| |
| |||||||
Log-Analyse und Auswertung: BMI, Polizei Virus, abgesicherter Modus fährt ohne Eingabemöglichkeit wieder runterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.01.2014, 15:23
| #1 |
| |  BMI, Polizei Virus, abgesicherter Modus fährt ohne Eingabemöglichkeit wieder runter Hallo, hab mir anscheinend den BMI/Polizei Virus eingefangen. FRST.txt hab ich schon erstellt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-01-2014 01
Ran by SYSTEM on MININT-9MHKOH0 on 26-01-2014 15:10:24
Running from G:\
Windows 7 Ultimate (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [149280 2009-10-11] (Sun Microsystems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1557160 2012-04-18] (Ask)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKU\Christine\...\Run: [AdobeBridge] - [x]
HKU\Christine\...\Run: [Akamai NetSession Interface] - C:\Users\Christine\AppData\Local\Akamai\netsession_win.exe [ 2013-06-05] (Akamai Technologies, Inc.)
HKU\Christine\...\Run: [NvCplDaemonTool] - rundll32.exe C:\Users\CHRIST~1\IFLOAD~1.DLL,_IWMPEvents
HKU\Christine\...\Run: [MediaGet2] - C:\Users\Christine\AppData\Local\MediaGet2\mediaget.exe --minimized
HKU\Christine\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2011-03-04] (Hewlett-Packard Company)
HKU\Christine\...\Run: [fm7ygs16] - C:\Users\Christine\AppData\Roaming\fm7ygs16.exe
HKU\Christine\...\Run: [Userinit] - C:\Users\Christine\AppData\Roaming\appconf32.exe
Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bgibhfr.lnk
ShortcutTarget: bgibhfr.lnk -> C:\ProgramData\rfhbigb.jss (Корпорация Майкрософт)
Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
ShortcutTarget: scandisk.lnk -> C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANFD~1.DLL (No File)
========================== Services (Whitelisted) =================
S2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG)
S2 Winmgmt; C:\ProgramData\rfhbigb.jss [208896 2013-12-08] (Корпорация Майкрософт)
==================== Drivers (Whitelisted) ====================
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-26 15:10 - 2014-01-26 15:10 - 00000000 ____D C:\FRST
2014-01-20 13:08 - 2014-01-20 13:08 - 00131072 ____N C:\Windows\Minidump\012014-12199-01.dmp
2014-01-20 13:06 - 2014-01-20 13:06 - 00131072 ____N C:\Windows\Minidump\012014-10857-01.dmp
2014-01-10 11:45 - 2014-01-10 11:44 - 00337423 _____ C:\Users\Christine\Desktop\gesund.jpeg
==================== One Month Modified Files and Folders =======
2014-01-26 15:10 - 2014-01-26 15:10 - 00000000 ____D C:\FRST
2014-01-26 14:47 - 2013-12-08 18:00 - 95025368 ____T C:\ProgramData\bgibhfr.fee
2014-01-26 14:47 - 2013-12-08 18:00 - 00000000 _____ C:\ProgramData\bgibhfr.odd
2014-01-26 14:47 - 2009-07-14 05:39 - 00150772 _____ C:\Windows\setupact.log
2014-01-26 14:46 - 2009-07-14 05:34 - 00014192 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 14:46 - 2009-07-14 05:34 - 00014192 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 14:43 - 2011-02-23 08:35 - 00000000 ____D C:\Program Files\Common Files\Akamai
2014-01-26 14:24 - 2009-12-09 16:26 - 02052551 _____ C:\Windows\WindowsUpdate.log
2014-01-20 13:08 - 2014-01-20 13:08 - 00131072 ____N C:\Windows\Minidump\012014-12199-01.dmp
2014-01-20 13:08 - 2010-03-12 05:35 - 00000000 ____D C:\Windows\Minidump
2014-01-20 13:06 - 2014-01-20 13:06 - 00131072 ____N C:\Windows\Minidump\012014-10857-01.dmp
2014-01-10 11:44 - 2014-01-10 11:45 - 00337423 _____ C:\Users\Christine\Desktop\gesund.jpeg
2014-01-02 21:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\NDF
Files to move or delete:
====================
C:\ProgramData\0tbpw.pad
C:\ProgramData\bgibhfr.fee
C:\ProgramData\bgibhfr.odd
C:\ProgramData\bgibhfr.reg
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\rfhbigb.jss
Some content of TEMP:
====================
C:\Users\Christine\AppData\Local\Temp\0.6011719902502592.exe
C:\Users\Christine\AppData\Local\Temp\AskSLib.dll
C:\Users\Christine\AppData\Local\Temp\Burn4Free.exe
C:\Users\Christine\AppData\Local\Temp\DSETUP.dll
C:\Users\Christine\AppData\Local\Temp\dsetup32.dll
C:\Users\Christine\AppData\Local\Temp\DXSETUP.exe
C:\Users\Christine\AppData\Local\Temp\InstallAX.exe
C:\Users\Christine\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Christine\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Christine\AppData\Local\Temp\kyagb.dll
C:\Users\Christine\AppData\Local\Temp\mediaget-uninstaller.exe
C:\Users\Christine\AppData\Local\Temp\somoto_chrome.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-11-14 12:03:51
Restore point made on: 2013-11-22 17:51:23
Restore point made on: 2013-12-06 17:24:05
Restore point made on: 2013-12-16 12:01:54
Restore point made on: 2013-12-25 08:45:11
Restore point made on: 2014-01-02 20:13:36
Restore point made on: 2014-01-10 14:40:08
Restore point made on: 2014-01-26 10:37:42
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 3836.87 MB
Available physical RAM: 3342.02 MB
Total Pagefile: 3835.14 MB
Available Pagefile: 3344.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.39 MB
==================== Drives ================================
Drive c: (Windows 7) (Fixed) (Total:102.68 GB) (Free:65.42 GB) NTFS
Drive e: (DATEN) (Fixed) (Total:195.31 GB) (Free:194.9 GB) NTFS
Drive g: (KINGSTON) (Removable) (Total:1.86 GB) (Free:1.82 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7A3CFDCA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=103 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
LastRegBack: 2014-01-26 10:30
==================== End Of Log ============================
Bitte um euere Hilfe, mfg Andi |
| Themen zu BMI, Polizei Virus, abgesicherter Modus fährt ohne Eingabemöglichkeit wieder runter |
| .dll, akamai, appdata, association, blockiert, check, desktop, dll, download, explorer, explorer.exe, icon, link, microsoft, minidump, registry, rundll, rundll32.exe, scan, services.exe, svchost.exe, system, system32, temp, userinit, virus, winlogon.exe |
Baum-Darstellung