                            82C894EF 4 Bytes  CALL 8B4C9517 \SystemRoot\system32\drivers\aswSnx.sys
PAGE   ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                           82CA3357 4 Bytes  CALL 8B4C952D \SystemRoot\system32\drivers\aswSnx.sys

---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\csrss.exe[396] kernel32.dll!GetBinaryTypeW + 70                                    76546AAC 1 Byte  [62]
.text  C:\Windows\system32\csrss.exe[444] kernel32.dll!GetBinaryTypeW + 70                                    76546AAC 1 Byte  [62]
.text  C:\Windows\system32\wininit.exe[452] kernel32.dll!GetBinaryTypeW + 70                                  76546AAC 1 Byte  [62]
.text  C:\Windows\system32\winlogon.exe[500] kernel32.dll!GetBinaryTypeW + 70                                 76546AAC 1 Byte  [62]
.text  C:\Windows\system32\services.exe[548] kernel32.dll!GetBinaryTypeW + 70                                 76546AAC 1 Byte  [62]
.text  ...                                                                                                    
.text  C:\Program Files\AVAST Software\Avast\setup\instup.exe[1000] kernel32.dll!SetUnhandledExceptionFilter  7652F5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Program Files\AVAST Software\Avast\setup\instup.exe[1000] kernel32.dll!GetBinaryTypeW + 70          76546AAC 1 Byte  [62]
.text  C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 70                                 76546AAC 1 Byte  [62]
.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1332] kernel32.dll!SetUnhandledExceptionFilter      7652F5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1332] kernel32.dll!GetBinaryTypeW + 70              76546AAC 1 Byte  [62]
.text  C:\Windows\System32\igfxpers.exe[1348] kernel32.dll!GetBinaryTypeW + 70                                76546AAC 1 Byte  [62]
.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[1376] kernel32.dll!SetUnhandledExceptionFilter       7652F5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[1376] kernel32.dll!GetBinaryTypeW + 70               76546AAC 1 Byte  [62]
.text  C:\Windows\system32\IoctlSvc.exe[1452] kernel32.dll!GetBinaryTypeW + 70                                76546AAC 1 Byte  [62]
.text  C:\Windows\System32\spoolsv.exe[1484] kernel32.dll!GetBinaryTypeW + 70                                 76546AAC 1 Byte  [62]
.text  C:\Windows\system32\svchost.exe[1580] kernel32.dll!GetBinaryTypeW + 70                                 76546AAC 1 Byte  [62]
.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1760] kernel32.dll!GetBinaryTypeW + 70          76546AAC 1 Byte  [62]
.text  ...                                                                                                    

---- EOF - GMER 2.1 ----

Es wäre sehr nett, wenn mich jemand durchlotsen könnte.
Ist dieser Trojaner gefährlich?
Danke schon mal und schönen Abend noch.

 

Themen zu Windows 7 : Avast fand Win32:BProtect-D [Trj] - Löschung nicht möglich
association, starmoney, win32/bprotector.a, win32/toolbar.babylon.e, win32/toolbar.babylon.f, win32/toolbar.babylon.h, win32/toolbar.babylon.i, win32/toolbar.babylon.u, win32/toolbar.babylon.v, win32/toolbar.babylon.w, win32/toolbar.escort.a, win32/toolbar.montiera.a, win32/toolbar.montiera.b, win32/toolbar.montiera.f, win32/toolbar.montiera.i


« Windows Vista: TrojanDropper:'Win32/Lecpetex.B entdeckt und entfernt' bin ich nun sicher? | Tastaturbelegung plötzlich geändert »


Ähnliche Themen: Windows 7 : Avast fand Win32:BProtect-D [Trj] - Löschung nicht möglich


  1. DNS Unlocker nervt - Löschung nicht möglich!
    Plagegeister aller Art und deren Bekämpfung - 12.10.2015 (9)
  2. Selbstständige löschung von Daten/Programmen (mbam.exe etc.) und Programmausführung nicht mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 12.03.2015 (3)
  3. ZEOK.exe als Malware durch AVAST erkannt. Download nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 28.11.2014 (27)
  4. Trojaner an Board: Win32:BProtect-D [Trj] System:Win7
    Log-Analyse und Auswertung - 28.09.2014 (6)
  5. Windows 8: Win32:BProtect-J [Trj]
    Log-Analyse und Auswertung - 11.08.2014 (9)
  6. Windows 7: Avast meldete Infektion durch win32:bprotect-D
    Log-Analyse und Auswertung - 23.06.2014 (17)
  7. WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft
    Log-Analyse und Auswertung - 05.06.2014 (12)
  8. Windows 7: Win32:BProtect-D
    Plagegeister aller Art und deren Bekämpfung - 13.05.2014 (13)
  9. 2x Windows 7 - Kaspersky fand Trojaner - Programme laufen nicht richtig
    Mülltonne - 17.03.2014 (1)
  10. Windows 7: diverse Viren nach Avast Scan erkannt z.B. Win32:BProtect-D
    Log-Analyse und Auswertung - 24.01.2014 (12)
  11. Windows 7: Avast erkennt Win32:Evo-gen im Steam Ordner - Fehlalarm oder nicht?
    Log-Analyse und Auswertung - 13.01.2014 (7)
  12. Weisser Desktop "Webseite kann nicht angezeigt werden" Löschung auch ohne Admin-Rechte möglich?
    Log-Analyse und Auswertung - 16.09.2012 (8)
  13. Avast- kein Avast Internet Security-Programm Update möglich 29.02.2012
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (3)
  14. Avast meldet Suela 1042 in C:\hiberfil.sys - Reparieren nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (1)
  15. avast fand trojaner, bitte hijack log checken
    Log-Analyse und Auswertung - 23.04.2009 (0)
  16. Ich fand HotKeysHook jedoch kann es nicht alles sein, fand aber nichts mehr
    Mülltonne - 30.10.2007 (2)
  17. Frage zur Löschung / Nicht-Löschung von Prozessen (HiJack detected)
    Log-Analyse und Auswertung - 20.07.2007 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 : Avast fand Win32:BProtect-D [Trj] - Löschung nicht möglich - Guten Abend, ich bin ein wenig-wissender, reiner Alltag-user. Mein Avast fand gestern den Win32:BProtect-D [Trj]. Alle Avast-Lösungen (löschen, verschieben in Virencontainer) schlugen fehl, Avast fand die Bedrohung wieder bei der - Windows 7 : Avast fand Win32:BProtect-D [Trj] - Löschung nicht möglich...
Archiv
Du betrachtest: Windows 7 : Avast fand Win32:BProtect-D [Trj] - Löschung nicht möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19