delphi.gen entfernen - datfind gepostet

#1 Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: D0F2-CC80

Verzeichnis von c:\

08.02.2010 19:07 0 dirdat.txt
08.02.2010 18:17 352 aaw7boot.cmd
08.02.2010 06:21 1.610.133.504 pagefile.sys
08.02.2010 06:21 1.207.599.104 hiberfil.sys
12.10.2009 16:44 0 IO.SYS
12.10.2009 16:44 0 MSDOS.SYS
28.08.2009 16:41 8.192 BOOTSECT.BAK
28.08.2009 16:41 350 boot.ini
28.08.2009 06:55 171.136 grldr
27.08.2009 15:06 206 Boot.BAK
14.07.2009 02:38 383.562 bootmgr
10.06.2009 22:42 10 config.sys
10.06.2009 22:42 24 autoexec.bat
14.04.2008 13:00 251.712 ntldr
14.04.2008 13:00 47.564 NTDETECT.COM
14.04.2008 13:00 4.952 bootfont.bin
16 Datei(en), 2.818.600.668 Bytes
0 Verzeichnis(se), 36.291.903.488 Bytes frei
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: D0F2-CC80

Verzeichnis von C:\Windows\system32

08.02.2010 11:05 10.208 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
08.02.2010 11:05 10.208 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
03.02.2010 23:55 4.086 perfh01D.dat
03.02.2010 23:55 666.534 perfh019.dat
03.02.2010 23:55 439.854 perfh014.dat
03.02.2010 23:55 3.894 perfc01D.dat
03.02.2010 23:55 128.694 perfc019.dat
03.02.2010 23:55 681.158 perfh013.dat
03.02.2010 23:55 73.804 perfc014.dat
03.02.2010 23:55 129.410 perfc013.dat
03.02.2010 23:55 679.812 perfh010.dat
03.02.2010 23:55 123.808 perfc010.dat
03.02.2010 23:55 126.872 perfc00C.dat
03.02.2010 23:55 684.756 perfh00C.dat
03.02.2010 23:55 424.702 perfh00B.dat
03.02.2010 23:55 78.392 perfc00B.dat
03.02.2010 23:55 683.802 perfh00A.dat
03.02.2010 23:55 133.506 perfc00A.dat
03.02.2010 23:55 606.992 perfh009.dat
03.02.2010 23:55 126.188 perfc007.dat
03.02.2010 23:55 643.628 perfh007.dat
03.02.2010 23:55 103.370 perfc009.dat
03.02.2010 23:55 452.926 perfh006.dat
03.02.2010 23:55 76.422 perfc006.dat
03.02.2010 23:55 7.042.276 PerfStringBackup.INI
23.01.2010 11:27 42 scud.udf
14.01.2010 11:12 181.120 MpSigStub.exe
11.01.2010 08:12 381.440 iedkcs32.dll
05.01.2010 01:17 29.634.504 MRT.exe
19.12.2009 10:02 977.920 wininet.dll
19.12.2009 10:02 1.224.704 urlmon.dll
19.12.2009 10:02 5.961.728 mshtml.dll
19.12.2009 10:02 64.512 msfeedsbs.dll
19.12.2009 10:02 10.976.768 ieframe.dll
13.12.2009 09:57 285.232 FNTCACHE.DAT
09.12.2009 18:57 10.752 BASSMOD.dll
07.12.2009 09:24 1.335.782 _upd.log
29.11.2009 00:40 5.142 INSTALL.LOG


Danke für eure hilfe

#2 http://board.protecus.de/t23187.htm
abarbeiten, logs posten.

#3 1.

C:\Windows\Temp - Kontinuierliches Auftreten der Svchost welche als Delphi.gen mit avira erkannt wird - Fundbericht Avira:

"In der Datei 'C:\Windows\Temp\cjkm.tmp\svchost.exe'
wurde ein Virus oder unerwünschtes Programm 'DR/Delphi.Gen' [dropper] gefunden.
Ausgeführte Aktion: Zugriff verweigern"

2. Erledigt


3. Bericht liegt als txtdatei bei und hier:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3709
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.02.2010 22:29:59
mbam-log-2010-02-08 (22-29-59).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 111128
Laufzeit: 4 minute(s), 37 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GoogleUpdateBeta (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cleanup (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Jürgen\AppData\Roaming\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.

4.liegt als anlage bei

5. liegt als anlage bei

6.Hijack Log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 23:02:04, on 08.02.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\RegCure\RegCure.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Programme\GMX SMS-Manager\SMSMngr.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rdpclip.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.3.43.0\escort.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.3.43.0\escorTlbr.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GMX SMS-Manager] d:\Programme\GMX SMS-Manager\SMSMngr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Azureus - Verknüpfung.lnk = D:\Programme\Azureus\Azureus.exe
O4 - Startup: JDownloader.lnk = D:\Programme\JDownloader\JDownloader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4709 bytes

6. Uninstall List

Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Avira AntiVir Personal - Free Antivirus
Azureus
Babylonia
Big Fish Games Client
Bookworm Adventures Deluxe
Build-a-lot 3
Canon Inkjet Printer Driver Add-On Module V2.00
Cate West: Der verborgene Schlüssel
CD-LabelPrint
CleanUp!
CloneCD
CloneDVD2
CloneDVDmobile
Das geheimnisvolle Tagebuch
Das grosse Sarah Wiener Kochspiel
Das rätselhafte Kristall-Portal
Deluxe Pacman (1.70e)
DEUTSCHLAND SPIELT GAME CENTER
Die Rückkehr zur Geheimnisvollen Insel 2
Die verzauberten Inseln
Diner Dash - Flo on the Go
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DVD and CD Cover Print
eXtreme Movie Manager 7.0.4.6 - Update Only!
facemoods
Foxit Reader
FoxyTunes for Firefox
GMX SMS-Manager
Google Earth Plug-in
Google Update Helper
Heartwild Solitaire
HiJackThis
IsoBuster 2.6
Java(TM) 6 Update 15
JDownloader
Jessica. Das Geheimnis der Karibik
Jewel Quest Solitaire III (nur deinstallation)
Jigsaw Puzzle Player - Animals and Culture Deluxe
Kreuzworträtsel – Kalender Edition
Laura Jones 2
Leisure Suit Larry - Box Office Bust
Logitech GamePanel Software 3.02.173
Mahjong Escape: Ancient China 1.0.0.5
Malwarebytes' Anti-Malware
MediaMonkey 2.5 Language Pack 1.7
Microsoft Office XP Professional mit FrontPage
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6)
Mozilla Thunderbird (2.0.0.23)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed™ SHIFT
Nero 9
neroxml
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Peggle Deluxe
PPMate Network TV 2.3.3.6
ProtectDisc Driver, Version 11
Puzzle Master Deluxe
QT Lite 2.9.2
Realtek AC'97 Audio
RegCure
Ritter Arthur
Samantha Swift and the Golden Touch
SCHLECKER Foto Digital Service
Security Task Manager 1.7h
Skype™ 4.1
SopCast 3.0.3
STILLLIFE2 version 1.0
Stream Torrent 1.0
Strike Ball 3
Super TextTwist Deluxe
System Requirements Lab
Total Commander (Remove or Repair)
Trivial Pursuit Family Edition
Trivial Pursuit The 90s Deluxe
Trivial Pursuit(TM) Genus Edition Deluxe
TVUPlayer 2.4.9.1
Uniblue RegistryBooster 2009
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.15
VistaBootPRO 3.3
VLC media player 1.0.1
Windows 7 Manager
WinRAR archiver
Womens Murder Club


VIELEN DANK FÜR DIE HILFE und den schnellen Kontaktemail!

lg Jürgen

#4 bitte combofix ausführen, log posten.

#5 [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,d6,dd,99,99,e7,6c,44,b6,2c,a9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,d6,dd,99,99,e7,6c,44,b6,2c,a9,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5124)
d:\programme\MediaMonkey 3.1.2.1266\DeskPlayer.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-02-09 19:48:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-02-09 18:48

Vor Suchlauf: 12 Verzeichnis(se), 36.393.783.296 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 36.182.761.472 Bytes frei

- - End Of File - - 9A848E52DEA52C35AC6CAEFA4FCBBD2E

#6 und warum nicht das ganze log?

#7 Sorry, hab mich vertan, habs nochmal gemacht:

ComboFix 10-02-09.01 - Jürgen 09.02.2010 21:56:46.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.1536.877 [GMT 1:00]
ausgeführt von:: c:\users\Jürgen\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
.

((((((((((((((((((((((( Dateien erstellt von 2010-01-09 bis 2010-02-09 ))))))))))))))))))))))))))))))
.

2010-02-09 21:08 . 2010-02-09 21:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-09 21:08 . 2010-02-09 21:08 -------- d-----w- c:\users\Mcx1-HOMEPC\AppData\Local\temp
2010-02-09 21:08 . 2010-02-09 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-09 20:54 . 2010-02-09 20:55 -------- d-----w- C:\32788R22FWJFW
2010-02-08 21:41 . 2010-02-08 21:41 -------- d-----w- c:\program files\TrendMicro
2010-02-08 21:22 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-08 21:22 . 2010-02-08 21:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-08 21:22 . 2010-02-08 21:22 -------- d-----w- c:\programdata\Malwarebytes
2010-02-08 21:22 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-08 18:20 . 2010-02-08 18:20 574 ----a-w- C:\cleanup.bat
2010-02-08 18:20 . 2010-02-08 18:20 135168 ----a-w- C:\zip.exe
2010-02-08 18:00 . 2010-02-08 18:00 -------- d-----w- c:\program files\CleanUp!
2010-02-08 16:20 . 2009-01-18 21:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-08 16:11 . 2010-02-08 16:11 131072 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapi3.dll
2010-02-08 16:11 . 2010-02-08 16:11 131072 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\pcre.dll
2010-02-08 16:11 . 2010-02-08 16:11 348160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\msvcr71.dll
2010-02-08 16:11 . 2010-02-08 16:11 192512 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\libaprutil-1.dll
2010-02-08 16:11 . 2010-02-08 16:11 11776 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\libavll.dll
2010-02-08 16:11 . 2010-02-08 16:11 139264 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\libapr-1.dll
2010-02-08 16:10 . 2010-02-08 16:10 102400 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\avpal.dll
2010-02-08 16:10 . 2010-02-08 16:10 102772 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aevdf.dll
2010-02-08 16:10 . 2010-02-08 16:10 315770 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aescript.dll
2010-02-08 16:10 . 2010-02-08 16:10 119156 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aescn.dll
2010-02-08 16:10 . 2010-02-08 16:10 418165 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aerdl.dll
2010-02-08 16:09 . 2010-02-08 16:09 364917 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aepack.dll
2010-02-08 16:08 . 2010-02-08 16:08 192890 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aeoffice.dll
2010-02-08 16:08 . 2010-02-08 16:08 1388918 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aeheur.dll
2010-02-08 16:07 . 2010-02-08 16:07 115063 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aehelp.dll
2010-02-08 16:07 . 2010-02-08 16:07 315764 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aegen.dll
2010-02-08 16:07 . 2010-02-08 16:07 430452 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aeemu.dll
2010-02-08 16:07 . 2010-02-08 16:07 172406 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aecore.dll
2010-02-08 16:07 . 2010-02-08 16:07 53617 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aebb.dll
2010-02-08 16:07 . 2010-02-08 16:07 0 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ToolBox\LT\HostFileEditor.exe
2010-02-08 16:06 . 2010-02-08 16:06 314712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-08 16:06 . 2010-02-08 16:06 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll
2010-02-08 16:06 . 2010-02-08 16:06 168800 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-08 16:06 . 2010-02-08 16:06 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-08 16:05 . 2010-02-08 16:05 349008 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-08 16:05 . 2010-02-08 16:05 298336 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-08 16:05 . 2010-02-08 16:05 17632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-02-08 16:05 . 2010-02-08 16:05 84320 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-08 16:01 . 2010-02-08 16:01 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-08 16:00 . 2010-02-08 16:00 246640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-08 16:00 . 2010-02-08 16:00 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-08 16:00 . 2010-02-08 16:00 68640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2010-02-08 16:00 . 2010-02-08 16:00 303976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2010-02-08 16:00 . 2010-02-08 16:00 85352 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2010-02-08 16:00 . 2010-02-08 16:00 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2010-02-08 16:00 . 2010-02-08 16:00 664936 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-08 15:59 . 2010-02-08 15:59 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-08 15:54 . 2010-02-08 15:54 562552 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-08 15:54 . 2010-02-08 15:54 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-08 15:54 . 2010-02-08 15:54 2353992 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-08 15:54 . 2010-02-08 15:54 640760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-02-08 15:53 . 2010-02-08 15:53 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-08 15:53 . 2010-02-08 15:53 1028432 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-08 15:50 . 2010-02-08 15:50 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-02-08 15:50 . 2009-01-18 21:43 2892112 -c--a-w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2010-02-08 15:49 . 2010-02-08 15:49 -------- d-----w- c:\program files\Lavasoft
2010-01-29 21:47 . 2010-01-29 21:47 -------- d-----w- c:\program files\facemoods.com
2010-01-27 17:11 . 2010-01-27 17:12 -------- d-----w- c:\program files\Google
2010-01-27 05:00 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 05:00 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 05:00 . 2009-10-24 04:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-01-27 05:00 . 2009-10-24 03:58 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-01-25 17:23 . 2010-01-25 17:25 -------- d-----w- c:\programdata\Installations
2010-01-23 21:42 . 2010-01-23 21:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-23 07:45 . 2010-01-23 07:48 -------- d-----w- c:\programdata\Lavasoft
2010-01-22 06:10 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-13 04:57 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 04:57 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 20:49 . 2009-09-10 04:39 -------- d-----w- c:\programdata\NVIDIA
2010-01-23 10:20 . 2010-01-23 10:15 -------- d-----w- c:\programdata\SecTaskMan
2010-01-18 20:57 . 2009-12-07 02:25 -------- d-----w- c:\programdata\RegCure
2010-01-17 04:33 . 2009-12-07 02:25 -------- d-----w- c:\program files\RegCure
2010-01-14 10:12 . 2009-10-03 10:51 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 22:05 . 2009-08-30 08:02 1195328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-13 08:32 . 2009-12-03 17:52 -------- d-----w- c:\programdata\PopCap Games
2010-01-11 22:13 . 2009-09-18 17:37 1162048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-01-09 10:24 . 2010-01-09 10:24 -------- d-----w- c:\programdata\AdventureChronicles1
2010-01-04 20:17 . 2009-08-28 12:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-04 20:12 . 2009-08-28 13:33 -------- d-----w- c:\programdata\CyberLink
2010-01-04 20:08 . 2009-08-28 13:29 53319 ----a-w- c:\programdata\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-01-04 14:59 . 2009-08-28 10:03 -------- d-----w- c:\programdata\SlySoft
2009-12-31 14:01 . 2009-12-31 14:00 1406112 ----a-w- c:\programdata\hps\1188\Schlecker_Fotoservice.exe
2009-12-31 13:56 . 2009-12-31 13:56 -------- d-----w- c:\programdata\hps
2009-12-31 01:37 . 2009-08-28 08:45 -------- d-----w- c:\programdata\Nero
2009-12-30 12:15 . 2009-12-30 12:14 -------- d-----w- c:\programdata\Zylom
2009-12-28 15:18 . 2009-12-28 15:18 -------- d-----w- c:\program files\Common Files\Canon
2009-12-28 14:46 . 2009-12-28 13:37 -------- d-----w- c:\program files\Canon
2009-12-26 15:34 . 2009-12-26 15:34 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2009-12-19 13:11 . 2009-07-13 22:09 117312 ----a-w- c:\windows\system32\drivers\nvraid.sys
2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-12-13 09:05 . 2009-12-13 09:05 -------- d-----w- c:\programdata\PlayFirst
2009-12-10 00:07 . 2009-12-10 00:06 1825608 ----a-w- c:\programdata\ParetoLogic\UUS2\Privacy Controls\Temp\Update.exe
2009-12-09 08:18 . 2009-09-03 15:08 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-07 08:29 . 2009-12-07 08:29 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

Code

<pre>
c:\program files\Avira\AntiVir Desktop\avgnt .exe
c:\program files\Canon\MyPrinter\bjmyprt .exe
</pre>

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
2009-12-23 11:22 225280 ----a-w- c:\program files\facemoods.com\facemoods\1.3.43.0\escort.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}"= "c:\program files\facemoods.com\facemoods\1.3.43.0\escorTlbr.dll" [2009-12-23 167936]

[HKEY_CLASSES_ROOT\clsid\{db4e9724-f518-4dfd-9c7c-78b52103cab9}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"GMX SMS-Manager"="d:\programme\GMX SMS-Manager\SMSMngr.exe" [2007-07-19 3539968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-01-31 209153]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]

c:\users\J�rgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
JDownloader.lnk - d:\programme\JDownloader\JDownloader.exe [2009-10-26 214528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2009-05-04 09:26 1572872 ----a-w- c:\program files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2009-05-04 09:47 2817544 ----a-w- c:\program files\Logitech\GamePanel Software\G-series Software\lgdcore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDeviceAgent]
2009-05-04 09:48 354312 ----a-w- c:\program files\Logitech\GamePanel Software\lgdevagt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 05:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-28 15:07 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

R2 acedrv11;acedrv11;c:\windows\System32\drivers\acedrv11.sys [19.01.2009 19:31 277544]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [03.09.2009 16:08 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 22:34 921936]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [17.08.2009 00:32 239648]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [28.08.2009 09:16 721904]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.01.2010 18:11 135664]
.
Inhalt des "geplante Tasks" Ordners

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 17:11]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 17:11]

2010-02-09 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 23:33]

2010-02-09 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 23:33]

2010-02-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 23:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\0rzzlmi8.default\
FF - component: c:\users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\0rzzlmi8.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\0rzzlmi8.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: d:\programme\Veetle\Player\npvlc.dll
FF - plugin: d:\programme\Veetle\plugins\npVeetle.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,d6,dd,99,99,e7,6c,44,b6,2c,a9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,d6,dd,99,99,e7,6c,44,b6,2c,a9,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3864)
d:\programme\MediaMonkey 3.1.2.1266\DeskPlayer.dll
.
Zeit der Fertigstellung: 2010-02-09 22:12:42
ComboFix-quarantined-files.txt 2010-02-09 21:12
ComboFix2.txt 2010-02-09 18:48

Vor Suchlauf: 16 Verzeichnis(se), 36.243.623.936 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 36.184.846.336 Bytes frei

- - End Of File - - AC9131D98647CC167E773816C446266D

#8 poste den inhalt von
ComboFix-quarantined-files.txt

#9 Bin jetzt nicht zu hause!
muss ich combofix jetzt nochmals ausführen oder ist der ComboFix-quarantined-files.txt iwo verzeichnet?

#10 ja im qoobox ordner auf c:\ oder nimm die windows suche und such nach dem dateinamen.

#11 danke habs gefunden und angehängt

#12 www.virustotal.com
diese dateien dort nacheinander ins eingabefeld kopieren, prüfen, ergebnisse posten, falls bereits analysiert, erneut prüfen, berichten wie der pc läuft.
c:\windows\explorer.exe
c:\windows\system32\winlogon.exe