KBDIUMAT.DLL - TR/Agent.14427.B - AdWare.Win32.Stud.n |
||
---|---|---|
#0
| ||
24.04.2008, 18:56
...neu hier
Beiträge: 10 |
#1
hab nen problem:auf den meisten links geht i-net browser zu muss ich da was einstellen?. da kommt immer der fehler : windows hat ein problem festgestellt und muss die seite schliessen und es öffnet sich dann wieder die startseite.
|
|
|
||
24.04.2008, 20:53
Ehrenmitglied
Beiträge: 6028 |
||
|
||
25.04.2008, 22:02
...neu hier
Themenstarter Beiträge: 10 |
#3
REINIGUNG komplett - (1.698 Sek)
------------------------------------------------------------------------------------------ 342,6MB entfernt. ------------------------------------------------------------------------------------------ Details der gelöschten Dateien ------------------------------------------------------------------------------------------ IE Temporären Internetdateien (86 Dateien) 2,73MB C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008041320080414\index.dat 32,00KB C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat 1,92MB C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008040720080414\index.dat 64,00KB C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008041420080421\index.dat 0,14MB C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008042120080422\index.dat 48,00KB C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008042220080423\index.dat 48,00KB C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008042320080424\index.dat 64,00KB C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008042420080425\index.dat 48,00KB C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008042520080426\index.dat 48,00KB Zum Löschen markiert: C:\Users\Shinay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Zum Löschen markiert: C:\Users\Shinay\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Zum Löschen markiert: C:\Users\Shinay\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Zum Löschen markiert: C:\Users\Shinay\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Geleerter Papierkorb (4 Dateien) 49,2MB C:\Users\Shinay\AppData\Local\Temp\_is38F3.exe 0,43MB C:\Users\Shinay\AppData\Local\Temp\_is5C4B.exe 0,43MB C:\Users\Shinay\AppData\Local\Temp\_is5CD1.exe 0,43MB C:\Users\Shinay\AppData\Local\Temp\_is6955.exe 0,43MB C:\Users\Shinay\AppData\Local\Temp\_is6F96.exe 0,43MB C:\Users\Shinay\AppData\Local\Temp\_is7ACC.exe 0,43MB C:\Users\Shinay\AppData\Local\Temp\_isC4F.exe 0,43MB C:\Users\Shinay\AppData\Local\Temp\_isD565.exe 0,43MB C:\Users\Shinay\AppData\Local\Temp\{289A7017-BB26-484F-B966-B85F0B47525B}\ISSetup.dll 0,53MB C:\Users\Shinay\AppData\Local\Temp\{289A7017-BB26-484F-B966-B85F0B47525B}\_Setup.dll 0,36MB C:\Users\Shinay\AppData\Local\Temp\{3C6F28D9-79BA-42D9-839F-2CE1F1328082}\ISSetup.dll 0,53MB C:\Users\Shinay\AppData\Local\Temp\{3C6F28D9-79BA-42D9-839F-2CE1F1328082}\_Setup.dll 0,36MB C:\Users\Shinay\AppData\Local\Temp\{45E14F4E-02B8-4ECF-8F5F-0171DD932E19}\ISSetup.dll 0,53MB C:\Users\Shinay\AppData\Local\Temp\{45E14F4E-02B8-4ECF-8F5F-0171DD932E19}\_Setup.dll 0,36MB C:\Users\Shinay\AppData\Local\Temp\{669B5F71-9BD9-4547-AAEA-BB0545C7C40E}\ISSetup.dll 0,53MB C:\Users\Shinay\AppData\Local\Temp\{669B5F71-9BD9-4547-AAEA-BB0545C7C40E}\_Setup.dll 0,36MB C:\Users\Shinay\AppData\Local\Temp\{7295077A-6600-478C-BF5F-336FBC55C3B6}\ISSetup.dll 0,53MB C:\Users\Shinay\AppData\Local\Temp\{7295077A-6600-478C-BF5F-336FBC55C3B6}\_Setup.dll 0,36MB C:\Users\Shinay\AppData\Local\Temp\{A73450C2-5BD5-4C19-9A8E-C8E8E1F0E370}\ISSetup.dll 0,53MB C:\Users\Shinay\AppData\Local\Temp\{A73450C2-5BD5-4C19-9A8E-C8E8E1F0E370}\_Setup.dll 0,36MB C:\Users\Shinay\AppData\Local\Temp\{C45C1FE7-90A3-4C24-92A3-E8AF586B875A}\ISSetup.dll 0,53MB C:\Users\Shinay\AppData\Local\Temp\{C45C1FE7-90A3-4C24-92A3-E8AF586B875A}\_Setup.dll 0,36MB C:\Users\Shinay\AppData\Local\Temp\{DF775342-CF2B-4F69-9481-58D86E454589}\ISSetup.dll 0,53MB C:\Users\Shinay\AppData\Local\Temp\{DF775342-CF2B-4F69-9481-58D86E454589}\_Setup.dll 0,36MB C:\Windows\MEMORY.DMP 259,9MB C:\Windows\MiniDump\Mini030608-01.dmp 0,13MB C:\Windows\MiniDump\Mini032108-01.dmp 0,13MB C:\Windows\MiniDump\Mini040708-01.dmp 0,13MB C:\Windows\system32\wbem\Logs\FrameWork.log 31,93KB C:\Windows\system32\wbem\Logs\wmiprov.log 20,33KB C:\Windows\system32\wbem\Logs\WMITracing.log 16,0MB C:\Windows\system32\wbem\Logs\wmiprov.lo_ 64,08KB C:\Windows\DirectX.log 51,14KB C:\Windows\DPINST.LOG 19,79KB C:\Windows\DtcInstall.log 4,31KB C:\Windows\msxml4-KB936181-enu.LOG 0,25MB C:\Windows\msxml4-KB941833-enu.LOG 0,25MB C:\Windows\PFRO.log 41,58KB C:\Windows\setupact.log 17,84KB C:\Windows\SETUPAPI.LOG 94 Byte C:\Windows\setuperr.log 0 Byte C:\Windows\TSSysprep.log 5,63KB C:\Windows\xpsp1hfm.log 1,45KB C:\Windows\Debug\mrt.log 4,84KB C:\Windows\Debug\mrteng.log 1,70KB C:\Windows\Debug\sammui.log 261 Byte C:\Windows\Debug\UserMode\ChkAcc.log 0 Byte C:\Windows\Debug\UserMode\ChkAcc.bak 0 Byte C:\Windows\security\logs\scesetup.log 0,60MB C:\Windows\security\logs\scecomp.old 660 Byte C:\Users\Shinay\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK 296 Byte C:\Users\Shinay\AppData\Roaming\Microsoft\Office\Recent\Dokument.LNK 531 Byte C:\Users\Shinay\AppData\Roaming\Microsoft\Office\Recent\Dokumente.LNK 398 Byte C:\Users\Shinay\AppData\Roaming\Microsoft\Office\Recent\index.dat 98 Byte C:\Users\Shinay\AppData\Roaming\Microsoft\Office\Recent\nickss.LNK 417 Byte C:\Users\Shinay\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK 698 Byte C:\Users\Shinay\AppData\Roaming\Google\Local Search History\google%2Eimages.w 238 Byte C:\Users\Shinay\AppData\Roaming\Google\Local Search History\google%2Eweb.w 1,50KB C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\ads1.msn.com\spiderwick-ger.sol 54 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\cdn.gigya.com\com.quantserve.sol 73 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\cdn.gigya.com\WildFire\swf\wildfire.swf\gigya_SNAccountsStatus.sol 95 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\cdn.gigya.com\WildFire\swf\wildfire.swf\gigya_tc.sol 67 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\de.video.netlog.com\com.jeroenwijerin.players.sol 65 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\de.youtube.com\soundData.sol 58 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\de.youtube.com\videostats.sol 199 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\flash.quantserve.com\com.quantserve.sol 73 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\fr.youtube.com\soundData.sol 58 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\fr.youtube.com\videostats.sol 161 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\images.soapbox.msn.com\flash\soapbox1_1.swf\CountryCode.sol 58 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\images.soapbox.msn.com\s_br.sol 35 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\images.video.msn.com\res\flash\633390781200000000\soapbox1_1.swf\CountryCode.sol 61 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\skype.com\#ui\preferences.sol 202 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\slide.com\ratings.sol 51 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol 94 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\video.google.com\videostats.sol 199 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.chip.de\ChipVideo_data.sol 82 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.orkut.com\gtalksettings.sol 116 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.virtualmeonline.de\eaMediaPlayer.sol 92 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.youtube.com\soundData.sol 58 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.youtube.com\timeDisplayConfig.sol 81 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GVP00001\www.youtube.com\videostats.sol 199 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ads1.msn.com\settings.sol 82 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.gigya.com\settings.sol 83 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#de.video.netlog.com\settings.sol 89 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#de.youtube.com\settings.sol 84 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\settings.sol 90 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fr.youtube.com\settings.sol 84 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.soapbox.msn.com\settings.sol 92 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.video.msn.com\settings.sol 90 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol 75 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#slide.com\settings.sol 79 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#v.static.netlog.com\settings.sol 89 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.google.com\settings.sol 86 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.chip.de\settings.sol 81 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.virtualmeonline.de\settings.sol 92 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol 85 Byte C:\Users\Shinay\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 710 Byte C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{058A42BB-F53A-4444-AE2B-ED4ADDDFD942} 5,13KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{1FB75A2C-174A-400A-9AE7-2F52AD1A4C70} 5,29KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{296F6CAF-A3F8-457D-8128-8286D8BA2A96} 5,13KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{2B735D8C-7805-41D5-9F35-DC4E0F6DB855} 5,29KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{35D71F70-A1D2-4C1C-8439-C9CAF0FC5338} 5,29KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{3E827718-8BCC-4003-B095-ABBC846EAF2A} 5,29KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{70799A72-D4F3-4E63-A822-643DBEA4B02C} 5,29KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{77516064-7E97-490A-BF0B-BB16856E2B1C} 5,29KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{7B1763F5-FBAC-420D-A9C0-3C11B3AEADA9} 5,29KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{80DF1F02-50D8-41A2-B4B9-50E6E0F4D51B} 5,13KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{A0E03852-F843-4B5F-BE3A-ADB2FFF0B047} 5,29KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{ABEE70C8-41AD-453D-A2E9-C886793E0C23} 5,29KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{C5D81A2B-AA6E-4ED3-BCF8-9E3F0AE4A8B8} 5,29KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{DDD5B237-2F79-408D-B164-0D6909D17F4F} 5,13KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{F6A1A6A2-2C55-4523-8B63-098DCD2AC2E2} 5,29KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{F8115BBD-86F0-4634-B4B2-E4BD217F1A32} 5,29KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{16177574-7E15-4D6E-8F4B-65E0AC8BF6FC} 5,61KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{56813CE8-95FF-452A-BD81-EF5575F5F3A1} 6,17KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{692B01F9-6AF8-4534-B8D3-C871D04EE94B} 5,42KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{76A62E72-26D6-408B-A275-AB6A6A9D524D} 6,01KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8B45C90D-364F-4891-94FC-4A3D0EEECD1C} 5,41KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A5D2E7D3-E728-469C-B647-2B2CEFBFC81F} 5,94KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AAD5F6DF-D0AC-43BB-9330-D4522794366B} 5,42KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AF252EEA-B7F4-43C9-B63A-44E777994571} 5,42KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BFC8D525-85BD-49C2-8459-DE7F66ACC987} 5,70KB C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ED301F79-C25F-40F9-8BAE-721B4543A251} 5,45KB ------------------------------------------------------------------------------------------ |
|
|
||
25.04.2008, 22:24
Moderator
Beiträge: 5694 |
#4
Erstelle noch ein HiJackThis und Combofix Log:
http://board.protecus.de/t23187.htm Combofix http://virus-protect.org/artikel/tools/combofix.html Gruss Swiss |
|
|
||
26.04.2008, 12:50
...neu hier
Themenstarter Beiträge: 10 |
#5
ComboFix 08-04-24.1 - Shinay 2008-04-26 12:43:48.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.976 [GMT 2:00] ausgeführt von:: C:\Users\Shinay\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\x64 . ((((((((((((((((((((((( Dateien erstellt von 2008-03-26 bis 2008-04-26 )))))))))))))))))))))))))))))) . 2008-04-25 21:53 . 2008-04-25 21:53 <DIR> d-------- C:\Program Files\CCleaner 2008-04-10 07:44 . 2008-04-10 07:44 944,184 --a------ C:\Windows\System32\winload.exe 2008-04-10 07:44 . 2008-04-10 07:44 620,088 --a------ C:\Windows\System32\ci.dll 2008-04-10 07:44 . 2008-04-10 07:44 371,712 --a------ C:\Windows\System32\srcore.dll 2008-04-10 07:44 . 2008-04-10 07:44 313,856 --a------ C:\Windows\System32\rstrui.exe 2008-04-10 07:44 . 2008-04-10 07:44 40,960 --a------ C:\Windows\System32\srclient.dll 2008-04-10 07:44 . 2008-04-10 07:44 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-04-10 07:44 . 2008-04-10 07:44 16,384 --a------ C:\Windows\System32\srdelayed.exe 2008-04-10 07:44 . 2008-04-10 07:44 7,168 --a------ C:\Windows\System32\f3ahvoas.dll 2008-04-10 07:44 . 2008-04-10 07:44 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-04-10 07:42 . 2008-04-10 07:42 2,027,008 --a------ C:\Windows\System32\win32k.sys 2008-04-10 07:41 . 2008-04-10 07:41 296,448 --a------ C:\Windows\System32\gdi32.dll 2008-04-10 07:39 . 2008-04-10 07:39 83,968 --a------ C:\Windows\System32\dnsrslvr.dll 2008-04-10 07:39 . 2008-04-10 07:39 24,576 --a------ C:\Windows\System32\dnscacheugc.exe 2008-04-07 22:30 . 2008-04-07 22:31 196 --a------ C:\Windows\ulead32.ini 2008-04-07 22:28 . 2008-04-07 22:28 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems 2008-04-07 22:27 . 2008-04-07 22:28 <DIR> d-------- C:\Users\All Users\Ulead Systems 2008-04-07 22:27 . 2008-04-07 22:28 <DIR> d-------- C:\ProgramData\Ulead Systems 2008-04-07 22:27 . 2008-04-07 22:27 <DIR> d-------- C:\Program Files\Ulead Systems 2008-04-06 22:10 . 2008-04-06 22:10 <DIR> d-------- C:\Program Files\Invisible Browsing 2008-04-06 22:10 . 2008-04-06 22:10 68 --a------ C:\Windows\MyProg.ini 2008-03-29 10:34 . 2008-03-29 10:34 <DIR> d-------- C:\Users\Administrator\Videos 2008-03-29 10:34 . 2008-03-29 10:34 <DIR> d-------- C:\Users\Administrator 2008-03-29 10:30 . 2008-03-29 10:30 <DIR> d-------- C:\Users\Shinay\AppData\Roaming\DivX 2008-03-28 20:24 . 2008-03-28 20:24 <DIR> d-------- C:\Program Files\Common Files\Adobe . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-22 16:30 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-19 17:03 --------- d-----w C:\ProgramData\Sony Corporation 2008-04-18 12:44 --------- d-----w C:\Program Files\ICQ6 2008-04-10 05:54 --------- d-----w C:\Program Files\Windows Mail 2008-04-10 05:37 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-04-10 05:37 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-10 05:37 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-10 05:37 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-04-08 19:25 --------- d-----w C:\Users\Shinay\AppData\Roaming\Sony Corporation 2008-04-08 19:25 --------- d-----w C:\ProgramData\Symantec 2008-04-07 20:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-07 20:28 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-04 15:08 --------- d-----w C:\Program Files\Java 2008-04-03 04:28 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-03-29 08:34 --------- d-----w C:\Program Files\DivX 2008-03-26 20:26 --------- d-----w C:\ProgramData\WLInstaller 2008-03-22 11:20 --------- d-----w C:\Users\Shinay\AppData\Roaming\ICQ 2008-03-21 13:01 15,309 ----a-w C:\Windows\System32\KBDIUMAT.DLL 2008-03-19 22:12 921,632 ----a-w C:\PA7302.DAT 2008-03-13 16:24 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys 2008-03-13 16:24 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-03-10 15:50 --------- d-----w C:\Program Files\Common Files\PAC7302 2008-03-10 15:47 --------- d-----w C:\Program Files\KYE 2008-03-10 15:46 --------- d-----w C:\Users\Shinay\AppData\Roaming\InstallShield 2008-03-06 22:13 --------- d-----w C:\Program Files\Norton 360 2008-03-06 20:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat 2008-03-06 09:58 --------- d-----w C:\ProgramData\Messenger Plus! 2008-03-06 08:44 174 --sha-w C:\Program Files\desktop.ini 2008-03-06 08:38 --------- d-----w C:\Program Files\Windows Sidebar 2008-03-06 08:38 --------- d-----w C:\Program Files\Windows Calendar 2008-03-06 02:19 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2008-03-06 02:19 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2008-03-06 02:19 542,720 ----a-w C:\Windows\System32\sysmain.dll 2008-03-06 02:19 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2008-03-06 02:19 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2008-03-06 02:19 297,984 ----a-w C:\Windows\System32\wlansec.dll 2008-03-06 02:19 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2008-03-06 02:19 28,344 ----a-w C:\Windows\system32\drivers\battc.sys 2008-03-06 02:19 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys 2008-03-06 02:19 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2008-03-06 02:19 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys 2008-03-06 02:19 2,923,520 ----a-w C:\Windows\explorer.exe 2008-03-06 02:19 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys 2008-03-06 02:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-03-06 02:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-03-06 02:13 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2008-03-06 02:13 7,680 ----a-w C:\Windows\System32\spwmp.dll 2008-03-06 02:13 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2008-03-06 02:13 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll 2008-03-06 02:12 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-03-06 02:12 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-03-06 02:12 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-03-06 02:12 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys 2008-03-06 02:12 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-03-06 02:12 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-03-06 02:12 2,048 ----a-w C:\Windows\System32\msxml3r.dll 2008-03-06 02:12 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-03-06 02:12 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-03-06 02:12 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-03-06 02:12 1,191,936 ----a-w C:\Windows\System32\msxml3.dll 2008-03-06 02:11 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-03-06 02:11 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-03-06 02:11 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-03-06 02:11 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-03-06 02:11 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-03-06 02:10 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-03-06 02:10 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2008-03-06 02:10 2,048 ----a-w C:\Windows\System32\msxml6r.dll 2008-03-06 02:10 2,048 ----a-w C:\Windows\System32\asferror.dll 2008-03-06 02:10 1,335,296 ----a-w C:\Windows\System32\msxml6.dll 2008-03-06 02:10 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-03-06 02:09 61,440 ----a-w C:\Windows\System32\ntprint.exe 2008-03-06 02:09 269,824 ----a-w C:\Windows\System32\schannel.dll 2008-03-06 02:09 220,160 ----a-w C:\Windows\System32\ntprint.dll 2008-03-06 02:09 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll 2008-03-06 02:07 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-03-06 02:06 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2008-03-06 02:06 788,992 ----a-w C:\Windows\System32\rpcrt4.dll 2008-03-06 02:06 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2008-03-06 02:06 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2008-03-06 02:06 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2008-03-06 02:04 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-03-06 02:02 750,080 ----a-w C:\Windows\System32\qmgr.dll 2008-03-06 02:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-03-06 00:36 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-03-06 00:36 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-03-06 00:36 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-03-06 00:36 --------- d-----w C:\Program Files\Symantec 2008-03-05 14:01 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-05 14:01 --------- d-----w C:\Program Files\Windows Live 2008-03-05 13:36 53,080 ----a-w C:\Windows\System32\wuauclt.exe 2008-03-05 13:36 43,352 ----a-w C:\Windows\System32\wups2.dll 2008-03-05 13:36 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll 2008-03-05 13:36 1,524,224 ----a-w C:\Windows\System32\wucltux.dll 2008-03-05 13:35 80,896 ----a-w C:\Windows\System32\wudriver.dll 2008-03-05 13:35 549,720 ----a-w C:\Windows\System32\wuapi.dll 2008-03-05 13:35 33,624 ----a-w C:\Windows\System32\wups.dll . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9469492E-DFF9-4D9B-8267-25ABBD579E4E}] 2008-03-21 15:01 15309 --a------ C:\Windows\system32\KBDIUMAT.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe" [2007-06-29 14:38 258048] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [ ] "ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-03 15:24 1006264] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-30 03:07 137752] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-30 03:06 154136] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-30 03:07 133656] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 02:39 4489216 C:\Windows\RtHDVCpl.exe] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 02:12 118784] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 18:27 317560] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-06 10:06 1831424] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2007-02-13 18:57 2020968] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-16 23:09 115816] "snpstd"="C:\Windows\vsnpstd.exe" [ ] "PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 12:01 319488] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "InvisibleBrowsing"="C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe" [2007-09-30 16:36 8454144] "Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 19:22 90112] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2007-07-24 19:26 98304 C:\Windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F1593094-AD4C-4CE4-B4B7-AEA744C3E4DE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F73A1C7B-C154-4851-8E5A-25FD8E0AED4D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{97F9A59A-745C-4987-8417-D5312C694D4B}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk "{ECD9D5EB-C038-4852-AD61-E4273E6E9191}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk "{0DD8883B-C9FB-480F-8E87-DD472F08192D}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{E337DE85-2E92-48FE-8F67-D6B8D9DCDFBE}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{48667EAA-3E5D-4103-8230-CBEB590982E7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080425.001\IDSvix86.sys [2008-02-14 03:39] R2 IBService;IBService;C:\Program Files\Invisible Browsing\servers\IBService.exe [2007-01-09 15:38] R2 NSUService;NSUService;"C:\Program Files\Sony\Network Utility\NSUService.exe" [2007-06-29 14:38] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-08 02:01] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-30 03:06] R3 PAC7302;Eye 312;C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-04-30 14:26] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-07-16 23:09] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 02:00] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-25 02:23] S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-15 02:28] S3 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2007-02-13 18:57] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 17:51] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 16:34] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-05 20:12] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-05 18:43] *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-26 12:46:18 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-04-26 12:47:03 ComboFix-quarantined-files.txt 2008-04-26 10:46:55 8 Verzeichnis(se), 141,245,526,016 Bytes frei 17 Verzeichnis(se), 142,193,180,672 Bytes frei 228 --- E O F --- 2008-04-25 15:54:29 so ich mach dann noch das andere Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:02:33, on 26.04.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\mobsync.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Windows\PixArt\PAC7302\Monitor.exe C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe C:\Program Files\Sony\Network Utility\LANUtil.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ICQ6\ICQ.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {9469492E-DFF9-4D9B-8267-25ABBD579E4E} - C:\Windows\system32\KBDIUMAT.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [InvisibleBrowsing] C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IBService - Unknown owner - C:\Program Files\Invisible Browsing\servers\IBService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11100 bytes Dieser Beitrag wurde am 26.04.2008 um 13:03 Uhr von sugagirl editiert.
|
|
|
||
26.04.2008, 13:26
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo sugagirl
mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag der als zu "fixen" (löschen) empfohlen wurde) - keine anderen !! und wähle fix checked. + starte den Rechner neu. Zitat O2 - BHO: (no name) - {9469492E-DFF9-4D9B-8267-25ABBD579E4E} - C:\Windows\system32\KBDIUMAT.DLL------------------------------------------------------------------ « Virustotal http://www.virustotal.com/flash/index_en.html C:\Windows\System32\KBDIUMAT.DLL Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> HIER kopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.04.2008, 16:20
...neu hier
Themenstarter Beiträge: 10 |
#7
wuste net welcher text also
Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.4.25.2 2008.04.25 - AntiVir 7.8.0.10 2008.04.25 TR/Agent.14427.B Authentium 4.93.8 2008.04.26 W32/Agent.HFD Avast 4.8.1169.0 2008.04.25 Win32:Agent-TYG AVG 7.5.0.516 2008.04.25 Adware Generic3.OE BitDefender 7.2 2008.04.26 - CAT-QuickHeal 9.50 2008.04.26 AdWare.Stud.n (Not a Virus) ClamAV None 2008.04.26 - DrWeb 4.44.0.09170 2008.04.26 - eSafe 7.0.15.0 2008.04.21 - eTrust-Vet 31.3.5736 2008.04.26 - Ewido 4.0 2008.04.26 - F-Prot 4.4.2.54 2008.04.25 W32/Agent.HFD F-Secure 6.70.13260.0 2008.04.26 - FileAdvisor 1 2008.04.26 - Fortinet 3.14.0.0 2008.04.26 - Ikarus T3.1.1.26.0 2008.04.26 not-a-virus:AdWare.Win32.Stud.d Kaspersky 7.0.0.125 2008.04.26 not-a-virus:AdWare.Win32.Stud.n McAfee 5282 2008.04.25 - Microsoft 1.3408 2008.04.22 - NOD32v2 3056 2008.04.26 - Norman 5.80.02 2008.04.25 W32/Stud.BF Panda 9.0.0.4 2008.04.26 Suspicious file Prevx1 V2 2008.04.26 - Rising 20.41.52.00 2008.04.26 - Sophos 4.28.0 2008.04.26 Mal/Behav-010 Sunbelt 3.0.1056.0 2008.04.17 - Symantec 10 2008.04.26 - TheHacker 6.2.92.293 2008.04.26 Adware/Stud.n VBA32 3.12.6.5 2008.04.26 suspected of Trojan-Downloader.Agent.47 (paranoid heuristics) VirusBuster 4.3.26:9 2008.04.26 - Webwasher-Gateway 6.6.2 2008.04.26 Trojan.Agent.14427.B weitere Informationen File size: 15309 bytes MD5...: f19aed2167f05e1ba7e075da3852c913 SHA1..: 0949f3aed7c483d8be13f36aaa39125177d73424 SHA256: d6dc1c6c9e72826f54ebabae5f8a01610a9279828927d1239cc34f98f3c0aa3d SHA512: be5579d9bf7ccc090eb41778da414f4cf9d0c203472c3b0b902170fb29bbbba1 a7e21392f30d68b3b42198beb1f1f21bbb50a15a967e0bdd9d2692c4e2db825e PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10009090 timedatestamp.....: 0x47ac6dc4 (Fri Feb 08 14:57:08 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x6000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x7000 0x3000 0x2400 7.69 c4fd3481a2b404bb29959b68e72f029f UPX2 0xa000 0x1000 0x400 2.65 cfa7783e26c0a74d865fb216d4d0ab53 ( 5 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree > ADVAPI32.dll: RegCloseKey > urlmon.dll: ObtainUserAgentString > USER32.dll: CharNextA > WININET.dll: InternetOpenA ( 4 exports ) DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer packers (Kaspersky): UPX ACHTUNG: VirusTotal ist ein kostenloser Dienst bereitgestellt von Hispasec Sistemas. Es gibt keine Garantie zur Verfügbarkeit sowie Fortbestehen der Dienstleistung. Obwohl die Erkennungsrate meherer Antivirus-Engines besser ist als nur durch ein Produkt, garantieren die Ergebnisse des Scans nicht die Harmlosigkeit einer Datei. Gegenwärtig gibt es keine Lösung, welche eine Erkennungsrate aller Viren und Malware zu 100% bietet. hoffe das kann man lesen |
|
|
||
26.04.2008, 16:24
Ehrenmitglied
Beiträge: 29434 |
#8
Hallo,
lösche die KBDIUMAT.DLL mit undll http://virus-protect.org/artikel/tools/undll.html C:\Windows\System32\KBDIUMAT.DLL -- PC neustarten «« http://virus-protect.org/artikel/tools/sdfix.html im Normalmodus RunThis.bat doppelt klicken 2 reinschreiben: wird Norman geladen - scanne + poste den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.04.2008, 16:43
...neu hier
Themenstarter Beiträge: 10 |
#9
das kappiere ich jetzt nicht
|
|
|
||
26.04.2008, 17:30
Ehrenmitglied
Beiträge: 29434 |
||
|
||
26.04.2008, 17:34
Moderator
Beiträge: 5694 |
#11
Was kappierst du nicht?
1. Du musst das Programm undll (http://virus-protect.org/artikel/tools/undll.html) installieren. 2. Starte das Programm (auf dem Desktop) 3.« klicke 'Select infected DLL' Button. 4.« In 'Select infected dynamic library' window - kopiere rein: C:\Windows\System32\KBDIUMAT.DLL <-- markieren und kopieren Dann folge den Anweisungen es wird gefragt, ob neugestartet werden soll - klicke: Yes wenn abgeschlossen - klicke: 'Click here to view log' Kopiere das Log ab und stelle es hier hinein. Gruss Swiss |
|
|
||
27.04.2008, 12:26
...neu hier
Themenstarter Beiträge: 10 |
#12
ich habe yes geklickt dann is pc neugestartet wo steht dann click here to view log ?
|
|
|
||
27.04.2008, 14:40
Ehrenmitglied
Beiträge: 29434 |
#13
lass das mit dem Report...ist nicht so wichtig.
«« http://virus-protect.org/artikel/tools/sdfix.html im Normalmodus RunThis.bat doppelt klicken reinschreiben 2 : wird Norman geladen - scanne + poste den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.04.2008, 16:06
...neu hier
Themenstarter Beiträge: 10 |
#14
ich hab mit norman gescannt und wo finde ich de scanreport ?
|
|
|
||
27.04.2008, 16:44
Ehrenmitglied
Beiträge: 29434 |
#15
er müsste im Ordner von norman - eine txt-Datei (im sdfix-Ordner ? ) sein - wurde denn was gefunden ?
« poste bitte ein neues Log von Combofix __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||