G: ist ein USB Anschluss, ist aber die ganze Zeit nicht in Verwendung. Avira kommt immer wieder mit der Fehlermeldung, G: scheint auch im Explorer auf (Auf G: kann nicht zugegriffen werden. Falscher Parameter).
hier das Log von Combofix:
[code]
Combofix Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 12-01-09.03 - Schatzipu 09.01.2012 23:45:42.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3038.1829 [GMT 1:00]
ausgeführt von:: c:\users\Schatzipu\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\facemoods.com\facemoods\1.4.17.6\faCEmoodstlbr.dll
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-09 bis 2012-01-09 ))))))))))))))))))))))))))))))
.
.
2012-01-09 23:05 . 2012-01-09 23:06 -------- d-----w- c:\users\Schatzipu\AppData\Local\temp
2012-01-09 23:05 . 2012-01-09 23:05 -------- d-----w- c:\users\Thomas\AppData\Local\temp
2012-01-09 23:05 . 2012-01-09 23:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-09 23:05 . 2012-01-09 23:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-09 23:05 . 2012-01-09 23:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-09 22:13 . 2012-01-09 22:13 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F20AD058-D5E7-4C6A-ADC4-D9FBCE3CD9D3}\offreg.dll
2012-01-09 15:41 . 2012-01-09 15:41 -------- d-----w- c:\users\Schatzipu\AppData\Roaming\ImgBurn
2012-01-09 15:40 . 2012-01-09 15:40 -------- d-----w- c:\program files\ImgBurn
2012-01-08 21:21 . 2012-01-08 21:21 -------- d-----w- c:\users\Schatzipu\AppData\Roaming\Canneverbe Limited
2012-01-08 21:21 . 2012-01-08 21:21 -------- d-----w- c:\programdata\Canneverbe Limited
2012-01-08 21:20 . 2012-01-08 21:21 -------- d-----w- c:\program files\CDBurnerXP
2012-01-08 19:49 . 2012-01-09 16:49 -------- d-----w- c:\programdata\WinZip
2012-01-08 01:10 . 2012-01-09 22:21 5694 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-01-08 00:58 . 2012-01-08 00:58 -------- d-----w- C:\_OTL
2012-01-07 09:33 . 2012-01-07 09:33 -------- d-----w- c:\program files\ESET
2012-01-07 01:19 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F20AD058-D5E7-4C6A-ADC4-D9FBCE3CD9D3}\mpengine.dll
2012-01-06 18:05 . 2012-01-06 18:05 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-01-06 02:30 . 2012-01-06 03:49 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-01-05 20:51 . 2012-01-05 20:51 -------- d-----w- c:\users\Gast
2012-01-05 20:49 . 2012-01-05 20:49 -------- d-----w- c:\users\virus
2012-01-05 20:31 . 2012-01-05 20:31 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-01-04 10:22 . 2009-05-18 12:17 26600 ---ha-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-04 10:22 . 2008-04-17 11:12 107368 ---ha-w- c:\windows\system32\GEARAspi.dll
2012-01-04 10:19 . 2012-01-04 10:19 -------- d-----w- c:\program files\iPod
2011-12-20 20:33 . 2011-12-20 20:33 -------- d-----w- c:\users\Schatzipu\AppData\Roaming\Avira
2011-12-20 19:27 . 2011-12-09 11:40 74640 ---ha-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-20 19:27 . 2011-12-09 11:40 36000 ---ha-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-20 19:27 . 2011-12-09 11:40 134856 ---ha-w- c:\windows\system32\drivers\avipbb.sys
2011-12-20 19:27 . 2011-12-20 19:27 -------- d-----w- c:\programdata\Avira
2011-12-20 19:27 . 2011-12-20 19:27 -------- d-----w- c:\program files\Avira
2011-12-15 15:54 . 2011-12-15 15:54 1207568 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2010-05-15 14:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"facemoods"="c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe" [2010-10-26 323584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6295552]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"ToADiMon.exe"="c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2010-04-08 286720]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]
.
c:\users\Schatzipu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Terminkalender2.lnk - c:\softwarenetz\Terminkalender2\kalender2.exe [2011-2-22 2502752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-15 16:04 98304 ---ha-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online_Software_6
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-14 20:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-15 08:17 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AML]
2008-06-13 13:07 1097728 ----a-w- c:\program files\Sony\VAIO Launcher\AML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoCockpit]
2007-07-30 13:27 176128 ------w- c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\ic_start.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-04-03 18:03 317280 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
2008-08-22 10:25 24576 ----a-w- c:\program files\Sony\Marketing Tools\MarketingTools.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
2008-07-30 14:05 262144 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online_Software_6\WLAN-Access Finder]
2008-04-08 16:49 671796 ----a-w- c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToADiMon.exe]
2010-04-08 13:59 286720 ----a-w- c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 12164498
*Deregistered* - 12164498
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 12:09]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 12:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.orf.at/
mStart Page = about --- --- ---
10.01.2012, 00:14
Hybrid-Darstellung
