Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.
Interpol Virus - Abgesicherter Modus startet immer wieder neu
Hallo,
der Vater meines Kumpels hat sich den "interpol virus" eingefangen und das System lässt sich nicht im Abgesicherten Modus starten. Es war möglich im "normal" modus Windows zu starten und ich habe über MSConfig versucht Windows im Abgesicherten Modus zu starten. Seit dem versucht der Laptop immer wieder so zu starten, egal was ich im "F8" Modus wähle!
Ich habe mit FRST64 eine Log erstellt:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by SYSTEM on MININT-C0AGSH9 on 18-11-2014 22:02:36
Running from F:\
Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2927888 2012-05-10] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [976032 2011-09-16] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-09-16] (Atheros Commnucations)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1110096 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Gottfried Scheller\...\Run: [Hoolapp Android] => "C:\Users\GOTTFR~1\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\Gottfried Scheller\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
Startup: C:\Users\Gottfried Scheller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\725AAD30.cpp ()
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8510936 2012-05-16] (DisplayLink Corp.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S2 Winmgmt; C:\ProgramData\03DAA527.dot [331776 2014-11-08] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-18 21:49 - 2014-11-18 22:02 - 00000000 ____D () C:\FRST
2014-11-18 20:39 - 2014-11-18 20:39 - 00000000 ____D () C:\Windows\pss
2014-11-08 16:48 - 2014-11-08 16:48 - 00331776 ____T () C:\ProgramData\03DAA527.dot
2014-11-08 16:48 - 2014-11-08 16:48 - 00189440 _____ () C:\ProgramData\725AAD30.cpp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-18 20:40 - 2012-12-14 16:05 - 01531886 _____ () C:\Windows\WindowsUpdate.log
2014-11-18 20:38 - 2012-12-22 17:38 - 00000000 ____D () C:\Users\Gottfried Scheller\AppData\Local\CrashDumps
2014-11-18 20:36 - 2012-12-16 16:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-18 20:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-18 20:35 - 2009-07-14 05:51 - 00146548 _____ () C:\Windows\setupact.log
2014-11-18 20:32 - 2012-12-15 06:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-18 20:32 - 2009-07-14 05:45 - 00026128 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-18 20:32 - 2009-07-14 05:45 - 00026128 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-18 20:19 - 2014-04-06 00:05 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf51238f4b8157.job
2014-11-18 20:06 - 2014-05-05 08:06 - 00000324 _____ () C:\Windows\Tasks\Hoolapp For Android.job
2014-11-18 19:48 - 2012-12-14 20:58 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A6C2380B-4C65-468E-90D6-7F1D4E11B237}
2014-11-17 10:14 - 2014-04-06 07:09 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf51238f4b8157
2014-11-17 10:14 - 2012-12-16 16:13 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 17:06 - 2014-02-13 09:06 - 00000116 _____ () C:\Users\Gottfried Scheller\AppData\Roaming\WB.CFG
2014-11-04 14:30 - 2012-12-14 21:12 - 00275080 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-10-30 08:00 - 2009-07-14 18:58 - 00699682 _____ () C:\Windows\System32\perfh007.dat
2014-10-30 08:00 - 2009-07-14 18:58 - 00149790 _____ () C:\Windows\System32\perfc007.dat
2014-10-30 08:00 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-10-29 15:14 - 2012-12-16 16:14 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 10:55 - 2012-12-16 18:06 - 00000000 ____D () C:\Users\Gottfried Scheller\AppData\Roaming\vlc
2014-10-28 10:52 - 2012-12-16 16:17 - 00000000 ____D () C:\Users\Gottfried Scheller\AppData\Roaming\Winamp
2014-10-19 20:10 - 2014-04-16 07:44 - 00000000 ____D () C:\Users\Gottfried Scheller\Documents\DVDVideoSoft
Some content of TEMP:
====================
C:\Users\Gottfried Scheller\AppData\Local\Temp\ICReinstall_VLC_Media_PlayerSetup.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2014-10-21 07:10:12
Restore point made on: 2014-10-24 13:19:52
Restore point made on: 2014-10-28 14:00:13
Restore point made on: 2014-11-04 21:00:43
Restore point made on: 2014-11-11 15:16:11
Restore point made on: 2014-11-18 20:08:59
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3947.86 MB
Available physical RAM: 3345.57 MB
Total Pagefile: 3946.01 MB
Available Pagefile: 3345 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:297.99 GB) (Free:172.31 GB) NTFS
Drive f: (LEXAR) (Removable) (Total:14.9 GB) (Free:14.9 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 367F2BC4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: D207DC49)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0B)
LastRegBack: 2014-11-06 11:10
==================== End Of Log ============================
Danke im Vorraus für eure Hilfe!!
Themen zu Interpol Virus - Abgesicherter Modus startet immer wieder neu
Zum Thema Interpol Virus - Abgesicherter Modus startet immer wieder neu - Hallo,
der Vater meines Kumpels hat sich den "interpol virus" eingefangen und das System lässt sich nicht im Abgesicherten Modus starten. Es war möglich im "normal" modus Windows zu starten - Interpol Virus - Abgesicherter Modus startet immer wieder neu...
18.11.2014, 23:05
Baum-Darstellung