Rootkitmeldung durch Housecall

base30 · 08.03.2010, 19:32

Hallöchen!
Ich bin neu hier wie man sehen kann.
Ich habe heute mal einen Scan mit House Call von Trend Micro durchgeführt.
Das Programm hat leider 2 Rootkits gefunden. Der Name sah chinesisch aus.
Leider hat mir das Programm kein Log ausgespuckt aber ich habe mal befolgt was man vor der Eröffnung eines Themas tun sollte.

Zitat:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3838
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

08.03.2010 19:24:23
mbam-log-2010-03-08 (19-24-23).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 305481
Laufzeit: 1 hour(s), 5 minute(s), 44 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Außerdem habe ich Combofix ausgeführt:

Zitat:

ComboFix 10-03-08.01 - *** 08.03.2010 17:56:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1022.499 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-4236454551-1264364007-1233719669-500
c:\$recycle.bin\S-1-5-21-517543512-154693283-2103624537-500
c:\windows\system32\inetko.dll
c:\windows\system32\VB6KO.DLL

.
((((((((((((((((((((((( Dateien erstellt von 2010-02-08 bis 2010-03-08 ))))))))))))))))))))))))))))))
.

2010-03-08 17:05 . 2010-03-08 17:06 -------- d-----w- c:\users\***\AppData\Local\temp
2010-03-08 17:05 . 2010-03-08 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-08 16:45 . 2010-03-08 16:45 10752 ----a-w- c:\windows\DCEBoot.exe
2010-03-08 13:35 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-08 13:34 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-08 13:34 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-28 17:24 . 2010-03-07 11:14 -------- d-----w- c:\program files\Runes of Magic
2010-02-28 14:51 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-28 14:51 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-28 14:51 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-28 14:51 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-28 14:49 . 2010-02-28 14:49 -------- d-----w- C:\AeriaGames
2010-02-26 19:41 . 2010-02-26 19:55 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-02-26 19:41 . 2010-02-26 19:41 -------- d-----w- c:\programdata\id Software
2010-02-26 16:12 . 2010-02-26 17:03 -------- d--h--w- c:\users\***\AppData\Roaming\ijjigame
2010-02-25 20:37 . 2010-02-25 20:41 -------- d-----w- c:\program files\IpodConverter
2010-02-25 13:47 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-25 13:47 . 2010-02-25 13:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-25 13:47 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 13:10 . 2010-02-25 20:49 -------- d-----w- c:\users\***\AppData\Local\Apple Computer
2010-02-24 13:10 . 2010-02-24 13:26 -------- d-----w- c:\users\***\AppData\Roaming\Apple Computer
2010-02-24 13:09 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-24 13:09 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-02-24 13:09 . 2010-02-24 13:09 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-24 13:07 . 2010-02-24 13:07 -------- d-----w- c:\program files\iPod
2010-02-24 13:07 . 2010-02-24 13:09 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-24 13:07 . 2010-02-24 13:09 -------- d-----w- c:\program files\iTunes
2010-02-24 13:04 . 2010-02-24 13:04 -------- d-----w- c:\program files\Bonjour
2010-02-24 13:02 . 2010-02-24 13:03 -------- d-----w- c:\program files\QuickTime
2010-02-24 13:02 . 2010-02-24 13:07 -------- d-----w- c:\programdata\Apple Computer
2010-02-24 12:57 . 2010-02-24 13:07 -------- d-----w- c:\program files\Common Files\Apple
2010-02-24 12:39 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 12:38 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 12:38 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 12:38 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 12:38 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 12:38 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 12:38 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 12:38 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 12:38 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 12:38 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 12:38 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 12:38 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 12:38 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-22 19:26 . 2010-02-22 19:26 147456 ----a-w- c:\windows\system32\uc_neosteam_launching.dll
2010-02-17 14:11 . 2010-02-17 14:42 -------- d-----w- c:\program files\Allods Online
2010-02-17 11:51 . 2010-02-17 12:09 -------- d-----w- c:\users\***\AppData\Local\Oblivion
2010-02-15 17:19 . 2010-02-15 17:19 -------- d-----w- c:\program files\OpenAL
2010-02-15 17:19 . 2010-02-15 17:19 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-15 17:19 . 2010-02-15 17:19 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-12 17:08 . 2010-02-12 17:11 -------- d-----w- c:\users\***\BMM
2010-02-12 17:06 . 2010-02-12 17:06 -------- d-----w- c:\programdata\brockhaus multimedia
2010-02-12 16:30 . 2010-02-12 16:30 -------- d-----w- c:\users\***\AppData\Local\Apple
2010-02-12 16:29 . 2010-02-12 16:29 -------- d-----w- c:\program files\Apple Software Update
2010-02-12 16:29 . 2010-02-12 16:29 -------- d-----w- c:\programdata\Apple
2010-02-12 16:08 . 2010-02-12 16:08 -------- d-----w- c:\program files\Brockhaus Multimedia
2010-02-11 11:09 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-11 11:09 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-11 11:09 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-11 11:09 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-11 11:08 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-11 11:08 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-11 11:08 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-11 11:08 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-11 11:08 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-11 11:08 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-11 11:08 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-11 11:08 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-11 11:08 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-11 11:08 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-11 11:08 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-10 19:03 . 2010-02-24 14:57 -------- d-----w- c:\users\***\AppData\Roaming\Tobit
2010-02-10 18:59 . 2010-02-10 18:59 -------- d-----w- c:\program files\Common Files\Tobit
2010-02-10 18:59 . 2009-01-02 10:50 554496 ----a-w- c:\windows\system32\dvmsg.dll
2010-02-10 17:18 . 2010-02-10 17:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-10 15:31 . 2010-02-10 15:31 -------- d-----w- c:\program files\directx

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 16:51 . 2009-12-28 16:48 -------- d-----w- c:\program files\Steam
2010-03-08 13:47 . 2009-10-31 14:30 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-07 16:36 . 2009-11-09 14:41 -------- d-----w- c:\users\***\AppData\Roaming\Xfire
2010-03-04 13:27 . 2009-11-09 14:40 -------- d-----w- c:\programdata\Xfire
2010-03-04 12:30 . 2009-12-28 16:56 -------- d-----w- c:\program files\Common Files\Steam
2010-03-01 18:56 . 2009-10-31 14:33 -------- d-----w- c:\users\***\AppData\Roaming\ICQ
2010-03-01 17:07 . 2009-10-31 21:56 -------- d-----w- c:\users\***\AppData\Roaming\Skype
2010-03-01 15:09 . 2009-12-29 19:56 -------- d-----w- c:\users\***\AppData\Roaming\skypePM
2010-03-01 14:18 . 2009-10-31 14:42 1 ----a-w- c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-28 14:56 . 2009-10-31 12:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 19:55 . 2010-01-20 20:26 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-26 19:55 . 2010-01-20 20:26 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-25 13:42 . 2010-02-04 20:42 -------- d-----w- c:\program files\DVDVideoSoft
2010-02-25 13:42 . 2009-11-12 14:03 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-25 13:40 . 2009-10-31 10:33 56824 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 14:13 . 2006-11-02 15:33 628910 ----a-w- c:\windows\system32\perfh007.dat
2010-02-24 14:13 . 2006-11-02 15:33 127412 ----a-w- c:\windows\system32\perfc007.dat
2010-02-24 13:15 . 2010-02-02 21:00 -------- d-----w- c:\users\***\AppData\Roaming\vlc
2010-02-17 06:04 . 2009-11-09 14:40 -------- d-----w- c:\program files\Xfire
2010-02-12 13:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-11 11:03 . 2009-11-17 16:20 -------- d-----w- c:\users\***\AppData\Roaming\HP
2010-02-04 21:12 . 2009-12-20 14:52 -------- d-----w- c:\users\***\AppData\Roaming\dvdcss
2010-02-03 07:54 . 2010-02-02 22:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-02 20:50 . 2009-10-31 14:34 -------- d-----w- c:\program files\Java
2010-02-01 00:13 . 2009-10-31 14:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-27 11:08 . 2010-01-20 20:26 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-26 15:26 . 2010-01-26 15:26 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-01-24 10:56 . 2010-01-24 10:56 0 --sh--w- c:\windows\S308BB55F.tmp
2010-01-23 13:02 . 2010-01-23 13:02 -------- d-----w- c:\users\***\AppData\Roaming\Jumping Bytes
2010-01-22 18:51 . 2010-01-22 18:51 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-20 19:14 . 2010-01-20 19:13 -------- d-----w- c:\program files\DivX
2010-01-20 19:13 . 2010-01-20 19:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-19 19:37 . 2009-10-31 15:11 -------- d-----w- c:\users\***\AppData\Roaming\Thunderbird
2010-01-18 18:17 . 2009-10-31 12:12 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-08 13:51 . 2010-01-05 08:01 -------- d-----w- c:\users\***\AppData\Roaming\GetRightToGo
2010-01-06 15:38 . 2010-02-24 12:38 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 12:38 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 12:38 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 12:38 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-05 10:50 . 2010-01-05 10:50 92 ----a-w- c:\users\***\AppData\Local\fusioncache.dat
2010-01-02 06:38 . 2010-01-22 12:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 12:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 12:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 12:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-29 19:56 . 2009-12-29 19:56 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-17 17:18 . 2009-12-17 17:18 75264 ----a-w- c:\windows\system32\uc_holybeast_launching.dll
2009-12-17 13:23 . 2009-12-17 13:23 552 ----a-w- c:\users\***\AppData\Local\d3d8caps.dat
2009-12-15 16:21 . 2009-12-15 16:21 427008 ----a-w- c:\windows\system32\uc_wepic_launching.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Steam"="c:\program files\steam\steam.exe" [2010-02-21 1217872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"LG Direct Media Button Service"="LGDMEBTN.exe" [2006-12-14 94208]
"BatteryMiser 5"="c:\program files\LG Software\BatteryMiser\BatteryMiser5.exe" [2007-02-04 337464]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"KeybdUtility"="c:\program files\LG Software\On Screen Display\HotKey.exe" [2007-02-02 2655800]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-21 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-12-11 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):46,ee,9c,1a,20,5a,ca,01

R3 lgodd_filter;lgodd_filter;c:\windows\system32\drivers\lgodd_filter.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-16 3461904]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 AGR1310_60;Agere Systems ET-13xx PCI-E Ethernet Adapter Vista Driver;c:\windows\system32\DRIVERS\AGR1310_60.sys [2007-01-19 77824]
S3 LGDMEBTN;LG Direct Media Button Device Driver for x86;c:\windows\system32\DRIVERS\LGDMEBTN.sys [2006-12-14 16384]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://operation7.fiaa.eu/default.asp
uInternet Settings,ProxyOverride = *.local
Trusted Zone: freechal.com\downgame
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bnz6ee1b.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

ActiveSetup-ccc-core-static - msiexec

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 18:06
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-517543512-154693283-2103624537-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1a,ed,74,e2,d1,be,74,5c,d9,c7,0d,dd,6f,ff,49,07,fc,0a,1a,f9,80,50,cf,
4a,4a,8d,2b,79,70,48,6b,e3,af,7b,27,3e,cd,2b,4b,3d,03,f4,ea,de,56,42,b7,ec,\
"??"=hex:bd,c1,90,ff,ce,fa,dc,78,8e,78,65,11,63,59,e3,76

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-03-08 18:10:15
ComboFix-quarantined-files.txt 2010-03-08 17:10

Vor Suchlauf: 9 Verzeichnis(se), 55.432.654.848 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 55.481.708.544 Bytes frei

- - End Of File - - 34C407D565B13BB4FEB80B17D5F8A516

Ich wäre für Hilfe sehr sehr dankbar!

Rootkitmeldung durch Housecall

Plagegeister aller Art und deren Bekämpfung: Rootkitmeldung durch Housecall

Rootkitmeldung durch Housecall

Ähnliche Themen: Rootkitmeldung durch Housecall