PDA

View Full Version : virtumonde - trojan from hell



SebastianK
2008-05-28, 18:19
Hello guys :)

My english isn't good at all ... so excuse me ;)

My computer is infected with the virtumonde trojan too...
Spybot S&D want to fix this, but after every restart (and a new scan) its still there...Google and other searchengines dont "run" at all -.-"

Here is my HJT Log:
############################################################


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:14, on 28.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Sony\VAIO Power Management\SPMgr.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe
C:\Programme\UberIcon\UberIcon Manager.exe
C:\Programme\YzShadow\YzShadow.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Apoint\Apvfb.exe
C:\Programme\WinRoll\winroll.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8CBBF35D-B50F-4B0D-AF4F-6E1A1FCAD46E} - C:\WINDOWS\system32\cbXoomJA.dll (file missing)
O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - C:\WINDOWS\system32\hggfcCuV.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Program Files\FindeXer.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programme\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\ndqhqepr.dll",b
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BM5796bdc3] Rundll32.exe "C:\WINDOWS\system32\wykkongp.dll",s
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [UberIcon] "C:\Programme\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Programme\Sony\VAIO Information FLOW\aiesc.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: hggfcCuV - hggfcCuV.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 10835 bytes



#######################################################
Please help me please!!! Im going crazy...

Thanks, Sebastian

Rorschach112
2008-05-28, 19:26
Hello

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.




Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

SebastianK
2008-05-28, 20:40
Damn! I forgot to install the Recovery Console...but ComboFix finished his scan...
Is it necessary to install it? or can i go on awith the Kaspersky WebScanner?

Rorschach112
2008-05-28, 21:18
Go on with Kaspersky

SebastianK
2008-05-28, 23:03
DONE!
Here are the 3 Logs:

The new HJT-Log:
##############################################

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:44, on 28.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Sony\VAIO Power Management\SPMgr.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Apoint\Apoint.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\Apoint\Apvfb.exe
C:\Programme\UberIcon\UberIcon Manager.exe
C:\Programme\YzShadow\YzShadow.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\WinRoll\winroll.exe
C:\WINDOWS\explorer.exe
C:\Programme\Pidgin\pidgin.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8CBBF35D-B50F-4B0D-AF4F-6E1A1FCAD46E} - C:\WINDOWS\system32\cbXoomJA.dll (file missing)
O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - C:\WINDOWS\system32\hggfcCuV.dll (file missing)
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Program Files\FindeXer.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programme\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [UberIcon] "C:\Programme\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Programme\Sony\VAIO Information FLOW\aiesc.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: hggfcCuV - hggfcCuV.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 10482 bytes


##################################################

The ComboFix Log:

##################################################
ComboFix 08-05-27.4 - Gh0st K!llA 2008-05-28 18:49:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.254 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Gh0st K!llA\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\RECYCLER\desktop.ini
C:\RECYCLER\desktop_91699560.ico
C:\WINDOWS\BM5796bdc3.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AJmooXbc.ini
C:\WINDOWS\system32\AJmooXbc.ini2
C:\WINDOWS\system32\echhhnfc.ini
C:\WINDOWS\system32\ixjeilms.exe
C:\WINDOWS\system32\jdeqmshn.exe
C:\WINDOWS\system32\kybfsciw.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdrctgff.exe
C:\WINDOWS\system32\ndqhqepr.dll
C:\WINDOWS\system32\rpeqhqdn.ini
C:\WINDOWS\system32\usanfyfv.dll
C:\WINDOWS\system32\uwcvjoct.exe
C:\WINDOWS\system32\vfyfnasu.ini
C:\WINDOWS\system32\wicsfbyk.dll
C:\WINDOWS\system32\wykkongp.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-04-28 bis 2008-05-28 ))))))))))))))))))))))))))))))
.

2008-05-28 17:00 . 2008-05-28 17:00 <DIR> d-------- C:\Programme\Trend Micro
2008-05-27 22:00 . 2008-05-28 15:57 9,728 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-05-26 21:07 . 2008-05-26 21:08 <DIR> d-------- C:\Programme\Spybot - Search & Destroy
2008-05-26 21:07 . 2008-05-26 21:35 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-05-24 18:46 . 2008-05-24 18:46 <DIR> d-------- C:\Programme\3RVX
2008-05-24 00:16 . 2008-05-24 00:16 <DIR> d-------- C:\Programme\Microsoft.NET
2008-05-24 00:08 . 2008-05-24 00:33 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-05-24 00:05 . 2008-05-24 00:05 <DIR> dr-h----- C:\MSOCache
2008-05-23 21:12 . 2008-05-23 21:12 <DIR> d-------- C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Styler
2008-05-23 21:12 . 2005-07-16 02:40 159,744 --a------ C:\WINDOWS\system\unrar.dll
2008-05-23 14:26 . 2008-05-23 14:26 <DIR> d-------- C:\Programme\YzShadow
2008-05-23 14:26 . 2008-05-23 14:26 <DIR> d-------- C:\Programme\WinRoll
2008-05-23 14:26 . 2008-05-23 14:26 <DIR> d-------- C:\Programme\UberIcon
2008-05-23 14:26 . 2008-05-23 14:26 <DIR> d-------- C:\Programme\RK Launcher
2008-05-23 14:26 . 2008-05-23 14:26 <DIR> d-------- C:\Programme\ObjectDock
2008-05-23 14:22 . 2008-05-28 18:58 <DIR> d--h----- C:\WINDOWS\FlyakiteOSX
2008-05-23 14:22 . 2004-08-10 14:00 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-05-22 20:59 . 2008-05-22 20:59 <DIR> d-------- C:\Programme\MonoCalendar
2008-05-21 18:10 . 2008-05-23 19:50 10,752 --ahs---- C:\Dokumente und Einstellungen\Thumbs.db
2008-05-21 18:06 . 2008-05-27 21:59 23,040 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-21 18:00 . 2004-04-14 03:50 77,214 --a------ C:\WINDOWS\desktop_32359849.ico
2008-05-21 15:28 . 2008-05-21 15:28 148 --a------ C:\WINDOWS\Eudcedit.ini
2008-05-20 18:22 . 2008-05-20 18:22 <DIR> d-------- C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\ESTsoft
2008-05-20 18:22 . 2008-05-20 18:54 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESTsoft
2008-05-20 17:58 . 2008-05-20 17:58 <DIR> d-------- C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\NCH Software
2008-05-20 17:58 . 2008-05-20 17:58 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Software
2008-05-19 22:20 . 2008-05-19 22:20 2,279,936 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-05-19 19:57 . 2008-05-28 18:25 <DIR> d-------- C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\gtk-2.0
2008-05-19 19:55 . 2008-05-28 18:52 <DIR> d-------- C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\.purple
2008-05-19 19:54 . 2008-05-19 19:55 <DIR> d-------- C:\Programme\Aspell
2008-05-19 19:53 . 2008-05-19 19:55 <DIR> d-------- C:\Programme\Pidgin
2008-05-19 19:52 . 2008-05-19 19:52 <DIR> d-------- C:\Programme\Gemeinsame Dateien\GTK
2008-05-19 18:34 . 2004-04-14 03:50 6,838 --a------ C:\Dokumente und Einstellungen\desktop_4304778.ico
2008-05-19 18:34 . 2008-05-23 19:50 110 ---hs---- C:\Dokumente und Einstellungen\desktop.ini
2008-05-18 19:02 . 2008-05-18 19:03 <DIR> d-------- C:\Programme\TuneUp Utilities 2008
2008-05-18 19:02 . 2008-05-18 19:02 <DIR> d-------- C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\TuneUp Software
2008-05-18 19:02 . 2008-05-18 19:02 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2008-05-18 19:02 . 2008-05-18 19:02 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-18 19:02 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-18 19:01 . 2008-05-18 19:01 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-05-18 13:39 . 2008-05-23 19:49 <DIR> d---s---- C:\teamviewer
2008-05-16 19:41 . 2008-05-16 19:41 <DIR> d-------- C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\FindeXer
2008-05-16 17:44 . 2008-05-22 20:43 39,424 --a------ C:\WINDOWS\zipinst.exe
2008-05-16 16:37 . 2008-03-15 18:08 209 --ahs---- C:\BOOT.BKK
2008-05-15 19:29 . 2008-05-15 19:34 27 --a------ C:\WINDOWS\SDAddressBox16827d0561119.ini
2008-05-15 19:04 . 2008-05-15 19:04 7,852 --a------ C:\WINDOWS\system32\mcdmsg7.dll
2008-05-15 19:03 . 2008-05-18 13:20 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Stardock
2008-05-11 16:11 . 2000-03-07 00:00 473,600 --a------ C:\WINDOWS\system32\Harmony.dll
2008-05-01 18:31 . 2008-05-01 18:31 514,875 --a------ C:\Dokumente und Einstellungen\thes_am_6_0.jar
2008-05-01 18:31 . 2008-05-01 18:32 386,400 --a------ C:\Dokumente und Einstellungen\ge_4_0.jar
2008-05-01 18:31 . 2008-05-01 18:31 98 --a------ C:\Dokumente und Einstellungen\EditLiveForJava.ini

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 17:00 134,352,928 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-28 16:55 1,577,516 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-28 16:20 --------- d-----w C:\Programme\Mozilla Thunderbird
2008-05-26 16:48 --------- d-----w C:\Programme\DivX
2008-05-26 16:47 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-05-23 22:18 --------- d-----w C:\Programme\Microsoft Works
2008-05-23 18:07 --------- d-----r C:\Programme\rpg2003
2008-05-23 18:07 --------- d-----r C:\Programme\RM2k3
2008-05-23 17:50 133 --sha-w C:\Programme\desktop.ini
2008-05-23 12:40 9,728 --sha-w C:\Programme\Thumbs.db
2008-05-22 14:21 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-05-22 14:21 --------- d-----w C:\Programme\Sony
2008-05-18 17:22 --------- d-----w C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Skype
2008-05-18 14:03 --------- d-----w C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\skypePM
2008-05-17 20:32 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware
2008-05-17 20:28 --------- d-----w C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\VMware
2008-05-14 19:18 --------- d-----w C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\VMware
2008-05-10 16:01 1,192 ----a-w C:\WINDOWS\Fonts\harmony.log
2008-05-09 13:21 --------- d-----w C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Sony Corporation
2008-04-26 16:50 --------- d-----w C:\Programme\Gemeinsame Dateien\xing shared
2008-04-26 16:50 --------- d-----w C:\Programme\Gemeinsame Dateien\Real
2008-04-17 15:57 --------- d-----w C:\Programme\ICQ6
2008-04-15 15:14 --------- d-----w C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\moka5
2008-04-05 16:32 --------- d-----w C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Hamachi
2008-03-22 13:06 32 ----a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2008-02-16 19:49 60,776 ----a-w C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2004-08-10 12:00 60,416 --sha-w C:\WINDOWS\FlyakiteOSX\Backup\msimn.exe
.

------- Sigcheck -------

2005-03-02 20:19 578560 4c90159a69a5fd3eb39c71411f28fcff C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:48 579584 78785eff8cb90cec1862a4ccfd9a3c3a C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-10 14:00 578560 56785fd5236d7b22cf471a6da9db46d8 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:09 578560 3751d7cf0e0a113d84414992146bce6a C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:36 579072 492e166cfd26a50fb9160db536ff7d2b C:\WINDOWS\FlyakiteOSX\Backup\user32.dll
2007-03-08 17:36 579072 9a21eb0f182ad19f93dfad501a12049d C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 579072 9a21eb0f182ad19f93dfad501a12049d C:\WINDOWS\system32\dllcache\user32.dll

2007-03-07 19:34 823296 4ef1ae9a4d801ab63ec752478247bfce C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 10:26 823808 26db81279fed58d5199235c26d4836e2 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 16:12 824320 17d39b59e2e3740058ae3fbcd432cede C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 11:48 825344 283d85f8192fa54f2ca978b659965739 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 01:20 825344 6a1aef7b9e513acb566b16b0ba133c7c C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:33 827392 a7b7383ec19f0c5ebd02cb7826c8488b C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2004-08-10 14:00 662016 b1a1da99c4a6ebfd59f86a453bf02f39 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-01-09 20:00 667648 957b39efdaafc58f43fb233933265f95 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
2006-05-10 07:26 669184 2e9fffc696613e2e38f2263ade718c67 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
2006-10-23 17:34 670208 47bbfeb4909d45064a992c3068610b06 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2008-03-01 14:54 826368 32fc70ac1effe28db72fdf1dcc319e72 C:\WINDOWS\FlyakiteOSX\Backup\wininet.dll
2007-01-04 16:02 670720 04a670155a6d86dfbf562f45544e1908 C:\WINDOWS\ie7\wininet.dll
2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 09:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-03-07 19:40 822784 c601bd2849927d44f8549f720cfa14d3 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 09:42 822784 4e9436b0301b0451ed2fb29364ab090f C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 16:05 823808 0d58cebd30684b481c8df3da69375410 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 11:55 824832 cafc9797228843012ced767d24d8dcfc C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:46 824832 fa5fa22e6f36f8453e9377810b3f9939 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:04 824832 ba4d7d3098e2ba8aea34a19bbecf9962 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 14:54 803840 44fab637279205f021da2727278a9162 C:\WINDOWS\system32\wininet.dll
2008-03-01 14:54 803840 44fab637279205f021da2727278a9162 C:\WINDOWS\system32\dllcache\wininet.dll

2005-03-02 10:11 2059264 ae8364004bbfd70461d2ef34888d3360 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2004-08-10 14:00 2059136 ce41fc4c06499a389d39b301879535fb C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:06 2059136 bdff8ffa77ee7df9758ef8c1e0da8eff C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
2005-09-29 20:28 2018304 0a590966a4649e9c5378d10b4b358a64 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 20:43 2019840 d28d4c9d6b86821c3ace858070581335 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:06 2061696 9b9ca27ad315c02b71510238574894b2 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:06 2019840 5aa6fe8b36d7d4074542925c38c142be C:\WINDOWS\FlyakiteOSX\Backup\ntkrnlpa.exe
2008-05-23 14:26 1977344 2985452513ee044c6e95a951f552abd2 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:06 1977344 6caf962d2c91eda33603737ad01f7bc5 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 20:11 2181888 eb5538a452e0e99169e2b6cdb62ff9d2 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2004-08-10 14:00 2183296 dc888c9c4ca0eea7a3cb7e6b610f75c7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:06 2181632 7189a2391adc1f65c9ae87b0abe0f945 C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
2005-09-29 20:27 2138624 86f4053474d3a15f34fd713823e7f9c0 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 20:43 2140160 c22fbee0c195f4892c6b3805dbfc7e77 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:06 2184448 e1de7a10d46959560c3b617227d95c19 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:06 2140160 fd51b755255e963b1e78b010b575fa7c C:\WINDOWS\FlyakiteOSX\Backup\ntoskrnl.exe
2008-05-23 14:26 2097664 cce408d56bc6b69c24eb293f91fbb1cd C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:06 2097664 2cc9e973ac4e1bb256e719d9583a22e3 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 15:21 2826240 a3bb534ce83b26bec3d609f7d6f995cd C:\WINDOWS\explorer.exe
2007-06-13 15:10 1036288 331ed93570baf3cfe30340298762cd56 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 14:00 1035264 22fe1be02eadde1632e478e4125639e0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:21 1036288 64d320c0e301eedc5a4adbbdc5024f7f C:\WINDOWS\FlyakiteOSX\Backup\explorer.exe
2007-06-13 15:21 2826240 a3bb534ce83b26bec3d609f7d6f995cd C:\WINDOWS\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CBBF35D-B50F-4B0D-AF4F-6E1A1FCAD46E}]
C:\WINDOWS\system32\cbXoomJA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD714BC-D36C-487B-8142-8BA020FB6535}]
C:\WINDOWS\system32\hggfcCuV.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Programme\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"TuneUp MemOptimizer"="C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe" [2008-04-15 10:00 154880]
"UberIcon"="C:\Programme\UberIcon\UberIcon Manager.exe" [2006-02-24 02:32 188416]
"Yz Shadow"="C:\Programme\YzShadow\YzShadow.exe" [2006-02-24 04:51 172032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WinRoll"="C:\Programme\WinRoll\winroll.exe" [2006-01-02 00:27 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 03:50 7561216]
"SonyPowerCfg"="C:\Programme\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 18:24 217088]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-25 22:52 262401]
"ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Apoint"="C:\Programme\Apoint\Apoint.exe" [2004-11-17 13:47 118784]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 01:41 118485]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-04-26 18:49 185896]
"Acrobat Assistant 7.0"="C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-10-25 19:58 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"= C:\WINDOWS\system32\hggfcCuV.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggfcCuV]
hggfcCuV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 14:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\GEMEIN~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apache2.2"=2 (0x2)
"VAIOMediaPlatform-IntegratedServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-AppServer"=3 (0x3)
"WTService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="D:\DAEMON Tools Lite\daemon.exe" -autorun
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
"Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
"WMPNSCFG"=C:\Programme\Windows Media Player\WMPNSCFG.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"MacrokeyManager"=WTMKM.exe
"ISBMgr.exe"=C:\Programme\Sony\ISB Utility\ISBMgr.exe
"VAIO Update 3"="C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\xampp\\xampp\\mysql\\bin\\mysqld.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Programme\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"D:\\Battlefield 2\\BF2.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:55]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-10 14:00]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2007-01-24 14:46]
S3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 11:39]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-18 19:02]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 10:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 10:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 10:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 10:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 10:42]
S4 Apache2.2;Apache2.2;"C:\Programme\xampp\xampp\apache\bin\apache.exe" -k runservice []
S4 WTService;WTService;C:\WINDOWS\system32\atwtusb.exe [2007-08-17 16:13]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhalt des "geplante Tasks" Ordners
"2008-05-28 17:00:01 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 18:59:02
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programme\RocketDock\RocketDock.dll
-> C:\Programme\UberIcon\UberIcon.dll
-> C:\Programme\WinRoll\winroll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Apoint\ApntEx.exe
C:\Programme\Apoint\Apvfb.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-05-28 19:07:02 - machine was rebooted [Gh0st K!llA]
ComboFix-quarantined-files.txt 2008-05-28 17:06:54

6 Verzeichnis(se), 19,856,539,648 Bytes frei
15 Verzeichnis(se), 19,734,728,704 Bytes frei

313 --- E O F --- 2008-05-28 13:56:55


#############################################################

And finally the Kaspersky-Log:

#############################################################

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 28, 2008 9:57:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/05/2008
Kaspersky Anti-Virus database records: 808677
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 134519
Number of viruses found: 5
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:58:58

Infected Object Name / Virus Name / Last Action
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.ldf Object is locked skipped
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.mdf Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\.purple\logs\icq\420943382\191224400\2008-05-28.191309+0200CET.txt Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Mozilla\Firefox\Profiles\t5czmtw5.default\cert8.db Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Mozilla\Firefox\Profiles\t5czmtw5.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Mozilla\Firefox\Profiles\t5czmtw5.default\history.dat Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Mozilla\Firefox\Profiles\t5czmtw5.default\key3.db Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Mozilla\Firefox\Profiles\t5czmtw5.default\parent.lock Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Mozilla\Firefox\Profiles\t5czmtw5.default\search.sqlite Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Mozilla\Firefox\Profiles\t5czmtw5.default\urlclassifier2.sqlite Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Cookies\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\t5czmtw5.default\Cache\_CACHE_001_ Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\t5czmtw5.default\Cache\_CACHE_002_ Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\t5czmtw5.default\Cache\_CACHE_003_ Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\t5czmtw5.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Lokale Einstellungen\Temp\~DF1D2E.tmp Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\Lokale Einstellungen\Verlauf\History.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\NTUSER.DAT Object is locked skipped
C:\Dokumente und Einstellungen\Gh0st K!llA\ntuser.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Verlauf\History.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\master.mdf Object is locked skipped
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\mastlog.ldf Object is locked skipped
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\model.mdf Object is locked skipped
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\modellog.ldf Object is locked skipped
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\tempdb.mdf Object is locked skipped
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\templog.ldf Object is locked skipped
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\LOG\ERRORLOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ndqhqepr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.tsk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\usanfyfv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.tsk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wicsfbyk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.trp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wykkongp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.tsm skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BDA20836-2515-475C-8EC0-6931AEBE2E66}\RP269\A0078794.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsk skipped
C:\System Volume Information\_restore{BDA20836-2515-475C-8EC0-6931AEBE2E66}\RP269\A0078795.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsk skipped
C:\System Volume Information\_restore{BDA20836-2515-475C-8EC0-6931AEBE2E66}\RP269\A0078797.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trp skipped
C:\System Volume Information\_restore{BDA20836-2515-475C-8EC0-6931AEBE2E66}\RP269\A0078798.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsm skipped
C:\System Volume Information\_restore{BDA20836-2515-475C-8EC0-6931AEBE2E66}\RP269\change.log Object is locked skipped
C:\VAIO Entertainment\database\VzCdbDat.ldf Object is locked skipped
C:\VAIO Entertainment\database\VzCdbDat.mdf Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped
C:\WINDOWS\FlyakiteOSX\Tools\wfpdisable.exe Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\SEBASTIAN.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{F4BF37A9-B989-491E-AFCD-806070DD6180}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET9B22.tmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_268.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT02da9.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT02dac.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{BDA20836-2515-475C-8EC0-6931AEBE2E66}\RP269\change.log Object is locked skipped

Scan process completed.

##############################################################

Rorschach112
2008-05-28, 23:44
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\FlyakiteOSX\Tools\wfpdisable.exe

Folder::

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggfcCuV]

Driver::



Save this as CFScript.txt, in the same location as ComboFix.exe


http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Please download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Reboot and post a new HijackThis log

SebastianK
2008-05-29, 20:00
Hello

...Okay here it is:


ComboFix Log after dragging CFScript into ComboFix.exe:



#############################################################




ComboFix 08-05-27.4 - Gh0st K!llA 2008-05-29 18:09:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.447 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Gh0st K!llA\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Gh0st K!llA\Desktop\CFScript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\FlyakiteOSX\Tools\wfpdisable.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\FlyakiteOSX\Tools\wfpdisable.exe

.
((((((((((((((((((((((( Dateien erstellt von 2008-04-28 bis 2008-05-29 ))))))))))))))))))))))))))))))
.

2008-05-28 19:34 . 2008-05-28 19:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-28 19:34 . 2008-05-28 19:34 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-05-28 17:00 . 2008-05-28 17:00 <DIR> d-------- C:\Programme\Trend Micro
2008-05-27 22:00 . 2008-05-28 15:57 9,728 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-05-26 21:07 . 2008-05-26 21:08 <DIR> d-------- C:\Programme\Spybot - Search & Destroy
2008-05-26 21:07 . 2008-05-26 21:35 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-05-24 18:46 . 2008-05-24 18:46 <DIR> d-------- C:\Programme\3RVX
2008-05-24 00:16 . 2008-05-24 00:16 <DIR> d-------- C:\Programme\Microsoft.NET
2008-05-24 00:08 . 2008-05-24 00:33 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-05-24 00:05 . 2008-05-24 00:05 <DIR> dr-h----- C:\MSOCache
2008-05-23 21:12 . 2008-05-23 21:12 <DIR> d-------- C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Styler
2008-05-23 21:12 . 2005-07-16 02:40 159,744 --a------ C:\WINDOWS\system\unrar.dll
2008-05-23 14:26 . 2008-05-23 14:26 <DIR> d-------- C:\Programme\YzShadow
2008-05-23 14:26 . 2008-05-23 14:26 <DIR> d-------- C:\Programme\WinRoll
2008-05-23 14:26 . 2008-05-23 14:26 <DIR> d-------- C:\Programme\UberIcon
2008-05-23 14:26 . 2008-05-23 14:26 <DIR> d-------- C:\Programme\RK Launcher
2008-05-23 14:26 . 2008-05-23 14:26 <DIR> d-------- C:\Programme\ObjectDock
2008-05-23 14:22 . 2008-05-29 18:01 <DIR> d--h----- C:\WINDOWS\FlyakiteOSX
2008-05-23 14:22 . 2004-08-10 14:00 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-05-22 20:59 . 2008-05-22 20:59 <DIR> d-------- C:\Programme\MonoCalendar
2008-05-21 18:10 . 2008-05-23 19:50 10,752 --ahs---- C:\Dokumente und Einstellungen\Thumbs.db
2008-05-21 18:06 . 2008-05-27 21:59 23,040 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-21 18:00 . 2004-04-14 03:50 77,214 --a------ C:\WINDOWS\desktop_32359849.ico
2008-05-21 15:28 . 2008-05-21 15:28 148 --a------ C:\WINDOWS\Eudcedit.ini
2008-05-20 18:22 . 2008-05-20 18:22 <DIR> d-------- C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\ESTsoft
2008-05-20 18:22 . 2008-05-20 18:54 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESTsoft
2008-05-20 17:58 . 2008-05-20 17:58 <DIR> d-------- C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\NCH Software
2008-05-20 17:58 . 2008-05-20 17:58 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Software
2008-05-19 22:20 . 2008-05-19 22:20 2,279,936 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-05-19 19:57 . 2008-05-28 18:25 <DIR> d-------- C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\gtk-2.0
2008-05-19 19:55 . 2008-05-29 18:07 <DIR> d-------- C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\.purple
2008-05-19 19:54 . 2008-05-19 19:55 <DIR> d-------- C:\Programme\Aspell
2008-05-19 19:53 . 2008-05-19 19:55 <DIR> d-------- C:\Programme\Pidgin
2008-05-19 19:52 . 2008-05-19 19:52 <DIR> d-------- C:\Programme\Gemeinsame Dateien\GTK
2008-05-19 18:34 . 2004-04-14 03:50 6,838 --a------ C:\Dokumente und Einstellungen\desktop_4304778.ico
2008-05-19 18:34 . 2008-05-23 19:50 110 ---hs---- C:\Dokumente und Einstellungen\desktop.ini
2008-05-18 19:02 . 2008-05-18 19:03 <DIR> d-------- C:\Programme\TuneUp Utilities 2008
2008-05-18 19:02 . 2008-05-18 19:02 <DIR> d-------- C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\TuneUp Software
2008-05-18 19:02 . 2008-05-18 19:02 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2008-05-18 19:02 . 2008-05-18 19:02 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-18 19:02 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-18 19:01 . 2008-05-18 19:01 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-05-18 13:39 . 2008-05-23 19:49 <DIR> d---s---- C:\teamviewer
2008-05-16 19:41 . 2008-05-16 19:41 <DIR> d-------- C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\FindeXer
2008-05-16 17:44 . 2008-05-22 20:43 39,424 --a------ C:\WINDOWS\zipinst.exe
2008-05-16 16:37 . 2008-03-15 18:08 209 --ahs---- C:\BOOT.BKK
2008-05-15 19:29 . 2008-05-15 19:34 27 --a------ C:\WINDOWS\SDAddressBox16827d0561119.ini
2008-05-15 19:04 . 2008-05-15 19:04 7,852 --a------ C:\WINDOWS\system32\mcdmsg7.dll
2008-05-15 19:03 . 2008-05-18 13:20 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Stardock
2008-05-11 16:11 . 2000-03-07 00:00 473,600 --a------ C:\WINDOWS\system32\Harmony.dll
2008-05-01 18:31 . 2008-05-01 18:31 514,875 --a------ C:\Dokumente und Einstellungen\thes_am_6_0.jar
2008-05-01 18:31 . 2008-05-01 18:32 386,400 --a------ C:\Dokumente und Einstellungen\ge_4_0.jar
2008-05-01 18:31 . 2008-05-01 18:31 98 --a------ C:\Dokumente und Einstellungen\EditLiveForJava.ini

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 16:14 135,120,928 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-29 16:01 --------- d-----w C:\Programme\Mozilla Thunderbird
2008-05-28 20:46 1,586,252 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-26 16:48 --------- d-----w C:\Programme\DivX
2008-05-26 16:47 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-05-23 22:18 --------- d-----w C:\Programme\Microsoft Works
2008-05-23 18:07 --------- d-----r C:\Programme\rpg2003
2008-05-23 18:07 --------- d-----r C:\Programme\RM2k3
2008-05-23 17:50 133 --sha-w C:\Programme\desktop.ini
2008-05-23 12:40 9,728 --sha-w C:\Programme\Thumbs.db
2008-05-23 12:26 2,097,664 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-05-23 12:26 1,977,344 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-05-23 12:22 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-22 14:21 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-05-22 14:21 --------- d-----w C:\Programme\Sony
2008-05-20 20:13 41,135,808 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-20 19:00 2,691,584 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-05-18 17:22 --------- d-----w C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Skype
2008-05-18 14:03 --------- d-----w C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\skypePM
2008-05-17 20:32 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware
2008-05-17 20:28 --------- d-----w C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\VMware
2008-05-14 19:18 --------- d-----w C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\VMware
2008-05-10 16:01 1,192 ----a-w C:\WINDOWS\Fonts\harmony.log
2008-05-09 13:21 --------- d-----w C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Sony Corporation
2008-04-26 16:50 --------- d-----w C:\Programme\Gemeinsame Dateien\xing shared
2008-04-26 16:50 --------- d-----w C:\Programme\Gemeinsame Dateien\Real
2008-04-26 16:49 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-26 14:14 42,672 ----a-w C:\WINDOWS\system32\wbsys.dll
2008-04-17 15:57 --------- d-----w C:\Programme\ICQ6
2008-04-15 15:14 --------- d-----w C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\moka5
2008-04-05 16:32 --------- d-----w C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\Hamachi
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 187,168 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-22 13:06 32 ----a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 12:03 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-09 17:40 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-08 10:41 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-01 12:54 803,840 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 19:49 60,776 ----a-w C:\Dokumente und Einstellungen\Gh0st K!llA\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2004-08-10 12:00 60,416 --sha-w C:\WINDOWS\FlyakiteOSX\Backup\msimn.exe
.

------- Sigcheck -------

2005-03-02 20:19 578560 4c90159a69a5fd3eb39c71411f28fcff C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:48 579584 78785eff8cb90cec1862a4ccfd9a3c3a C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-10 14:00 578560 56785fd5236d7b22cf471a6da9db46d8 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:09 578560 3751d7cf0e0a113d84414992146bce6a C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:36 579072 492e166cfd26a50fb9160db536ff7d2b C:\WINDOWS\FlyakiteOSX\Backup\user32.dll
2007-03-08 17:36 579072 9a21eb0f182ad19f93dfad501a12049d C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 579072 9a21eb0f182ad19f93dfad501a12049d C:\WINDOWS\system32\dllcache\user32.dll

2007-03-07 19:34 823296 4ef1ae9a4d801ab63ec752478247bfce C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 10:26 823808 26db81279fed58d5199235c26d4836e2 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 16:12 824320 17d39b59e2e3740058ae3fbcd432cede C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 11:48 825344 283d85f8192fa54f2ca978b659965739 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 01:20 825344 6a1aef7b9e513acb566b16b0ba133c7c C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:41 825344 16ef6865a405134ce64a3aa6cef6c69f C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:33 827392 a7b7383ec19f0c5ebd02cb7826c8488b C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2004-08-10 14:00 662016 b1a1da99c4a6ebfd59f86a453bf02f39 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-01-09 20:00 667648 957b39efdaafc58f43fb233933265f95 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
2006-05-10 07:26 669184 2e9fffc696613e2e38f2263ade718c67 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
2006-10-23 17:34 670208 47bbfeb4909d45064a992c3068610b06 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2008-03-01 14:54 826368 32fc70ac1effe28db72fdf1dcc319e72 C:\WINDOWS\FlyakiteOSX\Backup\wininet.dll
2007-01-04 16:02 670720 04a670155a6d86dfbf562f45544e1908 C:\WINDOWS\ie7\wininet.dll
2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 09:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-03-07 19:40 822784 c601bd2849927d44f8549f720cfa14d3 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 09:42 822784 4e9436b0301b0451ed2fb29364ab090f C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 16:05 823808 0d58cebd30684b481c8df3da69375410 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 11:55 824832 cafc9797228843012ced767d24d8dcfc C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:46 824832 fa5fa22e6f36f8453e9377810b3f9939 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:04 824832 ba4d7d3098e2ba8aea34a19bbecf9962 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 14:54 803840 44fab637279205f021da2727278a9162 C:\WINDOWS\system32\wininet.dll
2008-03-01 14:54 803840 44fab637279205f021da2727278a9162 C:\WINDOWS\system32\dllcache\wininet.dll

2005-03-02 10:11 2059264 ae8364004bbfd70461d2ef34888d3360 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2004-08-10 14:00 2059136 ce41fc4c06499a389d39b301879535fb C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:06 2059136 bdff8ffa77ee7df9758ef8c1e0da8eff C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
2005-09-29 20:28 2018304 0a590966a4649e9c5378d10b4b358a64 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 20:43 2019840 d28d4c9d6b86821c3ace858070581335 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:06 2061696 9b9ca27ad315c02b71510238574894b2 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:06 2019840 5aa6fe8b36d7d4074542925c38c142be C:\WINDOWS\FlyakiteOSX\Backup\ntkrnlpa.exe
2008-05-23 14:26 1977344 2985452513ee044c6e95a951f552abd2 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:06 1977344 6caf962d2c91eda33603737ad01f7bc5 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 20:11 2181888 eb5538a452e0e99169e2b6cdb62ff9d2 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2004-08-10 14:00 2183296 dc888c9c4ca0eea7a3cb7e6b610f75c7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:06 2181632 7189a2391adc1f65c9ae87b0abe0f945 C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
2005-09-29 20:27 2138624 86f4053474d3a15f34fd713823e7f9c0 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 20:43 2140160 c22fbee0c195f4892c6b3805dbfc7e77 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:06 2184448 e1de7a10d46959560c3b617227d95c19 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:06 2140160 fd51b755255e963b1e78b010b575fa7c C:\WINDOWS\FlyakiteOSX\Backup\ntoskrnl.exe
2008-05-23 14:26 2097664 cce408d56bc6b69c24eb293f91fbb1cd C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:06 2097664 2cc9e973ac4e1bb256e719d9583a22e3 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 15:21 2826240 a3bb534ce83b26bec3d609f7d6f995cd C:\WINDOWS\explorer.exe
2007-06-13 15:10 1036288 331ed93570baf3cfe30340298762cd56 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 14:00 1035264 22fe1be02eadde1632e478e4125639e0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:21 1036288 64d320c0e301eedc5a4adbbdc5024f7f C:\WINDOWS\FlyakiteOSX\Backup\explorer.exe
2007-06-13 15:21 2826240 a3bb534ce83b26bec3d609f7d6f995cd C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-28_19.06.29.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 16:56:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 15:58:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-05-29 15:58:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_ac.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CBBF35D-B50F-4B0D-AF4F-6E1A1FCAD46E}]
C:\WINDOWS\system32\cbXoomJA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD714BC-D36C-487B-8142-8BA020FB6535}]
C:\WINDOWS\system32\hggfcCuV.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Programme\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"TuneUp MemOptimizer"="C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe" [2008-04-15 10:00 154880]
"UberIcon"="C:\Programme\UberIcon\UberIcon Manager.exe" [2006-02-24 02:32 188416]
"Yz Shadow"="C:\Programme\YzShadow\YzShadow.exe" [2006-02-24 04:51 172032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WinRoll"="C:\Programme\WinRoll\winroll.exe" [2006-01-02 00:27 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 03:50 7561216]
"SonyPowerCfg"="C:\Programme\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 18:24 217088]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-25 22:52 262401]
"ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Apoint"="C:\Programme\Apoint\Apoint.exe" [2004-11-17 13:47 118784]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 01:41 118485]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-04-26 18:49 185896]
"Acrobat Assistant 7.0"="C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-10-25 19:58 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 14:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\GEMEIN~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apache2.2"=2 (0x2)
"VAIOMediaPlatform-IntegratedServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-AppServer"=3 (0x3)
"WTService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="D:\DAEMON Tools Lite\daemon.exe" -autorun
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
"Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
"WMPNSCFG"=C:\Programme\Windows Media Player\WMPNSCFG.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"MacrokeyManager"=WTMKM.exe
"ISBMgr.exe"=C:\Programme\Sony\ISB Utility\ISBMgr.exe
"VAIO Update 3"="C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\xampp\\xampp\\mysql\\bin\\mysqld.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Programme\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"D:\\Battlefield 2\\BF2.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:55]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-10 14:00]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2007-01-24 14:46]
S3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 11:39]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-18 19:02]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 10:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 10:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 10:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 10:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 10:42]
S4 Apache2.2;Apache2.2;"C:\Programme\xampp\xampp\apache\bin\apache.exe" -k runservice []
S4 WTService;WTService;C:\WINDOWS\system32\atwtusb.exe [2007-08-17 16:13]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2008-05-29 16:00:04 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 18:14:15
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-05-29 18:17:49
ComboFix-quarantined-files.txt 2008-05-29 16:17:18
ComboFix2.txt 2008-05-28 17:07:03

6 Verzeichnis(se), 19,530,825,728 Bytes frei
15 Verzeichnis(se), 19,505,709,056 Bytes frei

295 --- E O F --- 2008-05-28 13:56:55

#######################################################







Malwarebytes' Anti-Malware Logfile:






#######################################################

Malwarebytes' Anti-Malware 1.12
Datenbank Version: 799

Scan Art: Schnell Scan
Objekte gescannt: 37329
Scan Dauer: 7 minute(s), 2 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
(Keine Malware Objekte gefunden)

#####################################################






New HJT Log:






#####################################################



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:22, on 29.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Sony\VAIO Power Management\SPMgr.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Apoint\Apoint.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe
C:\Programme\UberIcon\UberIcon Manager.exe
C:\Programme\YzShadow\YzShadow.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\WinRoll\winroll.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\Apoint\Apvfb.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\Programme\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8CBBF35D-B50F-4B0D-AF4F-6E1A1FCAD46E} - C:\WINDOWS\system32\cbXoomJA.dll (file missing)
O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - C:\WINDOWS\system32\hggfcCuV.dll (file missing)
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Program Files\FindeXer.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programme\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [UberIcon] "C:\Programme\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Programme\Sony\VAIO Information FLOW\aiesc.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 10476 bytes



###################################################

Rorschach112
2008-05-30, 02:56
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {8CBBF35D-B50F-4B0D-AF4F-6E1A1FCAD46E} - C:\WINDOWS\system32\cbXoomJA.dll (file missing)
O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - C:\WINDOWS\system32\hggfcCuV.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Reboot and post a new HijackThis log

SebastianK
2008-05-30, 16:56
Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:25, on 30.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Sony\VAIO Power Management\SPMgr.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Apoint\Apoint.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\UberIcon\UberIcon Manager.exe
C:\Programme\YzShadow\YzShadow.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\WinRoll\winroll.exe
C:\Programme\Apoint\Apvfb.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Programme\Pidgin\pidgin.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Program Files\FindeXer.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programme\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [UberIcon] "C:\Programme\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Programme\Sony\VAIO Information FLOW\aiesc.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 10231 bytes

Rorschach112
2008-05-30, 20:09
Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png




You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here (http://java.sun.com/javase/downloads/index.jsp)



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html) protects against bad ActiveX
IE-SPYAD (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe) puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)

* SpywareGuard (http://www.javacoolsoftware.com/sgdownload.html) offers realtime protection from spyware installation attempts. Make sure you are only running one real-time protection program or there will be a conflict.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.


* MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here (http://www.mozilla.org/products/firefox/)

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here (http://forums.spywareinfo.com/index.php?showtopic=60955)

Thank you for your patience, and performing all of the procedures requested.

SebastianK
2008-05-30, 20:20
Thx for helping me ^^

Rorschach112
2008-05-30, 20:21
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.