SystemTool 2011 - und nun?

supidupi · 10.01.2011, 19:35

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-01-10.04 - Brandon 10.01.2011  18:44:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2813.1651 [GMT 1:00]
ausgeführt von:: c:\users\Brandon\Desktop\ComboFix.exe
AV: G Data AntiVirus 2011 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\_otl\MovedFiles\01092011_201324\C_Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\windows\system32\drivers\FSC__PI__AMILO Pa 3515   __   _P1   __Ver 1.00PARTTBL_FSC - 6040000_V1.13   __ATI Radeon HD 3200 Graphics .MRK
c:\windows\system32\drivers\rlmbcdil.sys

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ggfteb


(((((((((((((((((((((((   Dateien erstellt von 2010-12-10 bis 2011-01-10  ))))))))))))))))))))))))))))))
.

2011-01-10 14:53 . 2011-01-10 14:53	--------	d-----w-	c:\users\Brandon\AppData\Roaming\Malwarebytes
2011-01-10 14:53 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-10 14:53 . 2011-01-10 14:53	--------	d-----w-	c:\programdata\Malwarebytes
2011-01-10 14:53 . 2011-01-10 17:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-01-10 14:53 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-09 21:19 . 2010-10-19 04:27	7680	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-01-09 21:16 . 2009-03-08 11:32	72704	----a-w-	c:\windows\system32\admparse.dll
2011-01-09 20:39 . 2008-01-12 18:30	8704	----a-r-	c:\users\Brandon\AppData\Roaming\Microsoft\Installer\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}\Icon9A3BC1573.exe
2011-01-09 20:38 . 2011-01-10 15:04	--------	d-----w-	c:\users\Brandon\AppData\Roaming\skypePM
2011-01-09 20:38 . 2006-11-02 12:37	--------	d-----w-	c:\users\Brandon\AppData\Roaming\Media Center Programs
2011-01-09 19:16 . 2011-01-09 19:16	--------	d-----w-	c:\users\Brandon\AppData\Roaming\ATI
2011-01-09 19:16 . 2011-01-10 18:00	--------	d-----w-	c:\users\Brandon\AppData\Roaming\Skype
2011-01-09 19:16 . 2011-01-10 14:52	--------	d-----w-	c:\users\Brandon\AppData\Roaming\Spyware Terminator
2011-01-09 19:13 . 2011-01-09 19:28	--------	d-----w-	C:\_OTL
2011-01-09 16:44 . 2011-01-09 16:44	142592	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2011-01-09 16:44 . 2011-01-10 14:14	--------	d-----w-	c:\programdata\Spyware Terminator
2011-01-09 16:44 . 2011-01-09 21:51	--------	d-----w-	c:\program files\Spyware Terminator
2011-01-09 15:29 . 2011-01-09 19:13	--------	d-----w-	c:\programdata\eFjBp01804
2011-01-09 14:58 . 2011-01-09 14:58	--------	d-----w-	c:\programdata\Blizzard Entertainment
2011-01-09 14:45 . 2011-01-09 14:45	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment
2011-01-09 09:54 . 2011-01-09 09:54	--------	d-----w-	c:\program files\Common Files\Skype
2011-01-09 09:54 . 2011-01-09 09:54	--------	d-----r-	c:\program files\Skype
2011-01-09 09:54 . 2011-01-09 09:54	--------	d-----w-	c:\programdata\Skype
2011-01-09 08:31 . 2009-08-24 11:36	377344	----a-w-	c:\windows\system32\winhttp.dll
2011-01-09 08:31 . 2010-09-06 16:20	125952	----a-w-	c:\windows\system32\srvsvc.dll
2011-01-09 08:31 . 2010-09-06 16:19	17920	----a-w-	c:\windows\system32\netevent.dll
2011-01-09 08:31 . 2010-09-06 13:45	304128	----a-w-	c:\windows\system32\drivers\srv.sys
2011-01-09 08:31 . 2010-09-06 13:45	145408	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-01-09 08:31 . 2010-09-06 13:45	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-01-09 08:31 . 2010-05-27 20:08	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-01-09 08:26 . 2010-11-16 11:01	6273872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{23BB9415-F2ED-40D0-BC8C-F8C832E72B73}\mpengine.dll
2011-01-09 08:09 . 2011-01-09 08:09	--------	d-----w-	c:\program files\Windows Portable Devices
2010-12-26 17:13 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2010-12-26 17:13 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2010-12-26 17:13 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2010-12-26 17:11 . 2009-10-01 01:02	30208	----a-w-	c:\windows\system32\WPDShextAutoplay.exe
2010-12-26 17:11 . 2009-10-01 01:02	31232	----a-w-	c:\windows\system32\BthMtpContextHandler.dll
2010-12-26 17:11 . 2009-10-01 01:01	81920	----a-w-	c:\windows\system32\wpdbusenum.dll
2010-12-26 17:11 . 2009-10-01 01:01	60928	----a-w-	c:\windows\system32\PortableDeviceConnectApi.dll
2010-12-26 17:11 . 2009-10-01 01:02	2537472	----a-w-	c:\windows\system32\wpdshext.dll
2010-12-26 17:11 . 2009-10-01 01:02	334848	----a-w-	c:\windows\system32\PortableDeviceApi.dll
2010-12-26 17:11 . 2009-10-01 01:02	87552	----a-w-	c:\windows\system32\WPDShServiceObj.dll
2010-12-26 17:11 . 2009-10-01 01:01	546816	----a-w-	c:\windows\system32\wpd_ci.dll
2010-12-26 17:11 . 2009-10-01 01:01	160256	----a-w-	c:\windows\system32\PortableDeviceTypes.dll
2010-12-26 17:11 . 2009-10-01 01:01	100864	----a-w-	c:\windows\system32\PortableDeviceClassExtension.dll
2010-12-26 17:11 . 2009-10-01 01:01	350208	----a-w-	c:\windows\system32\WPDSp.dll
2010-12-26 17:11 . 2009-10-01 01:01	196608	----a-w-	c:\windows\system32\PortableDeviceWMDRM.dll
2010-12-26 17:11 . 2009-10-01 01:01	227840	----a-w-	c:\windows\system32\drivers\UMDF\WpdFs.dll
2010-12-26 17:09 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2010-12-26 17:09 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2010-12-26 17:09 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2010-12-26 16:50 . 2009-11-08 09:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-12-26 16:50 . 2009-11-08 09:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2010-12-26 16:50 . 2009-11-08 09:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2010-12-26 16:50 . 2009-11-08 09:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2010-12-26 16:50 . 2009-11-08 09:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2010-12-26 16:48 . 2010-02-12 10:32	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-12-26 16:47 . 2010-12-26 16:47	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2010-12-26 16:30 . 2010-02-20 23:06	24064	----a-w-	c:\windows\system32\nshhttp.dll
2010-12-26 16:30 . 2010-02-20 23:05	30720	----a-w-	c:\windows\system32\httpapi.dll
2010-12-26 16:30 . 2010-02-20 20:53	411648	----a-w-	c:\windows\system32\drivers\http.sys
2010-12-26 16:29 . 2010-12-26 16:29	--------	d-----w-	c:\program files\MSXML 4.0
2010-12-26 15:21 . 2010-08-17 14:11	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-12-26 15:20 . 2010-11-04 18:55	270336	----a-w-	c:\windows\system32\taskcomp.dll
2010-12-26 14:55 . 2009-12-23 11:33	172032	----a-w-	c:\windows\system32\wintrust.dll
2010-12-26 14:54 . 2010-01-13 17:34	98304	----a-w-	c:\windows\system32\cabview.dll
2010-12-26 14:50 . 2010-10-19 09:41	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-12-25 21:09 . 2010-12-26 15:27	29992	----a-w-	c:\windows\system32\drivers\GRD.sys
2010-12-25 20:54 . 2011-01-09 19:24	--------	d-----w-	c:\program files\IZArc

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-01-09 3318784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2008-05-23 192512]
"WisKeyState"="c:\program files\Launch Manager\WisKeyState.exe" [2008-03-07 208896]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2008-03-03 258048]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2007-12-25 241664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"G Data AntiVirus Tray Application"="c:\program files\G Data\AntiVirus\AVKTray\AVKTray.exe" [2010-08-27 996936]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-01-09 2216960]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2008-01-12 33480]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-01-12 62024]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2008-01-12 40904]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-12-26 29992]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-01-12 38856]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-01-09 142592]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-08-27 1178184]
S2 AVKService;G Data Scheduler;c:\program files\G Data\AntiVirus\AVK\AVKService.exe [2010-08-27 410696]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe [2010-08-27 1330792]
S2 FSCLBaseUpdaterService;FSCLBaseUpdaterService;c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [2007-06-04 65536]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2010-08-26 340552]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2008-01-15 118784]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\wb3p44e5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-01-10 18:59
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-10  19:03:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-01-10 18:03

Vor Suchlauf: 17 Verzeichnis(se), 160.571.695.104 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 160.115.187.712 Bytes frei

- - End Of File - - EAF13FBB43A82717A8497CA948CD44C7

--- --- ---

SystemTool 2011 - und nun?

Plagegeister aller Art und deren Bekämpfung: SystemTool 2011 - und nun?

SystemTool 2011 - und nun?

Ähnliche Themen: SystemTool 2011 - und nun?