| |
| |||||||
Log-Analyse und Auswertung: TR/Rootkit.gen lässt sich nicht löschenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.07.2014, 17:38
| #31 |
 |  TR/Rootkit.gen lässt sich nicht löschen Ich kann dir die Daten nicht senden, das # funktioniert nicht ??? Irgendwas scheint imHintergrund zu laufen, der Lüfter läuft die ganze Zeit, das macht er sonst nicht ??? Log Opened: 2014-07-01 @ 18:06:25 18:06:25 - ----------------- 18:06:25 - | Begin Logging | 18:06:25 - ----------------- 18:06:25 - Fix started on a WIN_XP X86 computer 18:06:25 - Prep in progress. Please Wait. 18:06:30 - Prep complete 18:06:30 - Repairing Services Now. Please wait... Der Vorgang wurde erfolgreich ausgeführt. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\XP\BITS.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Enum> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS> SetACL finished successfully. Der Vorgang wurde erfolgreich ausgeführt. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\XP\SharedAccess.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Enum> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Setup> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess> SetACL finished successfully. Der Vorgang wurde erfolgreich ausgeführt. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\XP\wscsvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Enum> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc> SetACL finished successfully. Der Vorgang wurde erfolgreich ausgeführt. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\XP\wuauserv.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Enum> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv> SetACL finished successfully. 18:06:35 - Services Repair Complete. 18:06:43 - Reboot Initiated Ich kann Fabar nicht runterladen: Error: JavaScript must be enabled. Hab jetzt FireFox, sperrt, das ADon nicht Java? Habe keine Abfrage bekommen ok habs jetzt Code:
ATTFilter Farbar Service Scanner Version: 10-06-2014
Ran by Admin (administrator) on 01-07-2014 at 18:37:34
Running from "C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
Extra List:
=======
aswTdi(10) Gpc(4) IPSec(6) irda(3) NetBT(7) odysseyIM4(9) PSched(8) Tcpip(5)
0x0A0000000600000001000000020000000300000004000000050000000A000000070000000800000009000000
IpSec Tag value is correct.
**** End of log ****
|
| Themen zu TR/Rootkit.gen lässt sich nicht löschen |
| backdoor.agent.hpe, pup.optional.ciuvo.a, pup.optional.softonic.a, pup.optional.superfish.a, tr/rootkit.gen, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.d, win32/toolbar.escort.a, win32/toolbar.montiera.a, win32/toolbar.montiera.f |
Baum-Darstellung