Hallo,

Die Datei KGyGaAvL.sys ist, zumindest was ich darüber rausgefunden habe, "sicher". Aber wie sieht es mit ZLT05120.TMP und EC23ACB85A.sys aus?

ich hoffe, dass du mir helfen kannst, Patrick.

Was sagt dein geschultes Auge zu folgendem Log von RootAlyzer:


// info: Rootkit removal help file
// copyright: (c) 2008 Safer Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","C:\WINDOWS\Temp\ZLT05120.TMP"
File:"No admin in ACL","C:\WINDOWS\system32\EC23ACB85A.sys"
File:"No admin in ACL","C:\WINDOWS\system32\KGyGaAvL.sys"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\fwdbglog.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\fwpktlog.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\IAMDB(2).RDB"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\IAMDB.RDB"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\installer_121808191928.log"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\MATT.ldb"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\tvDebug.log"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\tvDebug.Zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.02.02.txt"
File:"No admin in ACL","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS\Adobe_Downloads\nos5.dat"
Directory:"No admin in ACL","C:\WINDOWS\Internet Logs"
Directory:"No admin in ACL","C:\Programme\NOS"
Directory:"No admin in ACL","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS"
Directory:"No admin in ACL","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS\Adobe_Downloads"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\","NOS"


Vielen Dank.
Gruß,
-Matt-