KBDIUMAT.DLL - TR/Agent.14427.B - AdWare.Win32.Stud.n

#1 hab nen problem:auf den meisten links geht i-net browser zu muss ich da was einstellen?. da kommt immer der fehler : windows hat ein problem festgestellt und muss die seite schliessen und es öffnet sich dann wieder die startseite.

#2 http://board.protecus.de/t23187.htm
__________
MfG Argus

#3 REINIGUNG komplett - (1.698 Sek)
------------------------------------------------------------------------------------------
342,6MB entfernt.
------------------------------------------------------------------------------------------

Details der gelöschten Dateien
------------------------------------------------------------------------------------------
IE Temporären Internetdateien (86 Dateien) 2,73MB
C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008041320080414\index.dat 32,00KB
C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat 1,92MB
C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008040720080414\index.dat 64,00KB
C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008041420080421\index.dat 0,14MB
C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008042120080422\index.dat 48,00KB
C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008042220080423\index.dat 48,00KB
C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008042320080424\index.dat 64,00KB
C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008042420080425\index.dat 48,00KB
C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008042520080426\index.dat 48,00KB
Zum Löschen markiert: C:\Users\Shinay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Zum Löschen markiert: C:\Users\Shinay\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Zum Löschen markiert: C:\Users\Shinay\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
Zum Löschen markiert: C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Geleerter Papierkorb (4 Dateien) 49,2MB
C:\Users\Shinay\AppData\Local\Temp\_is38F3.exe 0,43MB
C:\Users\Shinay\AppData\Local\Temp\_is5C4B.exe 0,43MB
C:\Users\Shinay\AppData\Local\Temp\_is5CD1.exe 0,43MB
C:\Users\Shinay\AppData\Local\Temp\_is6955.exe 0,43MB
C:\Users\Shinay\AppData\Local\Temp\_is6F96.exe 0,43MB
C:\Users\Shinay\AppData\Local\Temp\_is7ACC.exe 0,43MB
C:\Users\Shinay\AppData\Local\Temp\_isC4F.exe 0,43MB
C:\Users\Shinay\AppData\Local\Temp\_isD565.exe 0,43MB
C:\Users\Shinay\AppData\Local\Temp\{289A7017-BB26-484F-B966-B85F0B47525B}\ISSetup.dll 0,53MB
C:\Users\Shinay\AppData\Local\Temp\{289A7017-BB26-484F-B966-B85F0B47525B}\_Setup.dll 0,36MB
C:\Users\Shinay\AppData\Local\Temp\{3C6F28D9-79BA-42D9-839F-2CE1F1328082}\ISSetup.dll 0,53MB
C:\Users\Shinay\AppData\Local\Temp\{3C6F28D9-79BA-42D9-839F-2CE1F1328082}\_Setup.dll 0,36MB
C:\Users\Shinay\AppData\Local\Temp\{45E14F4E-02B8-4ECF-8F5F-0171DD932E19}\ISSetup.dll 0,53MB
C:\Users\Shinay\AppData\Local\Temp\{45E14F4E-02B8-4ECF-8F5F-0171DD932E19}\_Setup.dll 0,36MB
C:\Users\Shinay\AppData\Local\Temp\{669B5F71-9BD9-4547-AAEA-BB0545C7C40E}\ISSetup.dll 0,53MB
C:\Users\Shinay\AppData\Local\Temp\{669B5F71-9BD9-4547-AAEA-BB0545C7C40E}\_Setup.dll 0,36MB
C:\Users\Shinay\AppData\Local\Temp\{7295077A-6600-478C-BF5F-336FBC55C3B6}\ISSetup.dll 0,53MB
C:\Users\Shinay\AppData\Local\Temp\{7295077A-6600-478C-BF5F-336FBC55C3B6}\_Setup.dll 0,36MB
C:\Users\Shinay\AppData\Local\Temp\{A73450C2-5BD5-4C19-9A8E-C8E8E1F0E370}\ISSetup.dll 0,53MB
C:\Users\Shinay\AppData\Local\Temp\{A73450C2-5BD5-4C19-9A8E-C8E8E1F0E370}\_Setup.dll 0,36MB
C:\Users\Shinay\AppData\Local\Temp\{C45C1FE7-90A3-4C24-92A3-E8AF586B875A}\ISSetup.dll 0,53MB
C:\Users\Shinay\AppData\Local\Temp\{C45C1FE7-90A3-4C24-92A3-E8AF586B875A}\_Setup.dll 0,36MB
C:\Users\Shinay\AppData\Local\Temp\{DF775342-CF2B-4F69-9481-58D86E454589}\ISSetup.dll 0,53MB
C:\Users\Shinay\AppData\Local\Temp\{DF775342-CF2B-4F69-9481-58D86E454589}\_Setup.dll 0,36MB
C:\Windows\MEMORY.DMP 259,9MB
C:\Windows\MiniDump\Mini030608-01.dmp 0,13MB
C:\Windows\MiniDump\Mini032108-01.dmp 0,13MB
C:\Windows\MiniDump\Mini040708-01.dmp 0,13MB
C:\Windows\system32\wbem\Logs\FrameWork.log 31,93KB
C:\Windows\system32\wbem\Logs\wmiprov.log 20,33KB
C:\Windows\system32\wbem\Logs\WMITracing.log 16,0MB
C:\Windows\system32\wbem\Logs\wmiprov.lo_ 64,08KB
C:\Windows\DirectX.log 51,14KB
C:\Windows\DPINST.LOG 19,79KB
C:\Windows\DtcInstall.log 4,31KB
C:\Windows\msxml4-KB936181-enu.LOG 0,25MB
C:\Windows\msxml4-KB941833-enu.LOG 0,25MB
C:\Windows\PFRO.log 41,58KB
C:\Windows\setupact.log 17,84KB
C:\Windows\SETUPAPI.LOG 94 Byte
C:\Windows\setuperr.log 0 Byte
C:\Windows\TSSysprep.log 5,63KB
C:\Windows\xpsp1hfm.log 1,45KB
C:\Windows\Debug\mrt.log 4,84KB
C:\Windows\Debug\mrteng.log 1,70KB
C:\Windows\Debug\sammui.log 261 Byte
C:\Windows\Debug\UserMode\ChkAcc.log 0 Byte
C:\Windows\Debug\UserMode\ChkAcc.bak 0 Byte
C:\Windows\security\logs\scesetup.log 0,60MB
C:\Windows\security\logs\scecomp.old 660 Byte
C:\Users\Shinay\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK 296 Byte
C:\Users\Shinay\AppData\Roaming\Microsoft\Office\Recent\Dokument.LNK 531 Byte
C:\Users\Shinay\AppData\Roaming\Microsoft\Office\Recent\Dokumente.LNK 398 Byte
C:\Users\Shinay\AppData\Roaming\Microsoft\Office\Recent\index.dat 98 Byte
C:\Users\Shinay\AppData\Roaming\Microsoft\Office\Recent\nickss.LNK 417 Byte
C:\Users\Shinay\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK 698 Byte
C:\Users\Shinay\AppData\Roaming\Google\Local Search History\google%2Eimages.w 238 Byte
C:\Users\Shinay\AppData\Roaming\Google\Local Search History\google%2Eweb.w 1,50KB
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\ads1.msn.com\spiderwick-ger.sol 54 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\cdn.gigya.com\com.quantserve.sol 73 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\cdn.gigya.com\WildFire\swf\wildfire.swf\gigya_SNAccountsStatus.sol 95 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\cdn.gigya.com\WildFire\swf\wildfire.swf\gigya_tc.sol 67 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\de.video.netlog.com\com.jeroenwijerin.players.sol 65 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\de.youtube.com\soundData.sol 58 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\de.youtube.com\videostats.sol 199 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\flash.quantserve.com\com.quantserve.sol 73 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\fr.youtube.com\soundData.sol 58 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\fr.youtube.com\videostats.sol 161 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\images.soapbox.msn.com\flash\soapbox1_1.swf\CountryCode.sol 58 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\images.soapbox.msn.com\s_br.sol 35 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\images.video.msn.com\res\flash\633390781200000000\soapbox1_1.swf\CountryCode.sol 61 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\skype.com\#ui\preferences.sol 202 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\slide.com\ratings.sol 51 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol 94 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\video.google.com\videostats.sol 199 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.chip.de\ChipVideo_data.sol 82 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.orkut.com\gtalksettings.sol 116 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.virtualmeonline.de\eaMediaPlayer.sol 92 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.youtube.com\soundData.sol 58 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.youtube.com\timeDisplayConfig.sol 81 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.youtube.com\videostats.sol 199 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ads1.msn.com\settings.sol 82 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.gigya.com\settings.sol 83 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#de.video.netlog.com\settings.sol 89 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#de.youtube.com\settings.sol 84 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\settings.sol 90 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fr.youtube.com\settings.sol 84 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.soapbox.msn.com\settings.sol 92 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.video.msn.com\settings.sol 90 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol 75 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#slide.com\settings.sol 79 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#v.static.netlog.com\settings.sol 89 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.google.com\settings.sol 86 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.chip.de\settings.sol 81 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.virtualmeonline.de\settings.sol 92 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol 85 Byte
C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 710 Byte
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{058A42BB-F53A-4444-AE2B-ED4ADDDFD942} 5,13KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{1FB75A2C-174A-400A-9AE7-2F52AD1A4C70} 5,29KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{296F6CAF-A3F8-457D-8128-8286D8BA2A96} 5,13KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{2B735D8C-7805-41D5-9F35-DC4E0F6DB855} 5,29KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{35D71F70-A1D2-4C1C-8439-C9CAF0FC5338} 5,29KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{3E827718-8BCC-4003-B095-ABBC846EAF2A} 5,29KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{70799A72-D4F3-4E63-A822-643DBEA4B02C} 5,29KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{77516064-7E97-490A-BF0B-BB16856E2B1C} 5,29KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{7B1763F5-FBAC-420D-A9C0-3C11B3AEADA9} 5,29KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{80DF1F02-50D8-41A2-B4B9-50E6E0F4D51B} 5,13KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{A0E03852-F843-4B5F-BE3A-ADB2FFF0B047} 5,29KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{ABEE70C8-41AD-453D-A2E9-C886793E0C23} 5,29KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{C5D81A2B-AA6E-4ED3-BCF8-9E3F0AE4A8B8} 5,29KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{DDD5B237-2F79-408D-B164-0D6909D17F4F} 5,13KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{F6A1A6A2-2C55-4523-8B63-098DCD2AC2E2} 5,29KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{F8115BBD-86F0-4634-B4B2-E4BD217F1A32} 5,29KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{16177574-7E15-4D6E-8F4B-65E0AC8BF6FC} 5,61KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{56813CE8-95FF-452A-BD81-EF5575F5F3A1} 6,17KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{692B01F9-6AF8-4534-B8D3-C871D04EE94B} 5,42KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{76A62E72-26D6-408B-A275-AB6A6A9D524D} 6,01KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8B45C90D-364F-4891-94FC-4A3D0EEECD1C} 5,41KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A5D2E7D3-E728-469C-B647-2B2CEFBFC81F} 5,94KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AAD5F6DF-D0AC-43BB-9330-D4522794366B} 5,42KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AF252EEA-B7F4-43C9-B63A-44E777994571} 5,42KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BFC8D525-85BD-49C2-8459-DE7F66ACC987} 5,70KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ED301F79-C25F-40F9-8BAE-721B4543A251} 5,45KB
------------------------------------------------------------------------------------------

#4 Erstelle noch ein HiJackThis und Combofix Log:
http://board.protecus.de/t23187.htm

Combofix
http://virus-protect.org/artikel/tools/combofix.html


Gruss Swiss

#5 ComboFix 08-04-24.1 - Shinay 2008-04-26 12:43:48.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.976 [GMT 2:00]
ausgeführt von:: C:\Users\Shinay\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\x64

.
((((((((((((((((((((((( Dateien erstellt von 2008-03-26 bis 2008-04-26 ))))))))))))))))))))))))))))))
.

2008-04-25 21:53 . 2008-04-25 21:53 <DIR> d-------- C:\Program Files\CCleaner
2008-04-10 07:44 . 2008-04-10 07:44 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-10 07:44 . 2008-04-10 07:44 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-10 07:44 . 2008-04-10 07:44 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-10 07:44 . 2008-04-10 07:44 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-10 07:44 . 2008-04-10 07:44 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-10 07:44 . 2008-04-10 07:44 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-10 07:44 . 2008-04-10 07:44 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-10 07:44 . 2008-04-10 07:44 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-10 07:44 . 2008-04-10 07:44 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-10 07:42 . 2008-04-10 07:42 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-10 07:41 . 2008-04-10 07:41 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-10 07:39 . 2008-04-10 07:39 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-10 07:39 . 2008-04-10 07:39 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-07 22:30 . 2008-04-07 22:31 196 --a------ C:\Windows\ulead32.ini
2008-04-07 22:28 . 2008-04-07 22:28 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-07 22:27 . 2008-04-07 22:28 <DIR> d-------- C:\Users\All Users\Ulead Systems
2008-04-07 22:27 . 2008-04-07 22:28 <DIR> d-------- C:\ProgramData\Ulead Systems
2008-04-07 22:27 . 2008-04-07 22:27 <DIR> d-------- C:\Program Files\Ulead Systems
2008-04-06 22:10 . 2008-04-06 22:10 <DIR> d-------- C:\Program Files\Invisible Browsing
2008-04-06 22:10 . 2008-04-06 22:10 68 --a------ C:\Windows\MyProg.ini
2008-03-29 10:34 . 2008-03-29 10:34 <DIR> d-------- C:\Users\Administrator\Videos
2008-03-29 10:34 . 2008-03-29 10:34 <DIR> d-------- C:\Users\Administrator
2008-03-29 10:30 . 2008-03-29 10:30 <DIR> d-------- C:\Users\Shinay\AppData\Roaming\DivX
2008-03-28 20:24 . 2008-03-28 20:24 <DIR> d-------- C:\Program Files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 16:30 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-19 17:03 --------- d-----w C:\ProgramData\Sony Corporation
2008-04-18 12:44 --------- d-----w C:\Program Files\ICQ6
2008-04-10 05:54 --------- d-----w C:\Program Files\Windows Mail
2008-04-10 05:37 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-10 05:37 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-10 05:37 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-10 05:37 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-08 19:25 --------- d-----w C:\Users\Shinay\AppData\Roaming\Sony Corporation
2008-04-08 19:25 --------- d-----w C:\ProgramData\Symantec
2008-04-07 20:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 20:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-04 15:08 --------- d-----w C:\Program Files\Java
2008-04-03 04:28 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-29 08:34 --------- d-----w C:\Program Files\DivX
2008-03-26 20:26 --------- d-----w C:\ProgramData\WLInstaller
2008-03-22 11:20 --------- d-----w C:\Users\Shinay\AppData\Roaming\ICQ
2008-03-21 13:01 15,309 ----a-w C:\Windows\System32\KBDIUMAT.DLL
2008-03-19 22:12 921,632 ----a-w C:\PA7302.DAT
2008-03-13 16:24 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-13 16:24 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-10 15:50 --------- d-----w C:\Program Files\Common Files\PAC7302
2008-03-10 15:47 --------- d-----w C:\Program Files\KYE
2008-03-10 15:46 --------- d-----w C:\Users\Shinay\AppData\Roaming\InstallShield
2008-03-06 22:13 --------- d-----w C:\Program Files\Norton 360
2008-03-06 20:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-03-06 09:58 --------- d-----w C:\ProgramData\Messenger Plus!
2008-03-06 08:44 174 --sha-w C:\Program Files\desktop.ini
2008-03-06 08:38 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-06 08:38 --------- d-----w C:\Program Files\Windows Calendar
2008-03-06 02:19 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-06 02:19 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-06 02:19 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-06 02:19 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-06 02:19 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-06 02:19 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-06 02:19 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-06 02:19 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-03-06 02:19 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-06 02:19 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-06 02:19 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-03-06 02:19 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-06 02:19 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-03-06 02:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-06 02:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-06 02:13 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-06 02:13 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-06 02:13 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-06 02:13 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-06 02:12 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-06 02:12 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-06 02:12 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-06 02:12 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-03-06 02:12 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-06 02:12 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-06 02:12 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-06 02:12 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-03-06 02:12 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-06 02:12 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-06 02:12 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-06 02:11 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-06 02:11 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-06 02:11 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-06 02:11 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-06 02:11 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-06 02:10 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-06 02:10 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-06 02:10 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-03-06 02:10 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-06 02:10 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-06 02:10 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-06 02:09 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-03-06 02:09 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-03-06 02:09 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-03-06 02:09 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-03-06 02:07 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-06 02:06 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-06 02:06 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-06 02:06 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-06 02:06 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-06 02:06 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-06 02:04 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-06 02:02 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-06 02:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-06 00:36 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-06 00:36 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-06 00:36 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-06 00:36 --------- d-----w C:\Program Files\Symantec
2008-03-05 14:01 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 14:01 --------- d-----w C:\Program Files\Windows Live
2008-03-05 13:36 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-05 13:36 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-05 13:36 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-05 13:36 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-03-05 13:35 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-05 13:35 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-05 13:35 33,624 ----a-w C:\Windows\System32\wups.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9469492E-DFF9-4D9B-8267-25ABBD579E4E}]
2008-03-21 15:01 15309 --a------ C:\Windows\system32\KBDIUMAT.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe" [2007-06-29 14:38 258048]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [ ]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-03 15:24 1006264]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-30 03:07 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-30 03:06 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-30 03:07 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 02:39 4489216 C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 02:12 118784]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 18:27 317560]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-06 10:06 1831424]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2007-02-13 18:57 2020968]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-16 23:09 115816]
"snpstd"="C:\Windows\vsnpstd.exe" [ ]
"PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 12:01 319488]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"InvisibleBrowsing"="C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe" [2007-09-30 16:36 8454144]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 19:22 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-07-24 19:26 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F1593094-AD4C-4CE4-B4B7-AEA744C3E4DE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F73A1C7B-C154-4851-8E5A-25FD8E0AED4D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{97F9A59A-745C-4987-8417-D5312C694D4B}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{ECD9D5EB-C038-4852-AD61-E4273E6E9191}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{0DD8883B-C9FB-480F-8E87-DD472F08192D}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{E337DE85-2E92-48FE-8F67-D6B8D9DCDFBE}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{48667EAA-3E5D-4103-8230-CBEB590982E7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080425.001\IDSvix86.sys [2008-02-14 03:39]
R2 IBService;IBService;C:\Program Files\Invisible Browsing\servers\IBService.exe [2007-01-09 15:38]
R2 NSUService;NSUService;"C:\Program Files\Sony\Network Utility\NSUService.exe" [2007-06-29 14:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-08 02:01]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-30 03:06]
R3 PAC7302;Eye 312;C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-04-30 14:26]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-07-16 23:09]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 02:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-25 02:23]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-15 02:28]
S3 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2007-02-13 18:57]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 17:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 16:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-05 20:12]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-05 18:43]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 12:46:18
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-04-26 12:47:03
ComboFix-quarantined-files.txt 2008-04-26 10:46:55

8 Verzeichnis(se), 141,245,526,016 Bytes frei
17 Verzeichnis(se), 142,193,180,672 Bytes frei

228 --- E O F --- 2008-04-25 15:54:29




so ich mach dann noch das andere


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:33, on 26.04.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {9469492E-DFF9-4D9B-8267-25ABBD579E4E} - C:\Windows\system32\KBDIUMAT.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [InvisibleBrowsing] C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBService - Unknown owner - C:\Program Files\Invisible Browsing\servers\IBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11100 bytes

#6 Hallo sugagirl

mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
der als zu "fixen" (löschen) empfohlen wurde) - keine anderen !!
und wähle fix checked. + starte den Rechner neu.

Zitat

O2 - BHO: (no name) - {9469492E-DFF9-4D9B-8267-25ABBD579E4E} - C:\Windows\system32\KBDIUMAT.DLL

------------------------------------------------------------------

«
Virustotal http://www.virustotal.com/flash/index_en.html

C:\Windows\System32\KBDIUMAT.DLL

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> HIER kopieren
__________
MfG Sabina

rund um die PC-Sicherheit

#7 wuste net welcher text also




Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.4.25.2 2008.04.25 -
AntiVir 7.8.0.10 2008.04.25 TR/Agent.14427.B
Authentium 4.93.8 2008.04.26 W32/Agent.HFD
Avast 4.8.1169.0 2008.04.25 Win32:Agent-TYG
AVG 7.5.0.516 2008.04.25 Adware Generic3.OE
BitDefender 7.2 2008.04.26 -
CAT-QuickHeal 9.50 2008.04.26 AdWare.Stud.n (Not a Virus)
ClamAV None 2008.04.26 -
DrWeb 4.44.0.09170 2008.04.26 -
eSafe 7.0.15.0 2008.04.21 -
eTrust-Vet 31.3.5736 2008.04.26 -
Ewido 4.0 2008.04.26 -
F-Prot 4.4.2.54 2008.04.25 W32/Agent.HFD
F-Secure 6.70.13260.0 2008.04.26 -
FileAdvisor 1 2008.04.26 -
Fortinet 3.14.0.0 2008.04.26 -
Ikarus T3.1.1.26.0 2008.04.26 not-a-virus:AdWare.Win32.Stud.d
Kaspersky 7.0.0.125 2008.04.26 not-a-virus:AdWare.Win32.Stud.n
McAfee 5282 2008.04.25 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3056 2008.04.26 -
Norman 5.80.02 2008.04.25 W32/Stud.BF
Panda 9.0.0.4 2008.04.26 Suspicious file
Prevx1 V2 2008.04.26 -
Rising 20.41.52.00 2008.04.26 -
Sophos 4.28.0 2008.04.26 Mal/Behav-010
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.26 -
TheHacker 6.2.92.293 2008.04.26 Adware/Stud.n
VBA32 3.12.6.5 2008.04.26 suspected of Trojan-Downloader.Agent.47 (paranoid heuristics)
VirusBuster 4.3.26:9 2008.04.26 -
Webwasher-Gateway 6.6.2 2008.04.26 Trojan.Agent.14427.B
weitere Informationen
File size: 15309 bytes
MD5...: f19aed2167f05e1ba7e075da3852c913
SHA1..: 0949f3aed7c483d8be13f36aaa39125177d73424
SHA256: d6dc1c6c9e72826f54ebabae5f8a01610a9279828927d1239cc34f98f3c0aa3d
SHA512: be5579d9bf7ccc090eb41778da414f4cf9d0c203472c3b0b902170fb29bbbba1
a7e21392f30d68b3b42198beb1f1f21bbb50a15a967e0bdd9d2692c4e2db825e
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10009090
timedatestamp.....: 0x47ac6dc4 (Fri Feb 08 14:57:08 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x6000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x7000 0x3000 0x2400 7.69 c4fd3481a2b404bb29959b68e72f029f
UPX2 0xa000 0x1000 0x400 2.65 cfa7783e26c0a74d865fb216d4d0ab53

( 5 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
> ADVAPI32.dll: RegCloseKey
> urlmon.dll: ObtainUserAgentString
> USER32.dll: CharNextA
> WININET.dll: InternetOpenA

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

packers (Kaspersky): UPX


ACHTUNG: VirusTotal ist ein kostenloser Dienst bereitgestellt von Hispasec Sistemas. Es gibt keine Garantie zur Verfügbarkeit sowie Fortbestehen der Dienstleistung. Obwohl die Erkennungsrate meherer Antivirus-Engines besser ist als nur durch ein Produkt, garantieren die Ergebnisse des Scans nicht die Harmlosigkeit einer Datei. Gegenwärtig gibt es keine Lösung, welche eine Erkennungsrate aller Viren und Malware zu 100% bietet.


hoffe das kann man lesen

#8 Hallo,

lösche die KBDIUMAT.DLL mit undll
http://virus-protect.org/artikel/tools/undll.html

C:\Windows\System32\KBDIUMAT.DLL

--
PC neustarten

««
http://virus-protect.org/artikel/tools/sdfix.html
im Normalmodus
RunThis.bat doppelt klicken

2 reinschreiben: wird Norman geladen - scanne + poste den scanreport
__________
MfG Sabina

rund um die PC-Sicherheit

#9 das kappiere ich jetzt nicht

#10 was kapierst du nicht ?
wie man die dll löscht ?
__________
MfG Sabina

rund um die PC-Sicherheit

#11 Was kappierst du nicht?

1. Du musst das Programm undll (http://virus-protect.org/artikel/tools/undll.html)
installieren.

2. Starte das Programm (auf dem Desktop)
3.« klicke 'Select infected DLL' Button.
4.« In 'Select infected dynamic library' window - kopiere rein:

C:\Windows\System32\KBDIUMAT.DLL <-- markieren und kopieren

Dann folge den Anweisungen

es wird gefragt, ob neugestartet werden soll - klicke: Yes

wenn abgeschlossen - klicke: 'Click here to view log'

Kopiere das Log ab und stelle es hier hinein.

Gruss Swiss

#12 ich habe yes geklickt dann is pc neugestartet wo steht dann click here to view log ?

#13 lass das mit dem Report...ist nicht so wichtig.

««
http://virus-protect.org/artikel/tools/sdfix.html
im Normalmodus
RunThis.bat doppelt klicken

reinschreiben 2 : wird Norman geladen - scanne + poste den scanreport
__________
MfG Sabina

rund um die PC-Sicherheit

#14 ich hab mit norman gescannt und wo finde ich de scanreport ?

#15 er müsste im Ordner von norman - eine txt-Datei (im sdfix-Ordner ? ) sein - wurde denn was gefunden ?
«
poste bitte ein neues Log von Combofix
__________
MfG Sabina

rund um die PC-Sicherheit