Trojaner-Board - delayed write failed Virus schwarzer Bildschirm

G: ist ein USB Anschluss, ist aber die ganze Zeit nicht in Verwendung. Avira kommt immer wieder mit der Fehlermeldung, G: scheint auch im Explorer auf (Auf G: kann nicht zugegriffen werden. Falscher Parameter).

hier das Log von Combofix:
[code]
Combofix Logfile:
Code:
ComboFix 12-01-09.03 - Schatzipu 09.01.2012  23:45:42.4.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3038.1829 [GMT 1:00]

ausgeführt von:: c:\users\Schatzipu\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files\facemoods.com\facemoods\1.4.17.6\faCEmoodstlbr.dll

c:\windows\system32\drivers\etc\hosts.ics

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-09 bis 2012-01-09  ))))))))))))))))))))))))))))))

.

.

2012-01-09 23:05 . 2012-01-09 23:06        --------        d-----w-        c:\users\Schatzipu\AppData\Local\temp

2012-01-09 23:05 . 2012-01-09 23:05        --------        d-----w-        c:\users\Thomas\AppData\Local\temp

2012-01-09 23:05 . 2012-01-09 23:05        --------        d-----w-        c:\users\Public\AppData\Local\temp

2012-01-09 23:05 . 2012-01-09 23:05        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-01-09 23:05 . 2012-01-09 23:05        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2012-01-09 22:13 . 2012-01-09 22:13        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F20AD058-D5E7-4C6A-ADC4-D9FBCE3CD9D3}\offreg.dll

2012-01-09 15:41 . 2012-01-09 15:41        --------        d-----w-        c:\users\Schatzipu\AppData\Roaming\ImgBurn

2012-01-09 15:40 . 2012-01-09 15:40        --------        d-----w-        c:\program files\ImgBurn

2012-01-08 21:21 . 2012-01-08 21:21        --------        d-----w-        c:\users\Schatzipu\AppData\Roaming\Canneverbe Limited

2012-01-08 21:21 . 2012-01-08 21:21        --------        d-----w-        c:\programdata\Canneverbe Limited

2012-01-08 21:20 . 2012-01-08 21:21        --------        d-----w-        c:\program files\CDBurnerXP

2012-01-08 19:49 . 2012-01-09 16:49        --------        d-----w-        c:\programdata\WinZip

2012-01-08 01:10 . 2012-01-09 22:21        5694        ----a-w-        c:\windows\system32\PerfStringBackup.TMP

2012-01-08 00:58 . 2012-01-08 00:58        --------        d-----w-        C:\_OTL

2012-01-07 09:33 . 2012-01-07 09:33        --------        d-----w-        c:\program files\ESET

2012-01-07 01:19 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F20AD058-D5E7-4C6A-ADC4-D9FBCE3CD9D3}\mpengine.dll

2012-01-06 18:05 . 2012-01-06 18:05        --------        d-----w-        C:\Malwarebytes' Anti-Malware

2012-01-06 02:30 . 2012-01-06 03:49        --------        d-----w-        c:\program files\GridinSoft Trojan Killer

2012-01-05 20:51 . 2012-01-05 20:51        --------        d-----w-        c:\users\Gast

2012-01-05 20:49 . 2012-01-05 20:49        --------        d-----w-        c:\users\virus

2012-01-05 20:31 . 2012-01-05 20:31        --------        d-sh--w-        c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-01-04 10:22 . 2009-05-18 12:17        26600        ---ha-w-        c:\windows\system32\drivers\GEARAspiWDM.sys

2012-01-04 10:22 . 2008-04-17 11:12        107368        ---ha-w-        c:\windows\system32\GEARAspi.dll

2012-01-04 10:19 . 2012-01-04 10:19        --------        d-----w-        c:\program files\iPod

2011-12-20 20:33 . 2011-12-20 20:33        --------        d-----w-        c:\users\Schatzipu\AppData\Roaming\Avira

2011-12-20 19:27 . 2011-12-09 11:40        74640        ---ha-w-        c:\windows\system32\drivers\avgntflt.sys

2011-12-20 19:27 . 2011-12-09 11:40        36000        ---ha-w-        c:\windows\system32\drivers\avkmgr.sys

2011-12-20 19:27 . 2011-12-09 11:40        134856        ---ha-w-        c:\windows\system32\drivers\avipbb.sys

2011-12-20 19:27 . 2011-12-20 19:27        --------        d-----w-        c:\programdata\Avira

2011-12-20 19:27 . 2011-12-20 19:27        --------        d-----w-        c:\program files\Avira

2011-12-15 15:54 . 2011-12-15 15:54        1207568        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 14:24 . 2010-05-15 14:37        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"facemoods"="c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe" [2010-10-26 323584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6295552]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]

"ToADiMon.exe"="c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2010-04-08 286720]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]

.

c:\users\Schatzipu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Terminkalender2.lnk - c:\softwarenetz\Terminkalender2\kalender2.exe [2011-2-22 2502752]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoSecCPL"= 0 (0x0)

"NoDevMgrPage"= 0 (0x0)

"NoConfigPage"= 0 (0x0)

"NoVirtMemPage"= 0 (0x0)

"NoFileSysPage"= 0 (0x0)

"NoNetSetup"= 0 (0x0)

"NoNetSetupIDPage"= 0 (0x0)

"NoNetSetupSecurityPage"= 0 (0x0)

"NoWorkgroupContents"= 0 (0x0)

"NoEntireNetwork"= 0 (0x0)

"NoFileSharingControl"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2008-07-15 16:04        98304        ---ha-w-        c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

backup=c:\windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online_Software_6

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2008-10-14 20:38        623992        ----a-w-        c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 06:58        611712        ----a-w-        c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

2008-11-15 08:17        2356088        ----a-w-        c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AML]

2008-06-13 13:07        1097728        ----a-w-        c:\program files\Sony\VAIO Launcher\AML.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-04-12 22:46        1135912        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoCockpit]

2007-07-30 13:27        176128        ------w-        c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\ic_start.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]

2008-04-03 18:03        317280        ----a-w-        c:\program files\Sony\ISB Utility\ISBMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 00:36        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]

2008-08-22 10:25        24576        ----a-w-        c:\program files\Sony\Marketing Tools\MarketingTools.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]

2008-07-30 14:05        262144        ----a-w-        c:\program files\Sony\Network Utility\LANUtil.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-11-04 09:30        413696        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online_Software_6\WLAN-Access Finder]

2008-04-08 16:49        671796        ----a-w-        c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToADiMon.exe]

2010-04-08 13:59        286720        ----a-w-        c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 12164498

*Deregistered* - 12164498

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

Akamai        REG_MULTI_SZ           Akamai

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 12:09]

.

2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 12:09]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.orf.at/

mStart Page = about:blank

mWindow Title = Microsoft Internet Explorer

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

Trusted Zone: maxdome.de\www

TCP: DhcpNameServer = 192.168.2.1

DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20111123062837

FF - ProfilePath - c:\users\Schatzipu\AppData\Roaming\Mozilla\Firefox\Profiles\dkk0kp2n.default\

FF - prefs.js: browser.search.selectedEngine - 

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-01-10 00:06

Windows 6.0.6001 Service Pack 1 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

"ImagePath"="system32\drivers\

[verify-U]-driver.sys"

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\[verify-U]_System]

"ImagePath"="system32\drivers\

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2012-01-10  00:11:05

ComboFix-quarantined-files.txt  2012-01-09 23:11

.

Vor Suchlauf: 18 Verzeichnis(se), 127.837.569.024 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 127.799.738.368 Bytes frei

.

- - End Of File - - CD9DCD702EFCF619368A33F83E9DE799
--- --- ---