Tdss Infektion nicht löschbar

#1 Hallöchen,

ich benutze unter andrem spyware-terminator und antivir. das einzige programm aber, das das "tdss"-virus findet ist "spyware doctor".

hier meine auswertung der durch von "combofix" erstellten dll.dateil von "virus total"


Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.43 2009.12.28 -
AhnLab-V3 5.0.0.2 2009.12.28 -
AntiVir 7.9.1.122 2009.12.28 -
Antiy-AVL 2.0.3.7 2009.12.28 -
Authentium 5.2.0.5 2009.12.28 -
Avast 4.8.1351.0 2009.12.27 -
AVG 8.5.0.430 2009.12.28 -
BitDefender 7.2 2009.12.28 -
CAT-QuickHeal 10.00 2009.12.28 -
ClamAV 0.94.1 2009.12.28 -
Comodo 3394 2009.12.28 -
DrWeb 5.0.1.12222 2009.12.28 -
eSafe 7.0.17.0 2009.12.28 -
F-Prot 4.5.1.85 2009.12.27 -
F-Secure 9.0.15370.0 2009.12.28 -
Fortinet 4.0.14.0 2009.12.28 -
GData 19 2009.12.28 -
Ikarus T3.1.1.79.0 2009.12.28 -
Jiangmin 13.0.900 2009.12.28 -
K7AntiVirus 7.10.932 2009.12.28 -
Kaspersky 7.0.0.125 2009.12.28 -
McAfee 5844 2009.12.27 -
McAfee+Artemis 5844 2009.12.27 -
McAfee-GW-Edition 6.8.5 2009.12.28 -
Microsoft 1.5302 2009.12.26 -
NOD32 4722 2009.12.28 -
Norman 6.04.03 2009.12.28 TdssConf.D
nProtect 2009.1.8.0 2009.12.28 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.28 -
Prevx 3.0 2009.12.28 -
Rising 22.28.00.04 2009.12.28 -
Sophos 4.49.0 2009.12.28 -
Sunbelt 3.2.1858.2 2009.12.27 -
Symantec 1.4.4.12 2009.12.28 -
TheHacker 6.5.0.3.115 2009.12.28 -
TrendMicro 9.120.0.1004 2009.12.28 -
VBA32 3.12.12.0 2009.12.26 -
ViRobot 2009.12.28.2111 2009.12.28 -
VirusBuster 5.0.21.0 2009.12.28 -
weitere Informationen
File size: 659 bytes
MD5...: 2a41ae0b834bc04b426647962ee71e71
SHA1..: 938ce37714e209bfc31a40f55558cac04d5d07ca
SHA256: d5d2d4086ae83699a555e58cf0d098b81db15357a42c2ac0d7ffb856f364088d
ssdeep: 12:73r1CGeI+SI7WJd9Exmw/6SLxwIb2DHQS2C5Y4bSc6MYP:Xei2p/vLxwIbkAC
BSqe
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

-----------------------------------------------------------------------------------------

und das "combofix"-log selbst






c:\programme\INSTALL.LOG
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.

2009-11-30 01:20 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-30 01:20 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-30 01:20 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-30 01:18 . 2009-11-30 01:18 -------- d-----w- c:\programme\Avira
2009-11-30 01:18 . 2009-11-30 01:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2009-11-29 22:36 . 2009-11-29 22:36 6144 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spyware Terminator\sp_rsdel.exe
2009-11-29 22:36 . 2009-11-29 22:36 5632 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spyware Terminator\fileobjinfo.sys
2009-11-29 22:36 . 2009-11-29 22:36 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-11-29 22:36 . 2009-12-28 15:26 -------- d-----w- c:\dokumente und einstellungen\Schneck\Anwendungsdaten\Spyware Terminator
2009-11-29 22:36 . 2009-11-30 06:05 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spyware Terminator
2009-11-29 22:36 . 2009-12-28 15:18 -------- d-----w- c:\programme\Spyware Terminator
2009-11-29 21:05 . 2009-11-29 21:05 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Mozilla
2009-11-29 13:04 . 2009-11-29 13:04 -------- d-----w- c:\dokumente und einstellungen\Schneck\Anwendungsdaten\Malwarebytes
2009-11-29 13:04 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 13:04 . 2009-11-29 13:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-11-29 13:04 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 13:04 . 2009-11-29 13:04 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2009-11-29 12:50 . 2009-11-29 12:50 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys
2009-11-29 12:26 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-29 12:26 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-29 12:26 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-29 12:26 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-29 12:26 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2009-11-29 12:26 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2009-11-29 12:23 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-29 12:23 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-29 12:23 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-29 12:23 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-29 12:23 . 2009-12-28 15:26 -------- d-----w- c:\programme\Spyware Doctor
2009-11-29 12:23 . 2009-11-29 12:27 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools
2009-11-29 12:23 . 2009-11-29 12:23 -------- d-----w- c:\dokumente und einstellungen\Schneck\Anwendungsdaten\PC Tools
2009-11-29 12:23 . 2009-11-29 12:23 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2009-11-29 12:15 . 2009-11-29 12:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 15:20 . 2009-07-03 16:49 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-11-29 22:46 . 2009-01-15 17:19 -------- d-----w- c:\programme\mIRC
2009-11-28 15:29 . 2005-10-26 22:42 -------- d-----w- c:\dokumente und einstellungen\Schneck\Anwendungsdaten\Skype
2009-11-21 18:29 . 2009-11-21 18:29 5395904 ----a-w- c:\dokumente und einstellungen\Schneck\Anwendungsdaten\Blitware\DriverRobot\updates\1.2.0.5\DriverRobot_Setup.exe
2009-11-21 18:29 . 2009-09-14 02:10 -------- d-----w- c:\programme\Driver Robot
2009-11-19 08:50 . 2008-11-25 20:08 -------- d-----w- c:\programme\DivX
2009-11-19 08:49 . 2009-04-11 10:35 -------- d-----w- c:\programme\Gemeinsame Dateien\DivX Shared
2009-11-19 06:45 . 2009-09-18 05:23 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-14 13:44 . 2009-11-14 13:44 64072 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\German\setup.exe
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-13 19:26 . 2008-07-19 13:45 -------- d-----w- c:\programme\Guitar Pro 5
2009-11-13 03:00 . 2009-01-03 12:00 1 ----a-w- c:\dokumente und einstellungen\Schneck\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-11 20:01 . 2005-04-04 14:38 -------- d-----w- c:\dokumente und einstellungen\Schneck\Anwendungsdaten\teamspeak2
2009-11-08 03:52 . 2009-11-08 03:52 5369864 ----a-w- c:\dokumente und einstellungen\Schneck\Anwendungsdaten\Blitware\DriverRobot\updates\a4d7111605bfa7aac1226573939eaa24\DriverRobot_Setup.exe
2009-11-06 12:14 . 2004-07-30 12:51 -------- d-----w- c:\dokumente und einstellungen\Schneck\Anwendungsdaten\Azureus
2009-10-25 02:10 . 2001-08-18 12:00 48036 ----a-w- c:\windows\system32\perfc007.dat
2009-10-25 02:10 . 2001-08-18 12:00 316246 ----a-w- c:\windows\system32\perfh007.dat
2009-10-19 14:31 . 2009-10-19 14:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-19 14:31 . 2009-10-19 14:31 152576 ----a-w- c:\dokumente und einstellungen\Schneck\Anwendungsdaten\Sun\Java\jre1.6.0_15\lzma.dll
2005-09-19 11:25 . 2005-10-02 18:05 44158 ----a-w- c:\programme\mozilla firefox\components\inspector.dll
2007-10-02 18:54 . 2007-10-02 18:52 24 --sh--w- c:\windows\SA6C72AA4.tmp
2008-10-15 18:19 . 2004-08-05 12:19 11374 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"SystemExplorer"="c:\programme\System Explorer\SystemExplorer.exe" [2008-08-25 1833472]
"SpywareTerminatorUpdate"="c:\programme\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-11-29 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-19 149280]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"IntelliPoint"="c:\programme\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"RemoteControl"="c:\windows\System32\rmctrl.exe" [2003-12-25 32768]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"SpywareTerminator"="c:\programme\Spyware Terminator\SpywareTerminatorShield.exe" [2009-11-29 2166784]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ISTray"="c:\programme\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Schneck^Startmenü^Programme^Autostart^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-10-11 22:35 1563584 ----a-w- c:\programme\any-dvd\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-03-12 20:43 81920 ----a-w- c:\programme\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-03-01 10:59 172792 ----a-w- c:\programme\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 12:20 290088 ----a-w- d:\itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\programme\messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-02-26 08:53 65024 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-12-20 03:55 185896 ----a-w- c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2005-04-12 15:27 45056 ----a-w- c:\programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechVideoRepair"=c:\programme\Logitech\Video\ISStart.exe
"LogitechVideoTray"=c:\programme\Logitech\Video\LogiTray.exe
"UnlockerAssistant"="c:\programme\Unlocker\UnlockerAssistant.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Spiele\\quake\\quake3.exe"=
"c:\\Programme\\The All-Seeing Eye\\eye.exe"=
"d:\\Spiele\\TrackMania Sunrise\\TmSunrise.exe"=
"d:\\eMule.de\\emule.exe"=
"d:\\Teamspeak2_RC2\\TeamSpeak.exe"=
"c:\\Programme\\Azureus\\Azureus.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"d:\\Warcraft III\\Frozen Throne.exe"=
"c:\\Programme\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Programme\\NetMeeting\\conf.exe"=
"d:\\ViRC\\ViRC.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Spiele\\heroes-complete\\HEROES3.EXE"=
"c:\\Programme\\Trillian\\trillian.exe"=
"d:\\Spiele\\4x4_Evolution_2\\4x4.exe"=
"d:\\Spiele\\heroes-complete\\h3wog.exe"=
"d:\\itunes\\iTunes.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"d:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"d:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\RpcAgentSrv.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\WNt500x86\\RpcSandraSrv.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"4661:TCP"= 4661:TCP:emule
"4665:UDP"= 4665:UDP:emule
"4672:UDP"= 4672:UDP:emule
"6118:TCP"= 6118:TCP:warcraft
"6118:UDP"= 6118:UDP:warcraft
"3724:TCP"= 3724:TCP:wow
"6112:TCP"= 6112:TCP:wow
"6112:UDP"= 6112:UDP:wow
"3724:UDP"= 3724:UDP:wow
"52523:TCP"= 52523:TCP:azureus
"52524:TCP"= 52524:TCP:azureus
"52523:UDP"= 52523:UDP:azureus
"52524:UDP"= 52524:UDP:azureus

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [6/26/2004 10:59 PM 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [6/26/2004 10:59 PM 5248]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/29/2009 1:23 PM 207792]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [1/30/2006 7:15 PM 5248]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [11/29/2009 11:36 PM 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [11/30/2009 2:20 AM 108289]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [11/29/2009 1:26 PM 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [11/29/2009 1:23 PM 359624]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [9/14/2009 3:41 AM 99176]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [1/30/2006 7:15 PM 159616]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
TCP: {D063320A-2438-4254-8BE4-F09CF6A67C80} = 192.168.2.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\dokumente und einstellungen\Schneck\Anwendungsdaten\Mozilla\Firefox\Profiles\default.609\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Logitech Utility - Logi_MwX.Exe
AddRemove-{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1 - c:\programme\Driver Robot\1.1.0.3\unins001.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 16:27
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8695F148]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7624fc3
\Driver\ACPI -> ACPI.sys @ 0xf745fcb8
\Driver\atapi -> atapi.sys @ 0xf73d97b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf72ceba0
PacketIndicateHandler -> NDIS.sys @ 0xf72dbb21
SendHandler -> NDIS.sys @ 0xf72b987b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-28 16:30:51
ComboFix-quarantined-files.txt 2009-12-28 15:30

Pre-Run: 1,529,651,200 Bytes frei
Post-Run: 2,000,793,600 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 8D0ADE16B81F7A68150B409C9A29D6A4


wie behebe ich das "problem" am besten ?
danke im voraus für die hilfe

#2 http://board.protecus.de/t23188.htm
abarbeiten, logs posten, auch das von combofix, da du es schon verwendet hast.