Computerhilfen.de Logo
Forum
Tipps
News
Frage stellen

rootkit / malware

hi!

haben uns einen rootkit/eine malware eingefangen. ich habe nun combofix drüber (laptop mit windows vista) laufen lassen und folgendes logfile erhalten:

ComboFix 10-01-31.03 - ** 01.02.2010   1:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.2262.1146 [GMT 1:00]
ausgeführt von:: c:\users\**\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((   Weitere Löschungen   ))))))))
.

c:\$recycle.bin\S-1-5-21-3944807440-617363338-1690234031-500
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\recycler\S-1-5-21-9960586864-0216445936-271895292-4765
c:\users\**\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\xp-AntiSpy.lnk
c:\users\**\Documents\cc_20091231_013300.reg
c:\windows\logfile32.txt
c:\windows\system32\drivers\FSC__PI__AMILO Notebook Xa 3530  __FUJITSU SIEMENS_X17  __Ver 1.00PARTTBLO_FSC - 6040000_V2.04   __ATI Radeon HD 3200 Graphics .MRK

(((((((   Dateien erstellt von 2010-01-01 bis 2010-02-01  )))))))))).

2010-02-01 00:48 . 2010-02-01 00:49   --------   d-----w-   c:\users\*\AppData\Local\temp
2010-02-01 00:48 . 2010-02-01 00:48   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-01-31 23:34 . 2009-06-30 08:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2010-01-31 23:32 . 2010-01-31 23:32   --------   d-----w-   c:\program files\Panda Security
2010-01-31 19:31 . 2010-01-31 19:31   --------   d-----w-   c:\programdata\clp
2010-01-31 19:26 . 2010-01-31 19:26   --------   d-----w-   c:\users\*\AppData\Roaming\Common Toolkit Suite
2010-01-31 19:25 . 2010-01-27 11:03   2974288   -c--a-w-   c:\programdata\{C6F7446C-1BD2-4E50-9F6B-44747FECDCDF}\SPYWAREfighter.exe
2010-01-31 19:24 . 2010-01-31 19:25   --------   d-----w-   c:\programdata\Common Toolkit Suite
2010-01-31 19:24 . 2010-02-01 00:33   --------   d-----w-   c:\program files\Common Files\Common Toolkit Suite
2010-01-31 19:01 . 2009-11-10 09:28   149456   ----a-w-   c:\windows\SGDetectionTool.dll
2010-01-31 19:01 . 2009-11-10 09:26   767952   ----a-w-   c:\windows\BDTSupport.dll
2010-01-31 19:01 . 2008-11-26 11:08   131   ----a-w-   c:\windows\IDB.zip
2010-01-31 19:01 . 2009-11-10 09:28   165840   ----a-w-   c:\windows\PCTBDRes.dll
2010-01-31 19:01 . 2009-11-10 09:28   1640400   ----a-w-   c:\windows\PCTBDCore.dll
2010-01-31 19:01 . 2009-10-28 00:36   1152444   ----a-w-   c:\windows\UDB.zip
2010-01-31 18:58 . 2009-10-30 10:11   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-01-31 18:58 . 2009-10-30 10:09   98600   ----a-w-   c:\windows\system32\drivers\pctwfpfilter.sys
2010-01-31 18:58 . 2009-11-09 10:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-01-31 18:58 . 2009-10-06 15:31   87784   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-31 18:58 . 2009-09-03 08:45   70408   ----a-w-   c:\windows\system32\drivers\pctplsg.sys
2010-01-31 18:58 . 2010-02-01 00:40   --------   d-----w-   c:\program files\Spyware Doctor
2010-01-31 18:58 . 2010-01-31 19:01   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-01-31 18:58 . 2010-01-31 18:58   --------   d-----w-   c:\users\*\AppData\Roaming\PC Tools
2010-01-31 18:58 . 2010-01-31 18:58   --------   d-----w-   c:\programdata\PC Tools
2010-01-31 18:25 . 2010-01-31 18:42   --------   d-----w-   c:\users\*\Pavark
2010-01-31 17:01 . 2010-01-31 18:25   680   ----a-w-   c:\users\*\AppData\Local\d3d9caps.dat
2010-01-31 14:26 . 2010-01-31 14:26   206343   ----a-w-   C:\xctmnvui.exe
2010-01-31 14:26 . 2010-01-31 16:51   23552   ----a-w-   C:\plpw.exe
2010-01-31 14:26 . 2010-01-31 14:26   23552   ----a-w-   C:\plpw .exe
2010-01-31 12:19 . 2010-01-31 12:19   --------   d-----w-   c:\users\*\AppData\Roaming\AVS4YOU
2010-01-31 12:19 . 2010-01-31 12:19   --------   d-----w-   c:\programdata\AVS4YOU
2010-01-31 12:17 . 2010-01-31 17:29   --------   d-----w-   c:\program files\Common Files\AVSMedia
2010-01-31 12:16 . 2008-08-13 09:22   974848   ----a-w-   c:\windows\system32\mfc70.dll
2010-01-31 12:16 . 2008-08-13 09:22   487424   ----a-w-   c:\windows\system32\msvcp70.dll
2010-01-31 12:16 . 2008-08-13 09:22   344064   ----a-w-   c:\windows\system32\msvcr70.dll
2010-01-31 12:16 . 2010-01-31 17:29   --------   d-----w-   c:\program files\AVS4YOU
2010-01-27 10:54 . 2010-01-27 10:54   10264   ----a-w-   c:\windows\system32\drivers\avfsfilter.sys
2010-01-21 18:57 . 2009-12-16 11:44   834048   ----a-w-   c:\windows\system32\wininet.dll
2010-01-21 18:57 . 2009-12-18 13:01   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-01-13 09:26 . 2009-10-19 13:38   156672   ----a-w-   c:\windows\system32\t2embed.dll
2010-01-13 09:26 . 2009-10-19 13:35   72704   ----a-w-   c:\windows\system32\fontsub.dll
2010-01-09 23:10 . 2010-01-09 23:10   315392   ----a-w-   c:\windows\HideWin.exe
2010-01-09 23:10 . 2008-03-05 17:07   520192   ----a-w-   c:\windows\RtlExUpd.dll
2010-01-09 18:27 . 2010-01-10 14:08   --------   d-----w-   c:\windows\system32\oodag
2010-01-09 18:13 . 2010-01-09 18:13   --------   d-----w-   c:\users\*\AppData\Local\O&O
2010-01-09 18:12 . 2010-01-09 18:12   --------   d-----w-   c:\program files\OO Software
2010-01-08 16:26 . 2010-01-08 16:26   --------   d-----w-   c:\users\*\AppData\Local\Microsoft Corporation

(((((   Find3M Bericht   ))))

2010-02-01 00:02 . 2009-05-31 11:39   --------   d-----w-   c:\programdata\Kaspersky Lab
2010-01-31 23:21 . 2008-01-21 07:15   618442   ----a-w-   c:\windows\system32\perfh007.dat
2010-01-31 23:21 . 2008-01-21 07:15   122842   ----a-w-   c:\windows\system32\perfc007.dat
2010-01-31 21:41 . 2009-08-21 16:22   --------   d-----w-   c:\users\Maki\AppData\Roaming\uTorrent
2010-01-31 21:41 . 2009-12-31 01:11   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2010-01-31 21:41 . 2009-11-23 13:40   --------   d-----w-   c:\program files\pdf24
2010-01-31 21:41 . 2009-11-19 22:16   --------   d-----w-   c:\programdata\CanonIJ
2010-01-31 20:38 . 2008-08-21 18:19   173576   ----a-w-   c:\windows\system32\drivers\ahcix86s.sys
2010-01-31 20:37 . 2009-05-31 11:39   7668   --sha-w-   c:\windows\system32\drivers\fidbox2.idx
2010-01-31 20:37 . 2009-05-31 11:39   5981728   --sha-w-   c:\windows\system32\drivers\fidbox.dat
2010-01-31 20:37 . 2009-05-31 11:39   54100   --sha-w-   c:\windows\system32\drivers\fidbox.idx
2010-01-31 20:37 . 2009-05-31 11:39   1007648   --sha-w-   c:\windows\system32\drivers\fidbox2.dat
2010-01-31 20:37 . 2008-08-21 08:25   12   ----a-w-   c:\windows\bthservsdp.dat
2010-01-31 19:25 . 2010-01-31 19:19   --------   dc-h--w-   c:\programdata\{C6F7446C-1BD2-4E50-9F6B-44747FECDCDF}
2010-01-26 16:29 . 2009-11-19 22:11   --------   d-----w-   c:\programdata\CanonIJPLM
2010-01-23 10:09 . 2008-08-21 09:13   --------   d-----w-   c:\program files\Common Files\Adobe
2010-01-22 06:59 . 2009-06-02 17:49   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-01-16 00:42 . 2009-07-13 21:15   --------   d-----w-   c:\users\Maki\AppData\Roaming\Skype
2010-01-14 10:12 . 2009-10-02 21:11   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-14 02:05 . 2008-08-21 09:21   --------   d-----w-   c:\programdata\Microsoft Help
2010-01-09 23:35 . 2010-01-09 23:11   319456   ----a-w-   c:\windows\DIFxAPI.dll
2010-01-09 23:35 . 2010-01-09 23:35   --------   d-----w-   c:\program files\Realtek
2010-01-09 23:35 . 2008-08-21 09:09   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-01-09 23:21 . 2009-07-15 20:45   --------   d-----w-   c:\users\Maki\AppData\Roaming\skypePM
2009-12-31 09:59 . 2009-12-31 01:11   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-12-31 08:54 . 2009-05-31 10:07   --------   d-----w-   c:\program files\Google
2009-12-31 00:42 . 2009-10-23 07:58   --------   d-----w-   c:\program files\Fighters
2009-12-31 00:20 . 2009-12-31 00:20   --------   d-----w-   c:\program files\CCleaner
2009-12-31 00:12 . 2009-12-31 00:12   --------   d-----w-   c:\program files\xp-AntiSpy
2009-12-21 09:07 . 2009-11-19 22:10   --------   d-----w-   c:\users\Maki\AppData\Roaming\ArcSoft
2009-12-21 09:05 . 2009-12-21 09:05   520   ----a-w-   c:\users\Maki\AppData\Local\TempPSTEMPFILEon080901.tmp
2009-12-21 09:04 . 2009-11-19 22:10   --------   d-----w-   c:\programdata\ArcSoft
2009-12-21 09:03 . 2009-12-21 09:03   484976   ----a-w-   c:\programdata\Google\Google Toolbar\Update\gtb78E2.tmp.exe
2009-12-20 21:21 . 2009-12-20 21:21   --------   d-----w-   c:\programdata\MumboJumbo
2009-12-20 21:18 . 2009-12-18 10:27   --------   d-----w-   c:\program files\Ascentive
2009-12-20 21:14 . 2009-12-20 21:12   --------   d-----w-   c:\program files\Luxor 3
2009-12-19 22:30 . 2009-11-22 21:22   --------   d-----w-   c:\users\Maki\AppData\Roaming\3DataManager
2009-12-16 00:23 . 2009-12-16 00:23   10   ----a-w-   c:\windows\popcinfo.dat
2009-12-16 00:16 . 2009-12-16 00:16   --------   d-----w-   c:\program files\OXXOGames
2009-11-23 21:15 . 2009-11-23 21:15   471664   ----a-w-   c:\programdata\Google\Google Toolbar\Update\gtb3020.tmp.exe
2009-11-22 21:15 . 2009-11-22 21:15   103040   ----a-w-   c:\windows\system32\drivers\ewusbfake.sys
2009-11-09 12:31 . 2009-12-10 01:18   24064   ----a-w-   c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 01:18   30720   ----a-w-   c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 01:18   411648   ----a-w-   c:\windows\system32\drivers\http.sys
2009-05-13 21:55 . 2009-05-13 21:55   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-07-02 13:15 . 2009-07-02 13:15   8   --sh--r-   c:\windows\System32\CE6DA026DE.sys
2009-07-02 13:15 . 2009-07-02 13:15   4704   --sha-w-   c:\windows\System32\KGyGaAvL.sys
.

<pre>
c:\program files\Adobe\acrotray .exe
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Canon\SolutionMenu\cnslmain .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\acdaemon .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\OO Software\Defrag\oodtray .exe
c:\program files\pdf24\pdfbackend .exe
c:\windows\WindowsMobile\wmdc .exe
</pre>



Antworten zu rootkit / malware:

(((((   Autostartpunkte der Registrierung   )))))
 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"SWPROguard"="c:\program files\Fighters\SPYWAREfighter\SWPROTray.exe" [2010-01-27 586376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [N/A]
"fsc-reg"="c:\fsc-reg\fscreg.exe" [2008-08-01 380688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-07-16 18:02   1833504   ----a-w-   c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2007-08-02 19:08   95504   ----a-w-   c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-08-21 16:30   304432   ----a-w-   c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31   85160   ----a-w-   c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):11,8f,14,5b,fc,19,ca,01

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29.01.2008 16:29 33808]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [01.02.2010 00:34 28552]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [31.01.2010 19:58 207792]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09.07.2008 16:28 20496]
R2 AV Engine Scanning Service;AV Engine Scanning Service;c:\program files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe [27.01.2010 11:54 694848]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [31.01.2010 20:01 112592]
R2 Common Toolkit Service;Common Toolkit Service;c:\program files\Common Files\Common Toolkit Suite\FighterSuiteService.exe [27.01.2010 12:02 684680]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [31.01.2010 19:58 359624]
R2 WTGService;WTGService;c:\program files\3DataManager\WTGService.exe [22.11.2009 22:15 296400]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [21.08.2008 10:08 84240]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13.03.2008 17:02 26640]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [21.08.2008 10:09 43008]
S2 AMDRAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [29.09.2003 08:00 110592]
S2 gupdate1ca38ac637c6eb0;Google Update Service (gupdate1ca38ac637c6eb0);c:\program files\Google\Update\GoogleUpdate.exe [18.09.2009 23:07 133104]
S3 AVFSFilter;AVFSFilter;c:\windows\System32\drivers\avfsfilter.sys [27.01.2010 11:54 10264]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10.11.2009 01:45 54632]
S3 fsssvc;Windows Live Family Safety-Dienst;c:\program files\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [31.05.2009 11:08 29744]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\System32\drivers\ewusbfake.sys [22.11.2009 22:15 103040]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [21.08.2008 10:10 118784]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - BMLoad
*Deregistered* - mffhpov
*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 22:06]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 22:06]

--- Zusätzlicher Suchlauf ----

uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZNfox000&ptb=_D7u66xJjF15fmiaTGZl.w
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\blnwfwes.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - google.at
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=_D7u66xJjF15fmiaTGZl.w&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 01:48
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

c:\windows\TEMP\cch~a29057f4f.htp 8192 bytes

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

********

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4AC6.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mffhpov]

----- Gesperrte Registrierungsschluessel ----

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-02-01  01:56:17
ComboFix-quarantined-files.txt  2010-02-01 00:56

Vor Suchlauf: 20 Verzeichnis(se), 49.356.079.104 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 50.140.639.232 Bytes frei

- - End Of File - - FB772CA44C3B8B79CF74D61587A37360


die anderen spyware bzw. antivirenprogramme haben alle diesen rootkit mit dem titel tdss gefunden, konnten ihn aber nicht entfernen...was muss ich jetzt noch tun bzw. beachten?

vielen dank für die hilfe im voraus!

lg karin

bin jetzt auch registriert und hab diese antwort geschrieben um eine benachrichtigung zu erhalten  ;)

Hat dir diese Antwort geholfen?

Danke ButtonHilfreiche Antwort Button

Also ich habe Dein Logfile mal auswerten lassen.
Dein System ist teilweise vollgemüllt mit Software, die Du eigentlich gar nicht brauchst.
Sonst richtige Schadprogramme wurden nicht erkannt.
Kannst Dir nochmal Malewarebyte downloaden und einen Vollscan durchführen. Erkannte Malware löschen.
Einträge bei Kaspersky auch löschen.
Spybot auf jeden Fall deinstallieren, taucht nichts, findet nichts, bremst Dein System.......weg damit !

Gruss A K


« Warnung vor TrojanerVista: PC spinnt bei allem!!! »
 

Schnelle Hilfe: Hier nach ähnlichen Fragen und passenden Tipps suchen!