|
Log-Analyse und Auswertung: Interpol blockiert Desktop, kein abgesicherter Modus möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.10.2014, 13:21 | #1 |
| Interpol blockiert Desktop, kein abgesicherter Modus möglich Hallo Wenn ich meinen Laptop aufgestartet habe und ich eingeloggt bin erscheint ein Interpol Vollbildfenster, aus dem ich nicht heraus komme. Im abgesicherten Modus kann ich ebenfalls nicht starten. Ich habe nach der Anleitung hier das frst64.exe ausgeführt und den Code hier gepostet. Vielen Dank für eure Hilfe! Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-10-2014 Ran by SYSTEM on MININT-UCT0UOK on 26-10-2014 12:31:08 Running from G:\ Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-04-30] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-04-30] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-05-01] (Synaptics Incorporated) HKLM\...\Run: [] => [X] HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-05-02] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-05-01] (Intel Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\Cajari\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\Cajari\...\Run: [AdobeBridge] => [X] HKU\Cajari\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation) Startup: C:\Users\Cajari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Cajari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Cajari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk ShortcutTarget: program.lnk -> C:\ProgramData\3F13A079.cpp (Newera) BootExecute: autocheck autochk * sdnclean64.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-03-04] (CyberLink Corp.) S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-03-04] (CyberLink) S2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-03-04] (CyberLink) S2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [300360 2012-02-20] (AuthenTec, Inc) S2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG) S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] () S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation) S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S2 Winmgmt; C:\ProgramData\970A31F3.dot [332288 2014-10-25] () S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [67072 2009-07-14] (Microsoft Corporation) S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-22] (DT Soft Ltd) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) S2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2013-03-04] (CyberLink Corp.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-26 12:31 - 2014-10-26 12:31 - 00000000 ____D () C:\FRST 2014-10-26 12:16 - 2014-10-26 12:16 - 00003480 ____N () C:\bootsqm.dat 2014-10-26 12:16 - 2014-10-26 12:16 - 00000000 __SHD () C:\found.000 2014-10-25 11:13 - 2014-10-25 11:13 - 00000000 ____D () C:\Users\Cajari\AppData\Roaming\Oracle 2014-10-25 11:13 - 2014-10-25 11:12 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-25 11:13 - 2014-10-25 11:12 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-25 11:13 - 2014-10-25 11:12 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-25 11:13 - 2014-10-25 11:12 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-25 11:12 - 2014-10-25 11:12 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-25 10:48 - 2014-10-25 10:48 - 00332288 ____T () C:\ProgramData\970A31F3.dot 2014-10-25 10:48 - 2014-10-25 10:48 - 00190464 _____ (Newera) C:\ProgramData\3F13A079.cpp 2014-10-17 23:50 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2014-10-17 23:50 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-17 23:50 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-10-17 23:50 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-10-17 23:50 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-17 23:50 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-17 23:50 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-17 23:50 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-17 23:50 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-17 23:50 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-10-17 23:50 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-10-17 23:50 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-10-17 23:50 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-10-17 23:50 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-17 23:50 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-10-17 23:50 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2014-10-17 23:50 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-10-17 23:50 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-10-17 23:50 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll 2014-10-17 23:50 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\System3 |
26.10.2014, 14:14 | #2 |
/// the machine /// TB-Ausbilder | Interpol blockiert Desktop, kein abgesicherter Modus möglich hi,
__________________Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\Cajari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk ShortcutTarget: program.lnk -> C:\ProgramData\3F13A079.cpp (Newera) S2 Winmgmt; C:\ProgramData\970A31F3.dot [332288 2014-10-25] () C:\ProgramData\970A31F3.dot C:\ProgramData\3F13A079.cpp
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ |
26.10.2014, 14:58 | #3 |
| Interpol blockiert Desktop, kein abgesicherter Modus möglich Danke für die schnelle Bearbeitung.
__________________Habe das Fixlog angehängt. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-10-2014 Ran by SYSTEM at 2014-10-26 14:55:24 Run:1 Running from G:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** Startup: C:\Users\Cajari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk ShortcutTarget: program.lnk -> C:\ProgramData\3F13A079.cpp (Newera) S2 Winmgmt; C:\ProgramData\970A31F3.dot [332288 2014-10-25] () C:\ProgramData\970A31F3.dot C:\ProgramData\3F13A079.cpp ***************** C:\Users\Cajari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk => Moved successfully. C:\ProgramData\3F13A079.cpp => Moved successfully. Winmgmt => Service restored successfully. C:\ProgramData\970A31F3.dot => Moved successfully. "C:\ProgramData\3F13A079.cpp" => File/Directory not found. ==== End of Fixlog ==== |
27.10.2014, 09:42 | #4 |
/// the machine /// TB-Ausbilder | Interpol blockiert Desktop, kein abgesicherter Modus möglich Bootet der Rechner normal? Wenn ja: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Interpol blockiert Desktop, kein abgesicherter Modus möglich |
acrobat, audio, blockiert, clean, desktop, dll, explorer, file, home, ics, laptop, microsoft, monitor, nvbackend, nvidia, officejet, realtek, registry, rundll, rundll32.exe, scan, security, server, system, system32, usb, windows |