1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

msn picture virus removal problem

Discussion in 'Virus & Other Malware Removal' started by megane1986, Mar 25, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. megane1986

    megane1986 Thread Starter

    Joined:
    Mar 25, 2008
    Messages:
    3
    hello folks i have since a few days this msn picture virus on my pc and i've been checking out many forums and threads about how to remove this annoying creature from my pc but i cant get a clue how to do it so here i am to ask for a lil but of help :)
    as far as i could see u people need a log of hijackthis so i will add this already in my post

    it would be really aprecciated if any 1 would like to help me whit this

    already a big thx for the people who might gonna help me ;)


    hijackthis log :


    Logfile of HijackThis v1.99.1
    Scan saved at 00:46:57, on 26.03.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Analog Devices\Core\smax4pnp.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Programme\Winamp\winampa.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
    C:\Programme\Messenger\msmsgs.exe
    C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
    C:\Programme\Xfire\xfire.exe
    C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
    C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
    C:\Programme\Windows Live\Messenger\msnmsgr.exe
    C:\Programme\Windows Live\Messenger\usnsvc.exe
    C:\Programme\Windows Media Player\wmplayer.exe
    C:\Programme\mIRC\mirc.exe
    C:\Programme\TeamViewer3\TeamViewer.exe
    C:\Dokumente und Einstellungen\BabaLu\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Programme\StumbleUpon\StumbleUponIEBar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Programme\StumbleUpon\StumbleUponIEBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [RAPTOR-GAMING M3] "C:\Programme\RAPTOR-GAMING\RAPTOR-ADJUST M3 V1\Panel.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programme\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe"
    O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [bklq] C:\WINDOWS\system32\bklq.exe
    O4 - HKLM\..\RunServices: [bklq] C:\WINDOWS\system32\bklq.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [ares] "C:\Programme\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [ZSScheduler] RunDll32.exe "C:\Programme\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Programme\FBM Software\ZeroSpyware\
    O4 - Startup: Xfire.lnk = C:\Programme\Xfire\xfire.exe
    O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-2c6b99bed7a11a4d.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Print Spooler Service (alio49ozyrjoxoa) - Unknown owner - C:\WINDOWS\system32\bklq.exe (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe (file missing)
    O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

    i also have a MSN Virus Removal Log

    Starting Scan...
    Looking For Virus Services...
    No Virus Services Found.
    Looking For Virus Processes...
    No Virus Processes Found.
    Searching for Virus Files...
    No Virus Files Found.
    Scanning Registry...
    Registry Scan Complete.
    Scanning Hosts File...
    No Infected Hosts File Entries Found.
    Done!
    Saving Log...

    i dont know if this is usefull but i just added it in case it is

    ok i hope to hear soon a way to fix this

    Greetz , Megane
     
  2. megane1986

    megane1986 Thread Starter

    Joined:
    Mar 25, 2008
    Messages:
    3
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Please update your version of Hijackthis:
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.


    Visit this webpage for instructions for downloading and running ComboFix.

    Post the log from ComboFix along with a new HijackThis log.
     
  4. megane1986

    megane1986 Thread Starter

    Joined:
    Mar 25, 2008
    Messages:
    3
    ok i have the logs u requested :)

    hijackthis log :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:45:40, on 28.03.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programme\Analog Devices\Core\smax4pnp.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Programme\Winamp\winampa.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
    C:\Programme\Messenger\msmsgs.exe
    C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
    C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
    C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
    C:\Programme\Windows Live\Messenger\usnsvc.exe
    C:\Programme\Windows Media Player\wmplayer.exe
    C:\Programme\mIRC\mirc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\explorer.exe
    C:\Programme\Xchar\Xchar Profiler\Profiler.exe
    C:\Programme\Xfire\xfire.exe
    C:\WINDOWS\system32\mspaint.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\Programme\Windows Live\Messenger\msnmsgr.exe
    C:\Programme\TeamViewer3\TeamViewer.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Programme\StumbleUpon\StumbleUponIEBar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Programme\StumbleUpon\StumbleUponIEBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [RAPTOR-GAMING M3] "C:\Programme\RAPTOR-GAMING\RAPTOR-ADJUST M3 V1\Panel.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programme\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe"
    O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [bklq] C:\WINDOWS\system32\bklq.exe
    O4 - HKLM\..\RunServices: [bklq] C:\WINDOWS\system32\bklq.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [ares] "C:\Programme\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [ZSScheduler] RunDll32.exe "C:\Programme\FBM Software\ZeroSpyware\ZSScheduler.dll", runScheduler C:\Programme\FBM Software\ZeroSpyware\
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Programme\Xfire\xfire.exe
    O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-2c6b99bed7a11a4d.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Print Spooler Service (alio49ozyrjoxoa) - Unknown owner - C:\WINDOWS\system32\bklq.exe (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe (file missing)
    O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programme\RealVNC\VNC4\WinVNC4.exe

    --
    End of file - 11144 bytes



    combofix log :

    ComboFix 08-03-26.3 - BabaLu 2008-03-28 3:00:40.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.534 [GMT 1:00]
    ausgeführt von:: C:\Dokumente und Einstellungen\BabaLu\Desktop\ComboFix.exe
    * Neuer Wiederherstellungspunkt wurde erstellt

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((( Dateien erstellt von 2008-02-28 bis 2008-03-28 ))))))))))))))))))))))))))))))
    .

    2008-03-28 01:26 . 2008-03-28 01:26 <DIR> d-------- C:\Programme\Trend Micro
    2008-03-26 18:00 . 2008-03-26 18:00 <DIR> d-------- C:\Logs
    2008-03-24 20:49 . 2008-03-24 20:49 <DIR> d-------- C:\Programme\Sun
    2008-03-24 20:49 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-03-24 20:47 . 2008-03-24 20:47 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
    2008-03-23 22:29 . 2008-03-23 22:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
    2008-03-23 22:26 . 2008-03-24 21:27 <DIR> d-------- C:\Programme\Messenger Plus! Live
    2008-03-23 20:12 . 2008-03-24 20:27 <DIR> d-------- C:\Programme\Windows Live
    2008-03-22 21:18 . 2008-03-22 21:18 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\AVG7
    2008-03-22 21:18 . 2008-03-26 00:33 <DIR> d-------- C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\AVG7
    2008-03-22 21:18 . 2008-03-22 21:18 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
    2008-03-22 21:18 . 2008-03-22 21:22 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg7
    2008-03-21 22:38 . 2008-03-21 22:38 <DIR> d-------- C:\Programme\Lavasoft
    2008-03-21 22:38 . 2008-03-21 22:38 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
    2008-03-16 04:45 . 2008-03-16 04:45 <DIR> d-------- C:\Programme\Nero
    2008-03-16 01:20 . 2007-08-03 12:48 3,974,440 --a------ C:\WINDOWS\system32\AdvrCntr3.dll
    2008-03-16 01:18 . 2007-08-03 12:48 3,974,440 --a------ C:\WINDOWS\system\AdvrCntr3.dll
    2008-03-15 23:26 . 2008-03-15 23:28 <DIR> d-------- C:\Programme\TeamViewer3
    2008-03-15 23:26 . 2008-03-16 04:14 <DIR> d-------- C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\TeamViewer
    2008-03-15 23:25 . 2008-03-15 23:25 <DIR> d-------- C:\Dokumente und Einstellungen\BabaLu\temp
    2008-03-15 23:19 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
    2008-03-15 23:19 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    2008-03-15 23:19 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
    2008-03-15 23:07 . 2008-03-15 23:20 <DIR> d-------- C:\Programme\LogMeIn
    2008-03-15 23:07 . 2008-03-15 23:07 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Startmenü
    2008-03-15 23:07 . 2008-03-15 23:07 <DIR> dr------- C:\Dokumente und Einstellungen\LocalService\Favoriten
    2008-03-15 23:07 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
    2008-03-15 23:07 . 2008-03-15 23:07 1,024 --a------ C:\.rnd
    2008-03-15 22:55 . 2008-03-15 22:55 0 --a------ C:\WINDOWS\Irremote.ini
    2008-03-14 00:06 . 2008-03-14 00:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
    2008-03-13 20:58 . 2008-03-13 20:58 <DIR> d-------- C:\Programme\Shareaza
    2008-03-13 20:58 . 2008-03-13 20:58 <DIR> d-------- C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\Shareaza
    2008-03-13 03:00 . 2008-03-13 03:00 <DIR> d-------- C:\Programme\MSXML 4.0
    2008-03-12 21:15 . 2008-03-12 21:15 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2008-03-12 21:15 . 2008-03-12 21:15 <DIR> d-------- C:\Programme\Veoh Networks
    2008-03-12 04:44 . 2008-03-12 04:44 <DIR> d-------- C:\Programme\Boilsoft Video Splitter
    2008-03-12 02:37 . 2008-03-12 02:37 <DIR> d-------- C:\Programme\Ahead
    2008-03-12 01:19 . 2008-03-21 22:53 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
    2008-03-11 15:10 . 2008-03-16 04:45 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
    2008-03-10 01:02 . 2008-03-10 01:02 <DIR> d-------- C:\Programme\Gemeinsame Dateien\NSV
    2008-03-07 17:20 . 2008-03-07 17:20 <DIR> d-------- C:\Programme\RAPTOR-GAMING
    2008-03-07 17:20 . 2006-10-04 14:31 18,620,416 --a------ C:\WINDOWS\system32\XControlPad.dll
    2008-03-07 17:20 . 2006-09-21 10:38 2,576,384 --a------ C:\WINDOWS\system32\XWheel.dll
    2008-03-07 17:20 . 2006-09-21 10:38 593,920 --a------ C:\WINDOWS\system32\XIndicator.dll
    2008-03-07 17:20 . 2006-10-04 11:27 413,696 --a------ C:\WINDOWS\system32\XDPI.dll
    2008-03-07 17:20 . 2006-09-21 10:35 221,184 --a------ C:\WINDOWS\system32\Hook.dll
    2008-03-07 17:20 . 2006-10-04 14:20 26,240 --a------ C:\WINDOWS\system32\drivers\GMFilter.sys
    2008-03-07 17:20 . 2004-11-25 15:44 1,701 --a------ C:\WINDOWS\system32\drivers\GMFilter.inf
    2008-03-06 18:07 . 2008-03-10 18:43 <DIR> d-------- C:\Programme\PowerISO
    2008-03-06 17:59 . 2008-03-06 17:59 <DIR> d-------- C:\Programme\A4Tech
    2008-03-06 17:05 . 2008-03-23 03:14 37 --a------ C:\WINDOWS\iltwain.ini
    2008-03-04 18:14 . 2008-03-10 00:42 112 --a------ C:\WINDOWS\cdplayer.ini

    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-28 02:03 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\mIRC
    2008-03-28 01:52 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
    2008-03-27 02:28 --------- d-----w C:\Programme\Unreal Tournament 2004
    2008-03-26 22:09 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\Xfire
    2008-03-26 16:57 --------- d-----w C:\Programme\World of Warcraft
    2008-03-26 03:21 --------- d-----w C:\Programme\Xfire
    2008-03-25 17:29 --------- d-----w C:\Programme\mIRC
    2008-03-25 03:56 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\Skype
    2008-03-25 03:51 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\skypePM
    2008-03-24 20:03 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\teamspeak2
    2008-03-24 19:49 --------- d-----w C:\Programme\Java
    2008-03-23 19:12 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller
    2008-03-23 15:04 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\LimeWire
    2008-03-21 21:52 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
    2008-03-21 21:38 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
    2008-03-21 21:30 --------- d--h--w C:\Programme\InstallShield Installation Information
    2008-03-21 21:07 131,072 ----a-w C:\WINDOWS\system32\datestamp.dll
    2008-03-16 03:47 --------- d-----w C:\Programme\Gemeinsame Dateien\Nero
    2008-03-13 19:56 --------- d-----w C:\Programme\FlashGet
    2008-02-26 17:49 --------- d-----w C:\Programme\PartyGaming
    2008-02-26 17:36 --------- d-----w C:\Programme\PartyGaming.Net
    2008-02-24 03:54 --------- d-----w C:\Programme\Mozilla Thunderbird
    2008-02-24 03:54 --------- d-----w C:\Programme\Google
    2008-02-24 02:38 --------- d-----w C:\Programme\Sagasoft
    2008-02-22 00:04 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\Ventrilo
    2008-02-21 03:18 --------- d-----w C:\Programme\Cucusoft
    2008-02-16 00:05 --------- d-----w C:\Programme\MobMapUpdater
    2008-02-14 15:32 --------- d-----w C:\Programme\filesubmit
    2008-02-13 20:06 --------- d-----w C:\Programme\Gemeinsame Dateien\DVDVideoSoft
    2008-02-13 18:43 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
    2008-02-13 18:43 --------- d-----w C:\Programme\TuneUp Utilities 2008
    2008-02-13 18:43 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\TuneUp Software
    2008-02-13 18:43 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
    2008-02-13 17:11 --------- d-----w C:\Programme\DVDVideoSoft
    2008-02-13 16:37 --------- d-----w C:\Programme\Avira
    2008-02-13 16:37 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
    2008-02-13 16:31 --------- d-----w C:\Programme\PPLive
    2008-02-13 16:31 --------- d-----w C:\Programme\Playboy - The Mansion
    2008-02-13 16:23 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\The Longest Journey
    2008-02-13 00:37 --------- d-----w C:\Programme\The Longest Journey
    2008-02-13 00:26 --------- d-----w C:\Programme\Obscure
    2008-02-11 16:57 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\UseNeXT
    2008-02-11 03:19 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
    2008-02-11 03:09 --------- d-----w C:\Programme\OneStepSearch
    2008-02-08 04:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
    2008-02-08 04:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2008-02-08 04:24 --------- d-----w C:\Programme\Real
    2008-02-08 04:24 --------- d-----w C:\Programme\Gemeinsame Dateien\xing shared
    2008-02-08 04:24 --------- d-----w C:\Programme\Gemeinsame Dateien\Real
    2008-02-05 15:34 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\Ulead Systems
    2008-02-05 04:26 --------- d-----w C:\Programme\TrackMania Nations ESWC
    2008-02-04 19:06 --------- d-----w C:\Programme\CamStudio
    2008-02-04 02:44 --------- d-----w C:\Programme\Game Cam v1.4
    2008-02-03 20:26 364,544 ----a-w C:\WINDOWS\system32\cdg.dll
    2008-02-03 01:54 --------- d-----w C:\Dokumente und Einstellungen\BabaLu\Anwendungsdaten\Apple Computer
    2008-02-02 23:16 32 ----a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
    2008-02-02 23:09 --------- d-----w C:\Programme\Skype
    2008-02-02 23:09 --------- d-----w C:\Programme\Gemeinsame Dateien\Skype
    2008-02-02 23:09 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
    2008-01-30 01:17 --------- d-----w C:\Programme\RealVNC
    2008-01-29 15:33 --------- d-----w C:\Programme\UseNeXT
    .

    (((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:57 15360]
    "Skype"="C:\Programme\Skype\Phone\Skype.exe" [2008-01-17 18:10 21686568]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
    "Veoh"="C:\Programme\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 21:42 3537968]
    "ares"="C:\Programme\Ares\Ares.exe" [ ]
    "ZSScheduler"="C:\Programme\FBM Software\ZeroSpyware\ZSScheduler.dll" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "SoundMAXPnP"="C:\Programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
    "SoundMAX"="C:\Programme\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35 716800]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-02-08 05:24 185896]
    "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-14 17:41 249896]
    "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
    "Ulead AutoDetector v2"="C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
    "WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-10-10 06:28 36352]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
    "PWRISOVM.EXE"="C:\Programme\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088]
    "RAPTOR-GAMING M3"="C:\Programme\RAPTOR-GAMING\RAPTOR-ADJUST M3 V1\Panel.exe" [2006-10-05 11:29 73728]
    "NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
    "LogMeIn GUI"="C:\Programme\LogMeIn\x86\LogMeInSystray.exe" [ ]
    "NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "SpybotSnD"="C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" [ ]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-22 21:21 579072]
    "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "bklq"="C:\WINDOWS\system32\bklq.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "bklq"="C:\WINDOWS\system32\bklq.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:57 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-22 21:18 219136]

    C:\Dokumente und Einstellungen\BabaLu\Startmen\Programme\Autostart\
    Xfire.lnk - C:\Programme\Xfire\xfire.exe [2008-03-14 00:06:18 2979664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="LogonUI.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
    "WhenUSave"="C:\Programme\Save\Save.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
    "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
    "Ulead AutoDetector v2"=C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
    "WinampAgent"=C:\Programme\Winamp\winampa.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Programme\\mIRC\\mirc.exe"=
    "C:\\Programme\\Unreal Tournament 3 (LG)\\Binaries\\UT3.exe"=
    "C:\\Programme\\Xfire\\xfire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Programme\\FlashGet\\flashget.exe"=
    "C:\\Programme\\FlashFXP\\FlashFXP.exe"=
    "C:\\Programme\\RealVNC\\VNC4\\winvnc4.exe"=
    "C:\\Programme\\RealVNC\\VNC4\\vncviewer.exe"=
    "C:\\Programme\\Internet Explorer\\iexplore.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "C:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Programme\\Shareaza\\Shareaza.exe"=
    "C:\\Programme\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Programme\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Programme\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Programme\\Grisoft\\AVG7\\avgemc.exe"=
    "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Programme\\Skype\\Phone\\Skype.exe"=
    "C:\\Programme\\Unreal Tournament 2004\\System\\UT2004.exe"=

    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
    R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
    R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:58]
    R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys [2006-10-04 14:20]
    R3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 10:12]
    R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 06:45]
    S2 alio49ozyrjoxoa;Print Spooler Service;C:\WINDOWS\system32\bklq.exe []
    S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programme\LogMeIn\x86\RaInfo.sys []
    S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-13 19:43]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Inhalt des "geplante Tasks" Ordners
    "2008-03-21 17:59:36 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
    - C:\Programme\TuneUp Utilities 2008\OneClick.exe
    "2008-03-15 06:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Programme\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-28 03:03:50
    Windows 5.1.2600 Service Pack 2 NTFS

    Scanne versteckte Prozesse...

    Scanne versteckte Autostart Einträge...

    Scanne versteckte Dateien...

    Scan erfolgreich abgeschlossen
    versteckte Dateien: 0

    **************************************************************************
    .
    Zeit der Fertigstellung: 2008-03-28 3:04:18
    ComboFix-quarantined-files.txt 2008-03-28 02:04:09
    19 Verzeichnis(se), 102,994,681,856 Bytes frei
    23 Verzeichnis(se), 103,195,070,464 Bytes frei
    .
    2008-03-25 02:00:51 --- E O F ---


    i hope u have everything u need now

    greetz megane ;)
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Open Notepad and copy and paste the text in the quote box below into it:

    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]

    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download (save and select your desktop to save it to) SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive and all other fixed drives..
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.


    Please perform a scan with Kaspersky Webscan Online Virus Scanner
    • Read the Requirements and Privacy statement, then select "Accept".
    • A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    • Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    • When the download is complete it will say ready, click "Next".
    • Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    • Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    • Click "OK".
    • Under "Select a target to scan", click on "My Computer".
    • When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.


    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/697081

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice