| |
| |||||||
Log-Analyse und Auswertung: .LPD BM.I VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.08.2013, 12:11
| #1 |
| |  .LPD BM.I Virus Hallo zusammen Ich habe mir auf dem Notebook den .LPD BM.I Virus eingefangen. Bei der Lösungssuche bin ich auf euer Forum gestoßen. Den Scan mit FRST64.exe habe ich bereits durchgeführt. Das Logfile ist wie folgt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-08-2013
Ran by SYSTEM on 19-08-2013 12:20:45
Running from I:\
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16334368 2009-07-23] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1234216 2008-03-28] (Synaptics, Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-06] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Health Check Scheduler] - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [QPService] - C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2008-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe [144784 2008-06-10] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [hpWirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [202256 2010-10-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DATAMNGR] - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE [1114040 2011-02-08] (MusicLab, LLC)
HKLM-x32\...\Run: [Olympus ib] - C:\Program Files (x86)\Olympus\ib\olycamdetect.exe [93880 2011-08-18] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe [220336 2010-07-01] (CyberLink Corp.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4282728 2012-08-21] (AVAST Software)
HKU\Angie\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Angie\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-26] (Google Inc.)
HKU\Angie\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17709160 2013-02-07] (Skype Technologies S.A.)
HKU\Angie\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll [1057712 2011-02-08] (MusicLab, LLC)
AppInit_DLLs-x32: c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll [1057712 2011-02-08] ()
Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\Angie\AppData\Local\Temp\b34btbztdb0vavaw.exe (Sun Microsystems, Inc.)
Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)
==================== Services (Whitelisted) =================
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [218624 2012-10-22] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
S2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [312784 2009-10-12] ()
S2 Browser Manager; C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [x]
==================== Drivers (Whitelisted) ====================
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2012-10-22] (Huawei Technologies Co., Ltd.)
S3 ALSysIO; \??\C:\Users\Angie\AppData\Local\Temp\ALSysIO64.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-07 19:54 - 2013-08-07 19:54 - 00000000 ____D C:\Windows\System32\MRT
2013-07-25 12:25 - 2013-07-25 12:25 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-25 12:25 - 2013-07-25 12:25 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
==================== One Month Modified Files and Folders =======
2013-08-19 12:19 - 2013-08-19 12:19 - 00000000 ____D C:\FRST
2013-08-19 10:12 - 2013-03-02 20:57 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Skype
2013-08-19 10:12 - 2010-10-26 13:10 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-19 10:12 - 2010-10-12 20:30 - 00000254 _____ C:\ProgramData\hpqp.ini
2013-08-19 10:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-19 10:11 - 2009-07-14 05:51 - 00187101 _____ C:\Windows\setupact.log
2013-08-07 19:59 - 2013-08-07 19:54 - 00000000 ____D C:\Windows\System32\MRT
2013-08-07 19:59 - 2010-10-11 23:59 - 01262095 _____ C:\Windows\WindowsUpdate.log
2013-08-07 19:57 - 2009-07-14 05:45 - 00014848 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-07 19:57 - 2009-07-14 05:45 - 00014848 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-07 19:54 - 2010-10-16 20:10 - 00003660 _____ C:\Windows\System32\Tasks\HP Health Check
2013-08-07 19:53 - 2012-05-03 08:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-07 19:52 - 2010-10-26 13:10 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-07 19:49 - 2010-10-12 06:43 - 00000000 ____D C:\users\Angie
2013-08-07 19:48 - 2010-10-12 20:30 - 00000000 ____D C:\Users\Angie\AppData\Local\QuickPlay
2013-08-07 19:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-08-07 19:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-07 19:47 - 2012-10-22 18:31 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2013-07-25 12:25 - 2013-07-25 12:25 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-25 12:25 - 2013-07-25 12:25 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-07-25 07:17 - 2010-10-12 18:43 - 00105194 _____ C:\Windows\PFRO.log
2013-07-24 21:43 - 2013-05-12 06:00 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-07-24 21:43 - 2013-05-12 05:59 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-07-24 20:47 - 2010-10-26 13:10 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-24 20:47 - 2010-10-26 13:10 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Files to move or delete:
====================
c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-06-28 23:00:13
Restore point made on: 2013-07-06 23:00:09
Restore point made on: 2013-07-10 12:30:13
Restore point made on: 2013-07-11 02:00:30
Restore point made on: 2013-07-17 08:58:26
Restore point made on: 2013-07-17 08:59:08
Restore point made on: 2013-07-24 20:41:26
Restore point made on: 2013-07-24 21:44:07
Restore point made on: 2013-07-24 21:45:27
Restore point made on: 2013-07-29 14:05:47
Restore point made on: 2013-08-01 08:53:27
Restore point made on: 2013-08-07 19:54:22
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 3838.43 MB
Available physical RAM: 3220.24 MB
Total Pagefile: 3836.57 MB
Available Pagefile: 3208.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.39 GB) (Free:96.7 GB) NTFS
Drive d: (Daten) (Fixed) (Total:141.08 GB) (Free:39.03 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:10.53 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (CROSSFIRE) (Removable) (Total:1.91 GB) (Free:1.86 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 627525ED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 6E652072)
No partition Table on disk 2.
LastRegBack: 2013-07-23 07:51
==================== End Of Log ============================
Besten Dank im Voraus für Eure Hilfe. angora500 |
|
19.08.2013, 12:46
| #2 |
| /// the machine /// TB-Ausbilder    | .LPD BM.I Virus Hi,
__________________bootet der Rechner nicht mehr normal?
__________________ |
|
| Themen zu .LPD BM.I Virus |
| adobe, adobe flash player, antivirus, association, avast, browser, explorer, explorer.exe, farbar, farbar recovery scan tool, flash player, forum, google, ics, launch, logfile, microsoft, notebook, nvidia, olympus, registry, scan, services.exe, software, svchost.exe, system, system32, temp, virus, winlogon.exe |
Linear-Darstellung
