Trojaner-Board - Logfile - Verdacht auf wauclt.exe

Hallo liebe Community,
mein Problem ist hier geschildert:
w*w.trojaner-board.de/79226-wauclt-exe-im-taskmanager.html#post479087

(Ich habe die Threads getrennt um zwischen Logfile-Auswertung und allgemeine Problembehandlung zu trennen, ich hoffe ihr ärgert euch nicht über Doubleposting usw.)

07.11.09
Ich weiss das ich den Video Accelerator installiert habe.

Danke!

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:13:50, on 07.11.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Creative\Shared Files\CTAudSvc.exe

C:\Programme\Avira\AntiVir Desktop\sched.exe

C:\Programme\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

D:\Programme\FileZilla Server\FileZilla Server.exe

D:\Programme\Java\jre6\bin\jqs.exe

C:\Programme\Avira\AntiVir Desktop\avgnt.exe

C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

D:\Dokumente und Einstellungen\Eigene Dateien\Downloads\C2DtoG15 1.1.0.0\C2DtoG15.exe

D:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

D:\Programme\Creative\Volume Panel\VolPanlu.exe

C:\WINDOWS\system32\RUNDLL32.EXE

D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

D:\Programme\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Vtune\TBPanel.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Programme\USRobotics\Wireless USB Manager\USR54G.exe

D:\Programme\SEC\Natural Color Pro\NCProTray.exe

C:\Programme\iPod\bin\iPodService.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Programme\Mozilla Thunderbird\thunderbird.exe

D:\Programme\Trend Micro\HijackThis\HijackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r

O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [VolPanel] "D:\Programme\Creative\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe /A

O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [EA Core] "D:\Programme\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [DeeEnEs] D:\Dokumente und Einstellungen\Eigene Dateien\Downloads\DeeEnEs-2.3.30\DeeEnEs.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Total Organizer.lnk = D:\Programme\Organizer\Organizer.exe

O4 - Global Startup:  USRobotics Wireless USB Adapter.lnk = C:\Programme\USRobotics\Wireless USB Manager\USR54G.exe

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: &Clean Traces - C:\Programme\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Programme\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Programme\DAP\dapextie2.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\progra~1\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: d:\progra~1\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: d:\progra~1\speedb~1\sblsp.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\Programme\FileZilla Server\FileZilla Server.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
 

--

End of file - 8976 bytes

w*w.virustotal.com/de/analisis/c8ae395de7597eca3c13cf5496d7317fa2939d36c300329970e0438b4b9413cc-1257695953

"C:\WINDOWS\system32\drivers\a2l5asik.sys" - existiert nicht

Ordneroptionen:
http://img52.imageshack.us/img52/4083/unbenanntr.png
http://img697.imageshack.us/img697/6810/unbenannt2z.png

Combofix:
(Ich habe bei Antivir
"AntiVir Guard aktivieren" deaktiviert, reicht das oder muss ich wirklich manuel die "av"-Prozesse rauswerfen?)

Code:

ComboFix 09-11-07.04 - ***** 08.11.2009 17:16.1.4 - NTFSx86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.3327.2698 [GMT 1:00]

ausgeführt von:: d:\dokumente und einstellungen\Eigene Dateien\Downloads\cofi.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.
 

(((((((((((((((((((((((   Dateien erstellt von 2009-10-08 bis 2009-11-08  ))))))))))))))))))))))))))))))

.
 

2009-11-07 14:24 . 2009-11-07 14:24        152576        ----a-w-        c:\dokumente und einstellungen\*****\Anwendungsdaten\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-06 21:24 . 2009-11-06 21:24        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PopCap Games

2009-11-06 21:24 . 2009-11-06 21:25        --------        d-----w-        c:\programme\PopCap Games

2009-10-30 15:45 . 2009-10-30 15:45        --------        d-----w-        c:\programme\iPod

2009-10-30 15:41 . 2009-10-30 15:41        79144        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-10-24 17:26 . 2009-10-24 17:26        --------        d-----w-        c:\programme\Gemeinsame Dateien\DirectX

2009-10-24 17:10 . 2009-10-24 17:10        --------        d-----w-        c:\dokumente und einstellungen\*****\Anwendungsdaten\InstallShield

2009-10-18 14:48 . 2009-10-18 14:39        147456        ----a-w-        c:\dokumente und einstellungen\*****\Anwendungsdaten\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\_setup.dll

2009-10-18 14:41 . 2008-07-03 16:00        121064        ----a-r-        c:\dokumente und einstellungen\*****\Anwendungsdaten\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe

2009-10-18 14:41 . 2009-10-18 14:41        --------        d-----w-        c:\dokumente und einstellungen\*****\Anwendungsdaten\InstallShield Installation Information

2009-10-15 19:52 . 2009-10-15 19:52        --------        d-----w-        c:\programme\Gemeinsame Dateien\L&H

2009-10-15 19:52 . 2003-06-05 15:15        57436        ----a-w-        c:\windows\DASShp.dll
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-08 16:12 . 2009-06-20 19:53        --------        d---a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

2009-11-08 14:33 . 2009-06-25 19:42        1        ----a-w-        c:\dokumente und einstellungen\*****\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-11-08 13:22 . 2009-06-27 12:37        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2009-11-08 13:10 . 2008-04-14 12:00        80104        ----a-w-        c:\windows\system32\perfc007.dat

2009-11-08 13:10 . 2008-04-14 12:00        448470        ----a-w-        c:\windows\system32\perfh007.dat

2009-10-30 15:45 . 2009-06-21 19:56        --------        d-----w-        c:\programme\Gemeinsame Dateien\Apple

2009-10-29 18:38 . 2009-09-27 10:27        24808        ---ha-w-        c:\windows\system32\mlfcache.dat

2009-10-26 15:06 . 2009-06-20 19:39        31152        ----a-w-        c:\dokumente und einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2009-10-26 14:55 . 2009-09-26 13:55        3695616        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

2009-10-26 14:55 . 2009-06-27 13:55        2353992        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2009-10-25 16:58 . 2009-06-20 19:28        --------        d--h--w-        c:\programme\InstallShield Installation Information

2009-10-24 18:15 . 2009-08-04 15:33        107888        ----a-w-        c:\windows\system32\CmdLineExt.dll

2009-10-24 17:29 . 2009-06-21 19:52        --------        d-----w-        c:\dokumente und einstellungen\*****\Anwendungsdaten\ICQ

2009-10-22 17:40 . 2009-08-31 19:55        --------        d-----w-        c:\dokumente und einstellungen\*****\Anwendungsdaten\Creative

2009-10-17 22:05 . 2009-08-21 21:06        138184        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys

2009-10-17 22:04 . 2009-08-21 21:06        183112        ----a-w-        c:\windows\system32\PnkBstrB.exe

2009-10-11 03:17 . 2009-06-24 23:25        411368        ----a-w-        c:\windows\system32\deploytk.dll

2009-10-05 13:42 . 2009-10-05 13:42        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\FlashFXP

2009-10-03 18:01 . 2009-10-03 17:52        --------        d-----w-        c:\dokumente und einstellungen\*****\Anwendungsdaten\FileZilla

2009-09-27 21:02 . 2009-09-27 21:02        0        ---ha-w-        c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf

2009-09-27 21:02 . 2009-09-27 21:02        0        ---ha-w-        c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-09-27 20:58 . 2009-09-27 20:58        25512        ----a-w-        c:\windows\system32\drivers\ggsemc.sys

2009-09-27 20:58 . 2009-09-27 20:58        13224        ----a-w-        c:\windows\system32\drivers\ggflt.sys

2009-09-27 20:58 . 2009-09-27 20:58        1112288        ----a-w-        c:\windows\system32\WdfCoInstaller01007.dll

2009-09-27 16:19 . 2009-09-27 16:19        3674112        ----a-w-        c:\windows\system32\nvwssr.dll

2009-09-27 14:12 . 2009-06-20 22:56        490088        ----a-w-        c:\windows\system32\nvudisp.exe

2009-09-27 14:12 . 2009-06-10 16:33        1714792        ----a-w-        c:\windows\system32\nvcuvenc.dll

2009-09-27 14:12 . 2009-06-10 16:33        1604482        ----a-w-        c:\windows\system32\nvdata.bin

2009-09-27 14:12 . 2009-04-03 09:32        888832        ----a-w-        c:\windows\system32\nvapi.dll

2009-09-27 14:12 . 2009-04-03 09:32        7655872        ----a-w-        c:\windows\system32\drivers\nv4_mini.sys

2009-09-27 14:12 . 2009-04-03 09:32        5900416        ----a-w-        c:\windows\system32\nv4_disp.dll

2009-09-27 14:12 . 2009-04-03 09:32        2194024        ----a-w-        c:\windows\system32\nvcuvid.dll

2009-09-27 14:12 . 2009-04-03 09:32        2007040        ----a-w-        c:\windows\system32\nvcuda.dll

2009-09-27 14:12 . 2009-04-03 09:32        170600        ----a-w-        c:\windows\system32\nvcodins.dll

2009-09-27 14:12 . 2009-04-03 09:32        170600        ----a-w-        c:\windows\system32\nvcod.dll

2009-09-27 14:12 . 2009-04-03 09:32        10756096        ----a-w-        c:\windows\system32\nvoglnt.dll

2009-09-25 20:47 . 2009-09-25 20:47        --------        d-----w-        c:\programme\Windows Media Connect 2

2009-09-25 05:35 . 2008-04-14 12:00        672768        ----a-w-        c:\windows\system32\wininet.dll

2009-09-25 05:35 . 2009-06-21 16:27        81920        ----a-w-        c:\windows\system32\ieencode.dll

2009-09-24 07:24 . 2009-06-20 22:56        490088        ----a-w-        c:\windows\system32\NVUNINST.EXE

2009-09-20 19:27 . 2009-09-20 19:27        11405        ----a-w-        c:\windows\scunin.dat

2009-09-20 19:27 . 2009-09-20 19:27        967        ----a-w-        c:\windows\ScUnin.pif

2009-09-20 19:27 . 2009-09-20 19:27        67584        ----a-w-        c:\windows\ScUnin.exe

2009-09-20 16:02 . 2009-08-04 17:13        43520        ----a-w-        c:\windows\system32\CmdLineExt03.dll

2009-09-11 14:17 . 2008-04-14 12:00        136192        ----a-w-        c:\windows\system32\msv1_0.dll

2009-09-10 18:25 . 2009-09-10 18:25        --------        d-----w-        c:\dokumente und einstellungen\*****\Anwendungsdaten\dBpoweramp

2009-09-10 17:36 . 2009-09-10 17:36        3061        ----a-w-        c:\windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat

2009-09-10 17:36 . 2009-09-10 17:32        652152        ----a-w-        c:\windows\system32\SpoonUninstall.exe

2009-09-10 17:32 . 2009-09-10 17:32        15337        ----a-w-        c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat

2009-09-10 17:32 . 2009-09-10 17:32        --------        d-----w-        c:\dokumente und einstellungen\*****\Anwendungsdaten\AccurateRip

2009-09-10 17:12 . 2009-06-21 19:56        --------        d-----w-        c:\dokumente und einstellungen\*****\Anwendungsdaten\Apple Computer

2009-09-10 17:01 . 2009-09-10 17:01        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-10 17:00 . 2009-08-15 11:54        --------        d-----w-        c:\programme\Bonjour

2009-09-10 17:00 . 2009-09-10 16:59        --------        d-----w-        c:\programme\QuickTime

2009-09-04 21:03 . 2008-04-14 12:00        58880        ----a-w-        c:\windows\system32\msasn1.dll

2009-09-03 16:51 . 2009-06-20 20:14        83456        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SpeedBit\DAP\SDCondition.dll

2009-08-29 20:04 . 2009-08-21 21:06        66872        ----a-w-        c:\windows\system32\PnkBstrA.exe

2009-08-28 17:30 . 2009-08-28 17:10        37406376        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe

2009-08-28 17:10 . 2009-08-28 16:42        62234496        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Creative\Software Update\cache\Creative Console Launcher 2.61.09__\CSL_PCAPP_LB_2_61_09.exe

2009-08-28 16:42 . 2009-08-28 16:08        70681997        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Creative\Software Update\cache\Creative Console Launcher 2.60.29__\CSL_PCAPP_LB_2_60_29.exe

2009-08-28 16:08 . 2009-08-28 16:02        12846328        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe

2009-08-28 16:02 . 2009-08-28 15:29        62059520        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Creative\Software Update\cache\Creative Console Launcher 2.60.35__\CSL_PCAPP_LB_2_60_35A.exe

2009-08-28 15:29 . 2009-08-28 15:25        6657680        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Creative\Software Update\cache\Creative SoundFont Bank Manager 3.21.00__\SFBM_PCAPP_LB_3_21_00.exe

2009-08-28 15:17 . 2009-06-21 13:14        444952        ----a-w-        c:\windows\system32\wrap_oal.dll

2009-08-28 15:17 . 2009-06-21 13:14        109080        ----a-w-        c:\windows\system32\OpenAL32.dll

2009-08-26 08:00 . 2008-04-14 12:00        247326        ----a-w-        c:\windows\system32\strmdll.dll

2009-08-14 15:08 . 2009-08-14 15:08        3262        ----a-r-        c:\dokumente und einstellungen\*****\Anwendungsdaten\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe

2009-08-14 15:08 . 2009-08-14 15:08        10134        ----a-r-        c:\dokumente und einstellungen\*****\Anwendungsdaten\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe

2009-08-14 11:36 . 2009-08-14 11:36        70936        ----a-w-        c:\windows\system32\PhysXLoader.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TBPanel"="c:\programme\Vtune\TBPanel.exe" [2009-04-03 2158592]

"SpybotSD TeaTimer"="d:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"EA Core"="d:\programme\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

"DeeEnEs"="d:\dokumente und einstellungen\Eigene Dateien\Downloads\DeeEnEs-2.3.30\DeeEnEs.exe" [2005-01-01 151552]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-02 5964800]

"IntelliPoint"="c:\programme\Microsoft IntelliPoint\ipoint.exe" [2009-05-28 1468296]

"Launch LCDMon"="c:\programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]

"Launch LGDCore"="c:\programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]

"Ad-Watch"="c:\programme\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-26 520024]

"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"VolPanel"="d:\programme\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-09-04 417792]

"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]

"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2009-10-28 141600]

"SunJavaUpdateSched"="d:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2009-06-03 25600]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\*****\Startmen\Programme\Autostart\

Total Organizer.lnk - d:\programme\Organizer\Organizer.exe [2009-8-17 970752]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

 USRobotics Wireless USB Adapter.lnk - c:\programme\USRobotics\Wireless USB Manager\USR54G.exe [2006-4-14 663552]

NCProTray.lnk - d:\programme\SEC\Natural Color Pro\NCProTray.exe [2009-6-29 49220]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^GammaTray.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\GammaTray.lnk

backup=c:\windows\pss\GammaTray.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^*****^Startmenü^Programme^Autostart^OpenOffice.org 3.1.lnk]

path=c:\dokumente und einstellungen\*****\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\USRobotics\\Wireless USB Manager\\USR54G.exe"=

"c:\\Programme\\Mozilla Firefox\\firefox.exe"=

"c:\\Programme\\DAP\\DAP.exe"=

"d:\\Programme\\ICQ6.5\\ICQ.exe"=

"d:\\Programme\\Reality Pump\\Two Worlds\\TwoWorlds.exe"=

"d:\\Programme\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\TeamViewer\\Version4\\TeamViewer.exe"=

"d:\\Dokumente und Einstellungen\\Eigene Dateien\\FarCry2\\Far Cry 2\\bin\\FarCry2.exe"=

"d:\\Programme\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"d:\\Programme\\GameSpy Arcade\\Aphex.exe"=

"d:\\Programme\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"=

"d:\\Programme\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"d:\\Programme\\Starcraft\\StarCraft.exe"=

"d:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=

"d:\\Program Files\\WS_FTP\\WS_FTP95.exe"=

"d:\\Programme\\FlashFXP\\FlashFXP.exe"=

"d:\\Programme\\Codemasters\\Overlord\\Overlord.exe"=

"d:\\Programme\\Sierra\\FEARCombat\\FEARMP.exe"=

"d:\\Programme\\iTunes\\iTunes.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"20:TCP"= 20:TCP:Webserver

"3074:TCP"= 3074:TCP:Overlord
 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.06.2009 14:55 64160]

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [22.07.2008 09:01 151592]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.06.2009 20:51 108289]

R2 VideoAcceleratorService;VideoAcceleratorService;d:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> d:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [07.10.2008 20:54 171032]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [07.10.2008 20:54 1324056]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [07.10.2008 20:54 72728]

R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [20.06.2009 23:45 38400]

R3 USRWGU(USR);USRobotics Wireless USB Adapter(USR);c:\windows\system32\drivers\USRWGU.sys [20.06.2009 18:38 408064]

R3 WinRing0_1_1_1;WinRing0_1_1_1;d:\dokumente und einstellungen\Eigene Dateien\Downloads\C2DtoG15 1.1.0.0\WinRing0.sys [22.06.2009 21:07 13904]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [09.03.2009 20:06 1028432]

S3 cpuz130;cpuz130;\??\c:\dokume~1\*****\LOKALE~1\Temp\cpuz130\cpuz_x32.sys --> c:\dokume~1\*****\LOKALE~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [21.06.2009 20:09 12672]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [28.08.2009 16:18 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [07.10.2008 20:54 171032]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [07.10.2008 20:54 1324056]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [07.10.2008 20:54 72728]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27.09.2009 21:58 13224]
 

--- Andere Dienste/Treiber im Speicher ---
 

*NewlyCreated* - MBR

*NewlyCreated* - PROCEXP113

*NewlyCreated* - WINRING0_1_1_1

*Deregistered* - mbr

*Deregistered* - PROCEXP113

.

Inhalt des "geplante Tasks" Ordners
 

2009-11-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:55]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.speedbit.com/

uInternet Settings,ProxyOverride = *.local

IE: &Clean Traces - c:\programme\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\programme\DAP\dapextie.htm

IE: Download &all with DAP - c:\programme\DAP\dapextie2.htm

LSP: d:\progra~1\SPEEDB~1\sblsp.dll

FF - ProfilePath - c:\dokumente und einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\nkvgy2ra.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=

FF - component: c:\programme\DAP\DAPFireFox\components\DAPFireFox.dll

FF - plugin: d:\programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

FF - plugin: d:\programme\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: d:\programme\Java\jre6\bin\new_plugin\npdeploytk.dll

FF - plugin: d:\programme\Java\jre6\bin\new_plugin\npjp2.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

FF - user.js: yahoo.homepage.dontask - true.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-08 17:18

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  CTxfiHlp = CTXFIHLP.EXE? 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************
 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys splm.sys >>UNKNOWN [0x8A6B4938]<< 

kernel: MBR read successfully

user & kernel MBR OK 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
 

atapi.sys @ 0x0 0x0 bytes
 

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB7E20B40 atapi.sys

\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB7E20B40 atapi.sys

\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB7E20B40 atapi.sys

\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB7E20B40 atapi.sys

\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB7E20B40 atapi.sys

\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB7E20B40 atapi.sys

\Driver\atapi IRP hooks detected !
 

**************************************************************************
 

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'lsass.exe'(1004)

d:\progra~1\SPEEDB~1\sblsp.dll

d:\programme\SpeedBit Video Accelerator\ConfigDB.dll

d:\programme\SpeedBit Video Accelerator\Accelerator.dll

d:\programme\SpeedBit Video Accelerator\CommPipe.dll

d:\programme\SpeedBit Video Accelerator\Collector.dll

c:\programme\Bonjour\mdnsNSP.dll
 

- - - - - - - > 'explorer.exe'(1088)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Zeit der Fertigstellung: 2009-11-08 17:19

ComboFix-quarantined-files.txt  2009-11-08 16:19
 

Vor Suchlauf: 9 Verzeichnis(se), 311.071.338.496 Bytes frei

Nach Suchlauf: 11 Verzeichnis(se), 311.108.833.280 Bytes frei
 

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
 

- - End Of File - - 1C20EDBA7BDA0B19ECAEF37C795B530A