KBDIUMAT.DLL - TR/Agent.14427.B - AdWare.Win32.Stud.n

#16 ihm sdfix ordner is nur 4 sachen aba da is kein log.. combofix mach ich bald

#17 na gut..poste das neue Log von Combofix
__________
MfG Sabina

rund um die PC-Sicherheit

#18 ComboFix 08-04-26.5 - Shinay 2008-04-27 20:26:48.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.975 [GMT 2:00]
ausgeführt von:: C:\Users\Shinay\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2008-03-27 bis 2008-04-27 ))))))))))))))))))))))))))))))
.

2008-04-26 13:00 . 2008-04-26 13:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-10 07:44 . 2008-04-10 07:44 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-10 07:44 . 2008-04-10 07:44 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-10 07:44 . 2008-04-10 07:44 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-10 07:44 . 2008-04-10 07:44 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-10 07:44 . 2008-04-10 07:44 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-10 07:44 . 2008-04-10 07:44 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-10 07:44 . 2008-04-10 07:44 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-10 07:44 . 2008-04-10 07:44 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-10 07:44 . 2008-04-10 07:44 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-10 07:42 . 2008-04-10 07:42 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-10 07:41 . 2008-04-10 07:41 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-10 07:39 . 2008-04-10 07:39 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-10 07:39 . 2008-04-10 07:39 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-07 22:30 . 2008-04-07 22:31 196 --a------ C:\Windows\ulead32.ini
2008-04-07 22:28 . 2008-04-07 22:28 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-07 22:27 . 2008-04-07 22:28 <DIR> d-------- C:\Users\All Users\Ulead Systems
2008-04-07 22:27 . 2008-04-07 22:28 <DIR> d-------- C:\ProgramData\Ulead Systems
2008-04-07 22:27 . 2008-04-07 22:27 <DIR> d-------- C:\Program Files\Ulead Systems
2008-04-06 22:10 . 2008-04-06 22:10 <DIR> d-------- C:\Program Files\Invisible Browsing
2008-04-06 22:10 . 2008-04-06 22:10 68 --a------ C:\Windows\MyProg.ini
2008-03-29 10:34 . 2008-03-29 10:34 <DIR> d-------- C:\Users\Administrator\Videos
2008-03-29 10:34 . 2008-03-29 10:34 <DIR> d-------- C:\Users\Administrator
2008-03-29 10:30 . 2008-03-29 10:30 <DIR> d-------- C:\Users\Shinay\AppData\Roaming\DivX
2008-03-28 20:24 . 2008-03-28 20:24 <DIR> d-------- C:\Program Files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 16:30 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-19 17:03 --------- d-----w C:\ProgramData\Sony Corporation
2008-04-18 12:44 --------- d-----w C:\Program Files\ICQ6
2008-04-10 05:54 --------- d-----w C:\Program Files\Windows Mail
2008-04-10 05:37 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-10 05:37 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-10 05:37 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-10 05:37 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-08 19:25 --------- d-----w C:\Users\Shinay\AppData\Roaming\Sony Corporation
2008-04-08 19:25 --------- d-----w C:\ProgramData\Symantec
2008-04-07 20:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 20:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-04 15:08 --------- d-----w C:\Program Files\Java
2008-04-03 04:28 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-29 08:34 --------- d-----w C:\Program Files\DivX
2008-03-26 20:26 --------- d-----w C:\ProgramData\WLInstaller
2008-03-22 11:20 --------- d-----w C:\Users\Shinay\AppData\Roaming\ICQ
2008-03-21 13:01 15,309 ----a-w C:\Windows\System32\KBDIUMAT.DLL
2008-03-19 22:12 921,632 ----a-w C:\PA7302.DAT
2008-03-13 16:24 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-13 16:24 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-10 15:50 --------- d-----w C:\Program Files\Common Files\PAC7302
2008-03-10 15:47 --------- d-----w C:\Program Files\KYE
2008-03-10 15:46 --------- d-----w C:\Users\Shinay\AppData\Roaming\InstallShield
2008-03-06 22:13 --------- d-----w C:\Program Files\Norton 360
2008-03-06 20:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-03-06 09:58 --------- d-----w C:\ProgramData\Messenger Plus!
2008-03-06 08:44 174 --sha-w C:\Program Files\desktop.ini
2008-03-06 08:38 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-06 08:38 --------- d-----w C:\Program Files\Windows Calendar
2008-03-06 02:19 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-06 02:19 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-06 02:19 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-06 02:19 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-06 02:19 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-06 02:19 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-06 02:19 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-06 02:19 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-03-06 02:19 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-06 02:19 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-06 02:19 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-03-06 02:19 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-06 02:19 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-03-06 02:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-06 02:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-06 02:13 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-06 02:13 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-06 02:13 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-06 02:13 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-06 02:12 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-06 02:12 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-06 02:12 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-06 02:12 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-03-06 02:12 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-06 02:12 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-06 02:12 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-06 02:12 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-03-06 02:12 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-06 02:12 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-06 02:12 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-06 02:11 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-06 02:11 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-06 02:11 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-06 02:11 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-06 02:11 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-06 02:10 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-06 02:10 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-06 02:10 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-03-06 02:10 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-06 02:10 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-06 02:10 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-06 02:09 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-03-06 02:09 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-03-06 02:09 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-03-06 02:09 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-03-06 02:07 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-06 02:06 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-06 02:06 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-06 02:06 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-06 02:06 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-06 02:06 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-06 02:04 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-06 02:02 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-06 02:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-06 00:36 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-06 00:36 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-06 00:36 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-06 00:36 --------- d-----w C:\Program Files\Symantec
2008-03-05 14:01 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 14:01 --------- d-----w C:\Program Files\Windows Live
2008-03-05 13:36 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-05 13:36 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-05 13:36 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-05 13:36 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-03-05 13:35 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-05 13:35 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-05 13:35 33,624 ----a-w C:\Windows\System32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-26_12.46.38,75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-26 08:27:49 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-27 10:21:24 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-26 08:27:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-27 10:21:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-04-26 08:27:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-04-27 10:21:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-26 10:43:01 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-27 17:36:38 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-26 08:29:31 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-27 10:23:03 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-04-26 10:43:10 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-27 18:25:57 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-26 08:29:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-27 10:22:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-27 10:22:57 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-26 10:38:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-27 18:09:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-26 10:38:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-27 18:09:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-26 10:38:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-27 18:09:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-26 10:43:43 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-27 18:26:42 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-04-26 08:34:30 116,706 ----a-w C:\Windows\System32\perfc007.dat
+ 2008-04-27 10:28:02 116,706 ----a-w C:\Windows\System32\perfc007.dat
- 2008-04-26 08:34:30 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-27 10:28:02 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-26 08:34:30 641,344 ----a-w C:\Windows\System32\perfh007.dat
+ 2008-04-27 10:28:02 641,344 ----a-w C:\Windows\System32\perfh007.dat
- 2008-04-26 08:34:30 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-27 10:28:02 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-26 08:30:14 7,246 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2511198481-3563765758-3319332306-1000_UserData.bin
+ 2008-04-27 10:23:25 7,318 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2511198481-3563765758-3319332306-1000_UserData.bin
- 2008-04-26 08:30:14 62,028 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-27 10:23:24 62,210 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-26 08:30:11 36,080 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-27 10:23:21 36,244 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9469492E-DFF9-4D9B-8267-25ABBD579E4E}]
2008-03-21 15:01 15309 --a------ C:\Windows\system32\KBDIUMAT.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe" [2007-06-29 14:38 258048]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [ ]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-03 15:24 1006264]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-30 03:07 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-30 03:06 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-30 03:07 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 02:39 4489216 C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 02:12 118784]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 18:27 317560]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-06 10:06 1831424]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2007-02-13 18:57 2020968]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-16 23:09 115816]
"snpstd"="C:\Windows\vsnpstd.exe" [ ]
"PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 12:01 319488]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"InvisibleBrowsing"="C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe" [2007-09-30 16:36 8454144]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 19:22 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-07-24 19:26 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F1593094-AD4C-4CE4-B4B7-AEA744C3E4DE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F73A1C7B-C154-4851-8E5A-25FD8E0AED4D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{97F9A59A-745C-4987-8417-D5312C694D4B}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{ECD9D5EB-C038-4852-AD61-E4273E6E9191}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{0DD8883B-C9FB-480F-8E87-DD472F08192D}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{E337DE85-2E92-48FE-8F67-D6B8D9DCDFBE}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{48667EAA-3E5D-4103-8230-CBEB590982E7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080425.001\IDSvix86.sys [2008-02-14 03:39]
R2 IBService;IBService;C:\Program Files\Invisible Browsing\servers\IBService.exe [2007-01-09 15:38]
R2 NSUService;NSUService;"C:\Program Files\Sony\Network Utility\NSUService.exe" [2007-06-29 14:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-08 02:01]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-30 03:06]
R3 PAC7302;Eye 312;C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-04-30 14:26]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-07-16 23:09]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 02:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-25 02:23]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-15 02:28]
S3 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2007-02-13 18:57]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 17:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 16:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-05 20:12]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-05 18:43]

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 20:29:27
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\NSI.dll
.
Zeit der Fertigstellung: 2008-04-27 20:30:26
ComboFix-quarantined-files.txt 2008-04-27 18:30:18
ComboFix2.txt 2008-04-26 10:47:04

7 Verzeichnis(se), 141,324,648,448 Bytes frei
16 Verzeichnis(se), 141,300,699,136 Bytes frei

268 --- E O F --- 2008-04-25 15:54:29

so ..

#19 ««
De-aktiviere Windows Defender
- Start Windows Defender.
- Klick Tools
- Klick General Settings
- Scroll nach Real-time protection options
- Entferne das häckchen bei Turn on Real-time protection (recommended)
- Klick Save

««
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
der als zu "fixen" (löschen) empfohlen wurde) - keine anderen !!
und wähle fix checked. + starte den Rechner neu.

Zitat

O2 - BHO: (no name) - {9469492E-DFF9-4D9B-8267-25ABBD579E4E} - C:\Windows\system32\KBDIUMAT.DLL

««
starte den Rechner neu.

««
poste ein neues Log vom HijackThis
+
aktiviere wieder den Windowsdefender
__________
MfG Sabina

rund um die PC-Sicherheit

#20 Das Problem ist gelöst. Ich habe es mit einem anderem Programm den Virus/Trojaner entfernt.