msn picture virus removal problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

megane1986

Thread Starter
Joined
Mar 25, 2008
Messages
3
hello folks i have since a few days this msn picture virus on my pc and i've been checking out many forums and threads about how to remove this annoying creature from my pc but i cant get a clue how to do it so here i am to ask for a lil but of help :)
as far as i could see u people need a log of hijackthis so i will add this already in my post

it would be really aprecciated if any 1 would like to help me whit this

already a big thx for the people who might gonna help me ;)


hijackthis log :


Logfile of HijackThis v1.99.1
Scan saved at 00:46:57, on 26.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
C:\Programme\Xfire\xfire.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\mIRC\mirc.exe
C:\Programme\TeamViewer3\TeamViewer.exe
C:\Dokumente und Einstellungen\BabaLu\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Programme\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Programme\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RAPTOR-GAMING M3] "C:\Programme\RAPTOR-GAMING\RAPTOR-ADJUST M3 V1\Panel.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programme\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [bklq] C:\WINDOWS\system32\bklq.exe
O4 - HKLM\..\RunServices: [bklq] C:\WINDOWS\system32\bklq.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ares] "C:\Programme\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ZSScheduler] RunDll32.exe "C:\Programme\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Programme\FBM Software\ZeroSpyware\
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\xfire.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-2c6b99bed7a11a4d.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Print Spooler Service (alio49ozyrjoxoa) - Unknown owner - C:\WINDOWS\system32\bklq.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

i also have a MSN Virus Removal Log

Starting Scan...
Looking For Virus Services...
No Virus Services Found.
Looking For Virus Processes...
No Virus Processes Found.
Searching for Virus Files...
No Virus Files Found.
Scanning Registry...
Registry Scan Complete.
Scanning Hosts File...
No Infected Hosts File Entries Found.
Done!
Saving Log...

i dont know if this is usefull but i just added it in case it is

ok i hope to hear soon a way to fix this

Greetz , Megane
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi, Welcome to TSG!!


Please update your version of Hijackthis:
Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.


Visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix along with a new HijackThis log.
 

megane1986

Thread Starter
Joined
Mar 25, 2008
Messages
3
ok i have the logs u requested :)

hijackthis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:45:40, on 28.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\mIRC\mirc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Programme\Xchar\Xchar Profiler\Profiler.exe
C:\Programme\Xfire\xfire.exe
C:\WINDOWS\system32\mspaint.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\TeamViewer3\TeamViewer.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Programme\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Programme\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RAPTOR-GAMING M3] "C:\Programme\RAPTOR-GAMING\RAPTOR-ADJUST M3 V1\Panel.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programme\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [bklq] C:\WINDOWS\system32\bklq.exe
O4 - HKLM\..\RunServices: [bklq] C:\WINDOWS\system32\bklq.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ares] "C:\Programme\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ZSScheduler] RunDll32.exe "C:\Programme\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Programme\FBM Software\ZeroSpyware\
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\xfire.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-2c6b99bed7a11a4d.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Print Spooler Service (alio49ozyrjoxoa) - Unknown owner - C:\WINDOWS\system32\bklq.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programme\RealVNC\VNC4\WinVNC4.exe

--
End of file - 11144 bytes



combofix log :

ComboFix 08-03-26.3 - BabaLu 2008-03-28 3:00:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.534 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\BabaLu\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((( Dateien erstellt von 2008-02-28 bis 2008-03-28 ))))))))))))))))))))))))))))))
.

2008-03-28 01:26 . 2008-03-28 01:26 <DIR> d-------- C:\Programme\Trend Micro
2008-03-26 18:00 . 2008-03-26 18:00 <DIR> d-------- C:\Logs
2008-03-24 20:49 . 2008-03-24 20:49 <DIR> d-------- C:\Programme\Sun
2008-03-24 20:49 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-24 20:47 . 2008-03-24 20:47 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-03-23 22:29 . 2008-03-23 22:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
2008-03-23 22:26 . 2008-03-24 21:27 <DIR> d-------- C:\Programme\Messenger Plus! Live
2008-03-23 20:12 . 2008-03-24 20:27 <DIR> d-------- C:\Programme\Windows Live
2008-03-22 21:18 . 2008-03-22 21:18 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\AVG7
2008-03-22 21:18 . 2008-03-26 00:33 <DIR> d-------- C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\AVG7
2008-03-22 21:18 . 2008-03-22 21:18 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2008-03-22 21:18 . 2008-03-22 21:22 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg7
2008-03-21 22:38 . 2008-03-21 22:38 <DIR> d-------- C:\Programme\Lavasoft
2008-03-21 22:38 . 2008-03-21 22:38 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-03-16 04:45 . 2008-03-16 04:45 <DIR> d-------- C:\Programme\Nero
2008-03-16 01:20 . 2007-08-03 12:48 3,974,440 --a------ C:\WINDOWS\system32\AdvrCntr3.dll
2008-03-16 01:18 . 2007-08-03 12:48 3,974,440 --a------ C:\WINDOWS\system\AdvrCntr3.dll
2008-03-15 23:26 . 2008-03-15 23:28 <DIR> d-------- C:\Programme\TeamViewer3
2008-03-15 23:26 . 2008-03-16 04:14 <DIR> d-------- C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\TeamViewer
2008-03-15 23:25 . 2008-03-15 23:25 <DIR> d-------- C:\Dokumente und Einstellungen\BabaLu\temp
2008-03-15 23:19 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-03-15 23:19 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-03-15 23:19 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-03-15 23:07 . 2008-03-15 23:20 <DIR> d-------- C:\Programme\LogMeIn
2008-03-15 23:07 . 2008-03-15 23:07 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Startmenü
2008-03-15 23:07 . 2008-03-15 23:07 <DIR> dr------- C:\Dokumente und Einstellungen\LocalService\Favoriten
2008-03-15 23:07 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-03-15 23:07 . 2008-03-15 23:07 1,024 --a------ C:\.rnd
2008-03-15 22:55 . 2008-03-15 22:55 0 --a------ C:\WINDOWS\Irremote.ini
2008-03-14 00:06 . 2008-03-14 00:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-13 20:58 . 2008-03-13 20:58 <DIR> d-------- C:\Programme\Shareaza
2008-03-13 20:58 . 2008-03-13 20:58 <DIR> d-------- C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\Shareaza
2008-03-13 03:00 . 2008-03-13 03:00 <DIR> d-------- C:\Programme\MSXML 4.0
2008-03-12 21:15 . 2008-03-12 21:15 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-12 21:15 . 2008-03-12 21:15 <DIR> d-------- C:\Programme\Veoh Networks
2008-03-12 04:44 . 2008-03-12 04:44 <DIR> d-------- C:\Programme\Boilsoft Video Splitter
2008-03-12 02:37 . 2008-03-12 02:37 <DIR> d-------- C:\Programme\Ahead
2008-03-12 01:19 . 2008-03-21 22:53 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-03-11 15:10 . 2008-03-16 04:45 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-03-10 01:02 . 2008-03-10 01:02 <DIR> d-------- C:\Programme\Gemeinsame Dateien\NSV
2008-03-07 17:20 . 2008-03-07 17:20 <DIR> d-------- C:\Programme\RAPTOR-GAMING
2008-03-07 17:20 . 2006-10-04 14:31 18,620,416 --a------ C:\WINDOWS\system32\XControlPad.dll
2008-03-07 17:20 . 2006-09-21 10:38 2,576,384 --a------ C:\WINDOWS\system32\XWheel.dll
2008-03-07 17:20 . 2006-09-21 10:38 593,920 --a------ C:\WINDOWS\system32\XIndicator.dll
2008-03-07 17:20 . 2006-10-04 11:27 413,696 --a------ C:\WINDOWS\system32\XDPI.dll
2008-03-07 17:20 . 2006-09-21 10:35 221,184 --a------ C:\WINDOWS\system32\Hook.dll
2008-03-07 17:20 . 2006-10-04 14:20 26,240 --a------ C:\WINDOWS\system32\drivers\GMFilter.sys
2008-03-07 17:20 . 2004-11-25 15:44 1,701 --a------ C:\WINDOWS\system32\drivers\GMFilter.inf
2008-03-06 18:07 . 2008-03-10 18:43 <DIR> d-------- C:\Programme\PowerISO
2008-03-06 17:59 . 2008-03-06 17:59 <DIR> d-------- C:\Programme\A4Tech
2008-03-06 17:05 . 2008-03-23 03:14 37 --a------ C:\WINDOWS\iltwain.ini
2008-03-04 18:14 . 2008-03-10 00:42 112 --a------ C:\WINDOWS\cdplayer.ini

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 02:03 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\mIRC
2008-03-28 01:52 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
2008-03-27 02:28 --------- d-----w C:\Programme\Unreal Tournament 2004
2008-03-26 22:09 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\Xfire
2008-03-26 16:57 --------- d-----w C:\Programme\World of Warcraft
2008-03-26 03:21 --------- d-----w C:\Programme\Xfire
2008-03-25 17:29 --------- d-----w C:\Programme\mIRC
2008-03-25 03:56 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\Skype
2008-03-25 03:51 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\skypePM
2008-03-24 20:03 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\teamspeak2
2008-03-24 19:49 --------- d-----w C:\Programme\Java
2008-03-23 19:12 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller
2008-03-23 15:04 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\LimeWire
2008-03-21 21:52 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-03-21 21:38 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-03-21 21:30 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-03-21 21:07 131,072 ----a-w C:\WINDOWS\system32\datestamp.dll
2008-03-16 03:47 --------- d-----w C:\Programme\Gemeinsame Dateien\Nero
2008-03-13 19:56 --------- d-----w C:\Programme\FlashGet
2008-02-26 17:49 --------- d-----w C:\Programme\PartyGaming
2008-02-26 17:36 --------- d-----w C:\Programme\PartyGaming.Net
2008-02-24 03:54 --------- d-----w C:\Programme\Mozilla Thunderbird
2008-02-24 03:54 --------- d-----w C:\Programme\Google
2008-02-24 02:38 --------- d-----w C:\Programme\Sagasoft
2008-02-22 00:04 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\Ventrilo
2008-02-21 03:18 --------- d-----w C:\Programme\Cucusoft
2008-02-16 00:05 --------- d-----w C:\Programme\MobMapUpdater
2008-02-14 15:32 --------- d-----w C:\Programme\filesubmit
2008-02-13 20:06 --------- d-----w C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2008-02-13 18:43 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-13 18:43 --------- d-----w C:\Programme\TuneUp Utilities 2008
2008-02-13 18:43 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\TuneUp Software
2008-02-13 18:43 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2008-02-13 17:11 --------- d-----w C:\Programme\DVDVideoSoft
2008-02-13 16:37 --------- d-----w C:\Programme\Avira
2008-02-13 16:37 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-02-13 16:31 --------- d-----w C:\Programme\PPLive
2008-02-13 16:31 --------- d-----w C:\Programme\Playboy - The Mansion
2008-02-13 16:23 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\The Longest Journey
2008-02-13 00:37 --------- d-----w C:\Programme\The Longest Journey
2008-02-13 00:26 --------- d-----w C:\Programme\Obscure
2008-02-11 16:57 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\UseNeXT
2008-02-11 03:19 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2008-02-11 03:09 --------- d-----w C:\Programme\OneStepSearch
2008-02-08 04:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-08 04:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-08 04:24 --------- d-----w C:\Programme\Real
2008-02-08 04:24 --------- d-----w C:\Programme\Gemeinsame Dateien\xing shared
2008-02-08 04:24 --------- d-----w C:\Programme\Gemeinsame Dateien\Real
2008-02-05 15:34 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\Ulead Systems
2008-02-05 04:26 --------- d-----w C:\Programme\TrackMania Nations ESWC
2008-02-04 19:06 --------- d-----w C:\Programme\CamStudio
2008-02-04 02:44 --------- d-----w C:\Programme\Game Cam v1.4
2008-02-03 20:26 364,544 ----a-w C:\WINDOWS\system32\cdg.dll
2008-02-03 01:54 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\Apple Computer
2008-02-02 23:16 32 ----a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2008-02-02 23:09 --------- d-----w C:\Programme\Skype
2008-02-02 23:09 --------- d-----w C:\Programme\Gemeinsame Dateien\Skype
2008-02-02 23:09 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2008-01-30 01:17 --------- d-----w C:\Programme\RealVNC
2008-01-29 15:33 --------- d-----w C:\Programme\UseNeXT
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:57 15360]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2008-01-17 18:10 21686568]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"Veoh"="C:\Programme\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 21:42 3537968]
"ares"="C:\Programme\Ares\Ares.exe" [ ]
"ZSScheduler"="C:\Programme\FBM Software\ZeroSpyware\ZSScheduler.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
"SoundMAX"="C:\Programme\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35 716800]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-02-08 05:24 185896]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-14 17:41 249896]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"Ulead AutoDetector v2"="C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"PWRISOVM.EXE"="C:\Programme\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088]
"RAPTOR-GAMING M3"="C:\Programme\RAPTOR-GAMING\RAPTOR-ADJUST M3 V1\Panel.exe" [2006-10-05 11:29 73728]
"NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"LogMeIn GUI"="C:\Programme\LogMeIn\x86\LogMeInSystray.exe" [ ]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"SpybotSnD"="C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-22 21:21 579072]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"bklq"="C:\WINDOWS\system32\bklq.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"bklq"="C:\WINDOWS\system32\bklq.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:57 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-22 21:18 219136]

C:\Dokumente und Einstellungen\BabaLu\Startmen\Programme\Autostart\
Xfire.lnk - C:\Programme\Xfire\xfire.exe [2008-03-14 00:06:18 2979664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
"WhenUSave"="C:\Programme\Save\Save.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
"Ulead AutoDetector v2"=C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
"WinampAgent"=C:\Programme\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\mIRC\\mirc.exe"=
"C:\\Programme\\Unreal Tournament 3 (LG)\\Binaries\\UT3.exe"=
"C:\\Programme\\Xfire\\xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\FlashGet\\flashget.exe"=
"C:\\Programme\\FlashFXP\\FlashFXP.exe"=
"C:\\Programme\\RealVNC\\VNC4\\winvnc4.exe"=
"C:\\Programme\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Programme\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Programme\\Shareaza\\Shareaza.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programme\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"C:\\Programme\\Unreal Tournament 2004\\System\\UT2004.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:58]
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys [2006-10-04 14:20]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 10:12]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 06:45]
S2 alio49ozyrjoxoa;Print Spooler Service;C:\WINDOWS\system32\bklq.exe []
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programme\LogMeIn\x86\RaInfo.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-13 19:43]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhalt des "geplante Tasks" Ordners
"2008-03-21 17:59:36 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClick.exe
"2008-03-15 06:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 03:03:50
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-03-28 3:04:18
ComboFix-quarantined-files.txt 2008-03-28 02:04:09
19 Verzeichnis(se), 102,994,681,856 Bytes frei
23 Verzeichnis(se), 103,195,070,464 Bytes frei
.
2008-03-25 02:00:51 --- E O F ---


i hope u have everything u need now

greetz megane ;)
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Open Notepad and copy and paste the text in the quote box below into it:
Folder::
C:\Programme\Save
Driver::
alio49ozyrjoxoa
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bklq"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"bklq"=-

Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.



Download (save and select your desktop to save it to) SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive and all other fixed drives..
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
  • Click Close to exit the program.


Please perform a scan with Kaspersky Webscan Online Virus Scanner
  • Read the Requirements and Privacy statement, then select "Accept".
  • A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
  • Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
  • When the download is complete it will say ready, click "Next".
  • Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
  • Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
  • Click "OK".
  • Under "Select a target to scan", click on "My Computer".
  • When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.


Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top