View Full Version : Infected :(
Good morning.
Today Avira found this malware and virus:
TR/Crypt.XPACK.Gen
TR/Sasfis.ajzr
TR/Agent.W.4213
TR/Riner.FA.4
JAVA/Dldr.Age.nad.4
JAVA/Dldr.Agen.NA.1
TR/Sasfis.ajzs
TR/Crypt.XDR.Gen
This is my HijackThis-Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:13, on 30.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
C:\Programme\AGFEO\Tk-Suite-Basic\tools\ctimon.exe
C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programme\Mozilla Firefox\firefox.exe
c:\programme\avira\antivir personaledition classic\avcenter.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Programme\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pardo] rundll32.exe "C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Adobe\Update\dlgcom.dat""
O4 - HKCU\..\Run: [Getdo] rundll32.exe "C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Adobe\Update\flacor.dat""
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Lexware Info Service.lnk = C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
O4 - Global Startup: TK-Suite Client.lnk = C:\Programme\AGFEO\Tk-Suite-Basic\tools\ctimon.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Öffnen mit PDF Genie 3 - {722FE9B2-6895-42D9-9984-F4CB26616023} - D:\Programme\PDF Genie\pdfshell.dll
O9 - Extra 'Tools' menuitem: Öffnen mit PDF Genie 3 - {722FE9B2-6895-42D9-9984-F4CB26616023} - D:\Programme\PDF Genie\pdfshell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxx-net.local
O17 - HKLM\Software\..\Telephony: DomainName = xxx-net.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{03FB35E0-4D3D-414C-B7B3-07DD449B363B}: NameServer = 192.168.178.100,195.202.33.68
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxx-net.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{03FB35E0-4D3D-414C-B7B3-07DD449B363B}: NameServer = 192.168.178.100,195.202.33.68
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = xxx-net.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{03FB35E0-4D3D-414C-B7B3-07DD449B363B}: NameServer = 192.168.178.100,195.202.33.68
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WPEServ - MAUS Software - C:\Programme\Gemeinsame Dateien\WPE\wpeserv.exe
--
End of file - 6230 bytes
Any help is really welcome and thanks in advance
Hello,
Is this your personal system?
Hello,
Is this your personal system?
Hello,
this is my client at work. We have a very small family business, so I adminstrate all clients (3) and our server by myself.
At the moment I'm working with a laptop and disconnected my infected client from the network.
Hi,
Ok. Let's have a look.
Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.com) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Ok, thanks for your help in advance :).
Here the Attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 06.11.2008 19:36:13
System Uptime: 04.07.2010 08:56:16 (-2111 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7125
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2010/201mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 19,013 GiB free.
D: is FIXED (NTFS) - 78 GiB total, 73,234 GiB free.
E: is FIXED (NTFS) - 32 GiB total, 19,789 GiB free.
F: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP281: 04.01.2010 13:28:21 - Systemprüfpunkt
RP282: 05.01.2010 14:10:01 - Systemprüfpunkt
RP283: 07.01.2010 10:55:14 - Systemprüfpunkt
RP284: 08.01.2010 13:38:42 - Systemprüfpunkt
RP285: 11.01.2010 12:34:56 - Systemprüfpunkt
RP286: 12.01.2010 13:40:05 - Systemprüfpunkt
RP287: 13.01.2010 15:16:55 - Systemprüfpunkt
RP288: 13.01.2010 17:46:18 - Software Distribution Service 3.0
RP289: 15.01.2010 10:01:14 - Systemprüfpunkt
RP290: 18.01.2010 10:40:19 - Systemprüfpunkt
RP291: 19.01.2010 14:03:17 - Systemprüfpunkt
RP292: 20.01.2010 14:20:59 - Systemprüfpunkt
RP293: 21.01.2010 15:30:55 - Systemprüfpunkt
RP294: 22.01.2010 17:14:09 - Software Distribution Service 3.0
RP295: 25.01.2010 10:43:21 - Systemprüfpunkt
RP296: 27.01.2010 12:34:57 - Systemprüfpunkt
RP297: 28.01.2010 13:21:55 - Systemprüfpunkt
RP298: 29.01.2010 13:49:28 - Systemprüfpunkt
RP299: 01.02.2010 13:15:57 - Systemprüfpunkt
RP300: 02.02.2010 14:11:57 - Systemprüfpunkt
RP301: 04.02.2010 14:11:06 - Systemprüfpunkt
RP302: 06.02.2010 16:06:12 - Systemprüfpunkt
RP303: 07.02.2010 16:41:18 - Systemprüfpunkt
RP304: 09.02.2010 13:53:00 - Systemprüfpunkt
RP305: 10.02.2010 15:14:57 - Systemprüfpunkt
RP306: 10.02.2010 18:34:29 - Software Distribution Service 3.0
RP307: 12.02.2010 15:48:09 - Systemprüfpunkt
RP308: 16.02.2010 12:49:02 - Systemprüfpunkt
RP309: 17.02.2010 13:46:39 - Systemprüfpunkt
RP310: 19.02.2010 13:47:46 - Systemprüfpunkt
RP311: 22.02.2010 14:21:19 - Systemprüfpunkt
RP312: 24.02.2010 13:44:03 - Systemprüfpunkt
RP313: 24.02.2010 14:38:03 - Software Distribution Service 3.0
RP314: 26.02.2010 13:29:07 - Systemprüfpunkt
RP315: 01.03.2010 13:02:22 - Systemprüfpunkt
RP316: 02.03.2010 13:59:28 - Systemprüfpunkt
RP317: 03.03.2010 14:15:56 - Systemprüfpunkt
RP318: 05.03.2010 12:33:24 - Systemprüfpunkt
RP319: 08.03.2010 08:34:49 - Systemprüfpunkt
RP320: 09.03.2010 11:16:25 - Systemprüfpunkt
RP321: 10.03.2010 13:09:23 - Systemprüfpunkt
RP322: 10.03.2010 17:18:05 - Software Distribution Service 3.0
RP323: 12.03.2010 13:06:11 - Systemprüfpunkt
RP324: 15.03.2010 12:25:45 - Systemprüfpunkt
RP325: 16.03.2010 13:54:32 - Systemprüfpunkt
RP326: 17.03.2010 16:28:46 - Systemprüfpunkt
RP327: 19.03.2010 13:55:03 - Systemprüfpunkt
RP328: 22.03.2010 14:11:03 - Systemprüfpunkt
RP329: 23.03.2010 17:38:15 - Systemprüfpunkt
RP330: 25.03.2010 13:56:42 - Systemprüfpunkt
RP331: 26.03.2010 14:02:35 - Systemprüfpunkt
RP332: 29.03.2010 12:06:04 - Systemprüfpunkt
RP333: 30.03.2010 12:17:48 - Systemprüfpunkt
RP334: 31.03.2010 13:13:39 - Systemprüfpunkt
==== Installed Programs ======================
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1 - Deutsch
AGFEO TK-ServiceProvider3 (x86)
AGFEO TK-Suite Basic 3
Avira AntiVir Personal - Free Antivirus
Brother P-touch Address Book 1.0
Brother P-touch Editor 4.2
Brother P-touch Software
Brother QL-Series User's Guide
Canon iP4500 series
CD-LabelPrint
Crystal Reports Basic for Visual Studio 2008
dakota.ag
DesignPro 5
EULANDA
EVEREST Home Edition v2.20
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GIMP 2.6.4
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
Hotfix for Windows XP (KB954550-v5)
Java(TM) 6 Update 11
Lexware financial office pro 2007 (Client)
Macromedia FreeHand MXa
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 SDK - DEU
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook 2003
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (German) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Game Studio 3.0
Microsoft XNA Game Studio 3.0 (ARP entry)
Microsoft XNA Game Studio 3.0 (devenv)
Microsoft XNA Game Studio 3.0 (Platformer)
Microsoft XNA Game Studio 3.0 (Redists)
Microsoft XNA Game Studio 3.0 (Shared Components)
Microsoft XNA Game Studio 3.0 (XnaLiveProxy)
Microsoft XNA Game Studio 3.0 Documentation
Microsoft XNA Game Studio Platform Tools
Mozilla Firefox (3.0.5)
MSXML 6.0 Parser
MusicMonster
NVIDIA Drivers
Paint.NET v3.36
PDF Genie 3.0
Realtek AC'97 Audio
Schattenkopieclient
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956390)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958215)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960714)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB963027)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969897)
Sicherheitsupdate für Windows XP (KB969898)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978706)
Softerra LDAP Administrator 2010.1
System Requirements Lab
TV3D SDK 6.5 Prerelease
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update für Windows Internet Explorer 8 (KB971930)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows XP (KB898461)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR
XML Paper Specification Shared Components Pack 1.0
==== End Of File ===========================
DDS.txt:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 9:10:39,57 on 07.04.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1517 [GMT 2:00]
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
C:\Programme\AGFEO\Tk-Suite-Basic\tools\ctimon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Administrator.PC-XXX\Desktop\dds.scr
============== Pseudo HJT Report ===============
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avgnt] "c:\programme\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [SunJavaUpdateSched] "c:\programme\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\lexwar~1.lnk - c:\programme\gemeinsame dateien\lexware\update manager\LxUpdateManager.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\tk-sui~1.lnk - c:\programme\agfeo\tk-suite-basic\tools\ctimon.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {722FE9B2-6895-42D9-9984-F4CB26616023} - {722FE9B2-6895-42D9-9984-F4CB26616023} - d:\programme\pdf genie\pdfshell.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {03FB35E0-4D3D-414C-B7B3-07DD449B363B} = 192.168.178.100,195.202.33.68
================= FIREFOX ===================
FF - ProfilePath - c:\dokume~1\admini~1.pc-\anwend~1\mozilla\firefox\profiles\352funhm.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\programme\avira\antivir personaledition classic\avgio.sys [2008-11-6 11608]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer;c:\programme\avira\antivir personaledition classic\sched.exe [2008-11-6 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\programme\avira\antivir personaledition classic\avguard.exe [2008-11-6 151297]
R3 avgntflt;avgntflt;c:\programme\avira\antivir personaledition classic\avgntflt.sys [2008-11-6 52056]
S3 WPEServ;WPEServ;c:\programme\gemeinsame dateien\wpe\wpeserv.exe [2009-2-9 323584]
=============== Created Last 30 ================
2010-03-30 07:57:48 0 d-----w- c:\dokume~1\admini~1.pc-\anwend~1\Lexware
2010-03-30 07:57:06 0 d-sh--w- c:\dokumente und einstellungen\administrator.pc-xxx\IETldCache
==================== Find3M ====================
2010-03-29 06:54:55 567222 ----a-w- c:\windows\system32\perfh007.dat
2010-03-29 06:54:55 127772 ----a-w- c:\windows\system32\perfc007.dat
============= FINISH: 9:11:09,82 ===============
Hi,
It seems Antivir definitions are old. Does the program show similar message?
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Hi,
It seems Antivir definitions are old. Does the program show similar message?
Yes, I'll update my Antivir as soon as the maleware has gone or should I update right now?
ComboFixLog:
ComboFix 10-04-06.01 - Administrator 07.04.2010 10:44:07.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1617 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator.PC-XXX\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
.
((((((((((((((((((((((( Dateien erstellt von 2010-03-07 bis 2010-04-07 ))))))))))))))))))))))))))))))
.
2010-03-30 07:58 . 2010-03-30 07:58 -------- d-----w- c:\dokumente und einstellungen\Administrator.PC-xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla
2010-03-30 07:57 . 2010-03-30 07:57 -------- d-----w- c:\dokumente und einstellungen\Administrator.PC-xxx\Anwendungsdaten\Lexware
2010-03-30 07:57 . 2010-03-30 07:57 -------- d-sh--w- c:\dokumente und einstellungen\Administrator.PC-xxx\IETldCache
2010-03-25 16:39 . 2010-03-25 16:39 -------- d-----w- c:\dokumente und einstellungen\Administrator\.thumbnails
2010-03-25 16:39 . 2010-03-25 17:10 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\gtk-2.0
2010-03-25 16:39 . 2010-03-25 17:12 -------- d-----w- c:\dokumente und einstellungen\Administrator\.gimp-2.6
2010-03-25 16:39 . 2010-03-25 16:39 -------- d-----w- c:\dokumente und einstellungen\Administrator\.gegl-0.0
2010-03-24 11:11 . 2010-03-24 11:11 -------- d-----w- c:\dokumente und einstellungen\xxx xxx\Anwendungsdaten\Helper
2010-03-22 19:50 . 2010-03-22 19:50 -------- d-----w- c:\dokumente und einstellungen\xxx xxx\Lokale Einstellungen\Anwendungsdaten\Move Networks
2010-03-22 19:50 . 2010-03-22 19:50 144053 ----a-w- c:\dokumente und einstellungen\xxx xxx\Anwendungsdaten\Move Networks\uninstall.exe
2010-03-22 19:50 . 2010-03-22 19:50 1811472 ----a-w- c:\dokumente und einstellungen\xxx xxx\Anwendungsdaten\Move Networks\MoveMediaPlayerWin_071802000001.exe
2010-03-16 17:02 . 2010-03-16 17:05 -------- d-sh--w- c:\dokumente und einstellungen\xxx xxx\Anwendungsdaten\lowsec
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-30 07:58 . 2009-02-09 16:14 61392 ----a-w- c:\dokumente und einstellungen\Administrator.PC-xxx\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-03-29 06:54 . 2008-04-14 12:00 567222 ----a-w- c:\windows\system32\perfh007.dat
2010-03-29 06:54 . 2008-04-14 12:00 127772 ----a-w- c:\windows\system32\perfc007.dat
2010-03-25 16:43 . 2009-12-21 12:14 79488 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-22 19:50 . 2010-02-06 14:31 -------- d-----w- c:\dokumente und einstellungen\xxx xxx\Anwendungsdaten\Move Networks
2010-03-22 19:50 . 2010-02-11 19:31 5640640 ----a-w- c:\dokumente und einstellungen\xxx xxx\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll
2010-03-10 16:20 . 2008-11-21 08:13 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-02-11 19:31 . 2010-02-11 19:31 97216 ----a-w- c:\dokumente und einstellungen\xxx xxx\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088]
"nwiz"="nwiz.exe" [2008-08-01 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 86016]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\xxx xxx\Startmen\Programme\Autostart\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Lexware Info Service.lnk - c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [2006-10-27 2731048]
TK-Suite Client.lnk - c:\programme\AGFEO\Tk-Suite-Basic\tools\ctimon.exe [2007-10-29 1593344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
S3 WPEServ;WPEServ;c:\programme\Gemeinsame Dateien\WPE\wpeserv.exe [09.02.2009 16:55 323584]
.
Inhalt des "geplante Tasks" Ordners
2010-04-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {03FB35E0-4D3D-414C-B7B3-07DD449B363B} = 192.168.178.100,195.202.33.68
FF - ProfilePath - c:\dokumente und einstellungen\Administrator.PC-xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\352funhm.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 10:48
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2527210468-1017177390-3732774353-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,f1,e6,8d,e8,61,07,40,b6,a2,9e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,f1,e6,8d,e8,61,07,40,b6,a2,9e,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~�*]
"70400E0900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Zeit der Fertigstellung: 2010-04-07 10:49:39
ComboFix-quarantined-files.txt 2010-04-07 08:49
Vor Suchlauf: 6 Verzeichnis(se), 20.341.927.936 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 21.393.788.928 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - B48E1804908CB69EA6D7B0FD4A316369
[B]DDS:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 10:52:44,77 on 07.04.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1539 [GMT 2:00]
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
C:\Programme\AGFEO\Tk-Suite-Basic\tools\ctimon.exe
C:\Programme\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Administrator.PC-xxx\Desktop\dds.scr
============== Pseudo HJT Report ===============
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avgnt] "c:\programme\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [SunJavaUpdateSched] "c:\programme\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\lexwar~1.lnk - c:\programme\gemeinsame dateien\lexware\update manager\LxUpdateManager.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\tk-sui~1.lnk - c:\programme\agfeo\tk-suite-basic\tools\ctimon.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {722FE9B2-6895-42D9-9984-F4CB26616023} - {722FE9B2-6895-42D9-9984-F4CB26616023} - d:\programme\pdf genie\pdfshell.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {03FB35E0-4D3D-414C-B7B3-07DD449B363B} = 192.168.178.100,195.202.33.68
================= FIREFOX ===================
FF - ProfilePath - c:\dokume~1\admini~1.pc-\anwend~1\mozilla\firefox\profiles\352funhm.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\programme\avira\antivir personaledition classic\avgio.sys [2008-11-6 11608]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer;c:\programme\avira\antivir personaledition classic\sched.exe [2008-11-6 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\programme\avira\antivir personaledition classic\avguard.exe [2008-11-6 151297]
R3 avgntflt;avgntflt;c:\programme\avira\antivir personaledition classic\avgntflt.sys [2008-11-6 52056]
S3 WPEServ;WPEServ;c:\programme\gemeinsame dateien\wpe\wpeserv.exe [2009-2-9 323584]
=============== Created Last 30 ================
2010-04-07 08:42:58 0 d-sha-r- C:\cmdcons
2010-04-07 08:41:52 98816 ----a-w- c:\windows\sed.exe
2010-04-07 08:41:52 77312 ----a-w- c:\windows\MBR.exe
2010-04-07 08:41:52 261632 ----a-w- c:\windows\PEV.exe
2010-04-07 08:41:52 161792 ----a-w- c:\windows\SWREG.exe
2010-03-30 07:57:48 0 d-----w- c:\dokume~1\admini~1.pc-\anwend~1\Lexware
2010-03-30 07:57:06 0 d-sh--w- c:\dokumente und einstellungen\administrator.pc-xxx\IETldCache
==================== Find3M ====================
2010-03-29 06:54:55 567222 ----a-w- c:\windows\system32\perfh007.dat
2010-03-29 06:54:55 127772 ----a-w- c:\windows\system32\perfc007.dat
============= FINISH: 10:52:50,67 ===============
Attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 06.11.2008 19:36:13
System Uptime: 04.07.2010 08:56:16 (-2110 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7125
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2010/201mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 19,951 GiB free.
D: is FIXED (NTFS) - 78 GiB total, 73,239 GiB free.
E: is FIXED (NTFS) - 32 GiB total, 19,789 GiB free.
F: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP283: 07.01.2010 10:55:14 - Systemprüfpunkt
RP284: 08.01.2010 13:38:42 - Systemprüfpunkt
RP285: 11.01.2010 12:34:56 - Systemprüfpunkt
RP286: 12.01.2010 13:40:05 - Systemprüfpunkt
RP287: 13.01.2010 15:16:55 - Systemprüfpunkt
RP288: 13.01.2010 17:46:18 - Software Distribution Service 3.0
RP289: 15.01.2010 10:01:14 - Systemprüfpunkt
RP290: 18.01.2010 10:40:19 - Systemprüfpunkt
RP291: 19.01.2010 14:03:17 - Systemprüfpunkt
RP292: 20.01.2010 14:20:59 - Systemprüfpunkt
RP293: 21.01.2010 15:30:55 - Systemprüfpunkt
RP294: 22.01.2010 17:14:09 - Software Distribution Service 3.0
RP295: 25.01.2010 10:43:21 - Systemprüfpunkt
RP296: 27.01.2010 12:34:57 - Systemprüfpunkt
RP297: 28.01.2010 13:21:55 - Systemprüfpunkt
RP298: 29.01.2010 13:49:28 - Systemprüfpunkt
RP299: 01.02.2010 13:15:57 - Systemprüfpunkt
RP300: 02.02.2010 14:11:57 - Systemprüfpunkt
RP301: 04.02.2010 14:11:06 - Systemprüfpunkt
RP302: 06.02.2010 16:06:12 - Systemprüfpunkt
RP303: 07.02.2010 16:41:18 - Systemprüfpunkt
RP304: 09.02.2010 13:53:00 - Systemprüfpunkt
RP305: 10.02.2010 15:14:57 - Systemprüfpunkt
RP306: 10.02.2010 18:34:29 - Software Distribution Service 3.0
RP307: 12.02.2010 15:48:09 - Systemprüfpunkt
RP308: 16.02.2010 12:49:02 - Systemprüfpunkt
RP309: 17.02.2010 13:46:39 - Systemprüfpunkt
RP310: 19.02.2010 13:47:46 - Systemprüfpunkt
RP311: 22.02.2010 14:21:19 - Systemprüfpunkt
RP312: 24.02.2010 13:44:03 - Systemprüfpunkt
RP313: 24.02.2010 14:38:03 - Software Distribution Service 3.0
RP314: 26.02.2010 13:29:07 - Systemprüfpunkt
RP315: 01.03.2010 13:02:22 - Systemprüfpunkt
RP316: 02.03.2010 13:59:28 - Systemprüfpunkt
RP317: 03.03.2010 14:15:56 - Systemprüfpunkt
RP318: 05.03.2010 12:33:24 - Systemprüfpunkt
RP319: 08.03.2010 08:34:49 - Systemprüfpunkt
RP320: 09.03.2010 11:16:25 - Systemprüfpunkt
RP321: 10.03.2010 13:09:23 - Systemprüfpunkt
RP322: 10.03.2010 17:18:05 - Software Distribution Service 3.0
RP323: 12.03.2010 13:06:11 - Systemprüfpunkt
RP324: 15.03.2010 12:25:45 - Systemprüfpunkt
RP325: 16.03.2010 13:54:32 - Systemprüfpunkt
RP326: 17.03.2010 16:28:46 - Systemprüfpunkt
RP327: 19.03.2010 13:55:03 - Systemprüfpunkt
RP328: 22.03.2010 14:11:03 - Systemprüfpunkt
RP329: 23.03.2010 17:38:15 - Systemprüfpunkt
RP330: 25.03.2010 13:56:42 - Systemprüfpunkt
RP331: 26.03.2010 14:02:35 - Systemprüfpunkt
RP332: 29.03.2010 12:06:04 - Systemprüfpunkt
RP333: 30.03.2010 12:17:48 - Systemprüfpunkt
RP334: 31.03.2010 13:13:39 - Systemprüfpunkt
RP335: 07.04.2010 09:35:46 - Systemprüfpunkt
==== Installed Programs ======================
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1 - Deutsch
AGFEO TK-ServiceProvider3 (x86)
AGFEO TK-Suite Basic 3
Avira AntiVir Personal - Free Antivirus
Brother P-touch Address Book 1.0
Brother P-touch Editor 4.2
Brother P-touch Software
Brother QL-Series User's Guide
Canon iP4500 series
CD-LabelPrint
Crystal Reports Basic for Visual Studio 2008
dakota.ag
DesignPro 5
EULANDA
EVEREST Home Edition v2.20
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GIMP 2.6.4
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
Hotfix for Windows XP (KB954550-v5)
Java(TM) 6 Update 11
Lexware financial office pro 2007 (Client)
Macromedia FreeHand MXa
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 SDK - DEU
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook 2003
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (German) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Game Studio 3.0
Microsoft XNA Game Studio 3.0 (ARP entry)
Microsoft XNA Game Studio 3.0 (devenv)
Microsoft XNA Game Studio 3.0 (Platformer)
Microsoft XNA Game Studio 3.0 (Redists)
Microsoft XNA Game Studio 3.0 (Shared Components)
Microsoft XNA Game Studio 3.0 (XnaLiveProxy)
Microsoft XNA Game Studio 3.0 Documentation
Microsoft XNA Game Studio Platform Tools
Mozilla Firefox (3.0.5)
MSXML 6.0 Parser
MusicMonster
NVIDIA Drivers
Paint.NET v3.36
PDF Genie 3.0
Realtek AC'97 Audio
Schattenkopieclient
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956390)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958215)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960714)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB963027)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969897)
Sicherheitsupdate für Windows XP (KB969898)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978706)
Softerra LDAP Administrator 2010.1
System Requirements Lab
TV3D SDK 6.5 Prerelease
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update für Windows Internet Explorer 8 (KB971930)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows XP (KB898461)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR
XML Paper Specification Shared Components Pack 1.0
==== End Of File ===========================
Hi,
Yes, Antivir can be updated at this point.
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.
I've updated my AntiVir.
Here is the requested log:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 3962
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
07.04.2010 13:15:21
mbam-log-2010-04-07 (13-15-21).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 179719
Laufzeit: 5 Minute(n), 37 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Adobe\Update\dlgcom.dat (Trojan.Riern) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
Good. Could you now post a fresh DDS log run under the user account that has the issues, please?
I logged in with the desired user and I recieved following error-message:
RUNDLL
Fehler beim Laden von C:\Dokumente und Einstellungen\xxx xxx\Anwendungsdaten\Adobe\Update\flacor.dat
Das angegebene Modul wurde nicht gefunden
DDS-Log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by xxx xxx at 13:43:29,25 on 07.04.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1528 [GMT 2:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
C:\Programme\AGFEO\Tk-Suite-Basic\tools\ctimon.exe
C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
C:\Dokumente und Einstellungen\xxx xxx\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://companyweb
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\programme\messenger\msmsgs.exe" /background
uRun: [Pardo] rundll32.exe "c:\dokumente und einstellungen\xxx xxx\anwendungsdaten\adobe\update\dlgcom.dat""
uRun: [Getdo] rundll32.exe "c:\dokumente und einstellungen\xxx xxx\anwendungsdaten\adobe\update\flacor.dat""
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [SunJavaUpdateSched] "c:\programme\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\programme\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\xxx~1\startm~1\progra~1\autost~1\onenot~1.lnk - c:\programme\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\lexwar~1.lnk - c:\programme\gemeinsame dateien\lexware\update manager\LxUpdateManager.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\tk-sui~1.lnk - c:\programme\agfeo\tk-suite-basic\tools\ctimon.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {722FE9B2-6895-42D9-9984-F4CB26616023} - {722FE9B2-6895-42D9-9984-F4CB26616023} - d:\programme\pdf genie\pdfshell.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {03FB35E0-4D3D-414C-B7B3-07DD449B363B} = 192.168.178.100,195.202.33.68
================= FIREFOX ===================
FF - ProfilePath - c:\dokume~1\xxx~1\anwend~1\mozilla\firefox\profiles\hg6yttp2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - plugin: c:\dokumente und einstellungen\xxx xxx\anwendungsdaten\move networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://www.yohoho.de http://188.40.70.210 http://blackbeard-yohoho.de
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2010-4-7 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2010-4-7 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2010-4-7 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-7 60936]
S3 WPEServ;WPEServ;c:\programme\gemeinsame dateien\wpe\wpeserv.exe [2009-2-9 323584]
=============== Created Last 30 ================
2010-04-07 11:40:56 0 d-----w- c:\dokume~1\xxx~1\anwend~1\Malwarebytes
2010-04-07 11:37:51 525824 ----a-w- C:\dds.scr
2010-04-07 11:00:19 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-07 11:00:15 0 d-----w- c:\programme\Avira
2010-04-07 11:00:15 0 d-----w- c:\dokume~1\alluse~1\anwend~1\Avira
2010-04-07 10:59:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 10:59:41 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 10:59:41 0 d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-04-07 10:59:41 0 d-----w- c:\dokume~1\alluse~1\anwend~1\Malwarebytes
2010-04-07 08:42:58 0 d-sha-r- C:\cmdcons
2010-04-07 08:41:52 98816 ----a-w- c:\windows\sed.exe
2010-04-07 08:41:52 77312 ----a-w- c:\windows\MBR.exe
2010-04-07 08:41:52 261632 ----a-w- c:\windows\PEV.exe
2010-04-07 08:41:52 161792 ----a-w- c:\windows\SWREG.exe
2010-03-24 11:11:52 0 d-----w- c:\dokume~1\xxx~1\anwend~1\Helper
2010-03-16 17:02:42 0 d-sh--w- c:\dokume~1\xxx~1\anwend~1\lowsec
==================== Find3M ====================
2010-03-29 06:54:55 567222 ----a-w- c:\windows\system32\perfh007.dat
2010-03-29 06:54:55 127772 ----a-w- c:\windows\system32\perfc007.dat
============= FINISH: 13:44:11,34 ===============
Attach-Log:
forum
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 06.11.2008 19:36:13
System Uptime: 04.07.2010 13:38:56 (-2112 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7125
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2010/201mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 19,777 GiB free.
D: is FIXED (NTFS) - 78 GiB total, 73,239 GiB free.
E: is FIXED (NTFS) - 32 GiB total, 19,789 GiB free.
F: is CDROM ()
N: is NetworkDisk (NTFS) - 124 GiB total, 122,883 GiB free.
T: is NetworkDisk (FAT32) - 233 GiB total, 230,341 GiB free.
U: is NetworkDisk (FAT32) - 233 GiB total, 230,341 GiB free.
V: is NetworkDisk (NTFS) - 124 GiB total, 122,883 GiB free.
W: is NetworkDisk (NTFS) - 195 GiB total, 194,964 GiB free.
X: is NetworkDisk (NTFS) - 37 GiB total, 20,614 GiB free.
Y: is NetworkDisk (NTFS) - 37 GiB total, 20,614 GiB free.
Z: is NetworkDisk (NTFS) - 37 GiB total, 20,614 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1 - Deutsch
AGFEO TK-ServiceProvider3 (x86)
AGFEO TK-Suite Basic 3
Avira AntiVir Personal - Free Antivirus
Brother P-touch Address Book 1.0
Brother P-touch Editor 4.2
Brother P-touch Software
Brother QL-Series User's Guide
Canon iP4500 series
CD-LabelPrint
Crystal Reports Basic for Visual Studio 2008
dakota.ag
DesignPro 5
EULANDA
EVEREST Home Edition v2.20
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GIMP 2.6.4
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
Hotfix for Windows XP (KB954550-v5)
Java(TM) 6 Update 11
Lexware financial office pro 2007 (Client)
Macromedia FreeHand MXa
Malwarebytes' Anti-Malware
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 SDK - DEU
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook 2003
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (German) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Game Studio 3.0
Microsoft XNA Game Studio 3.0 (ARP entry)
Microsoft XNA Game Studio 3.0 (devenv)
Microsoft XNA Game Studio 3.0 (Platformer)
Microsoft XNA Game Studio 3.0 (Redists)
Microsoft XNA Game Studio 3.0 (Shared Components)
Microsoft XNA Game Studio 3.0 (XnaLiveProxy)
Microsoft XNA Game Studio 3.0 Documentation
Microsoft XNA Game Studio Platform Tools
Move Media Player
Mozilla Firefox (3.0.5)
MSXML 6.0 Parser
MusicMonster
NVIDIA Drivers
Paint.NET v3.36
PDF Genie 3.0
Realtek AC'97 Audio
Schattenkopieclient
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956390)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958215)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960714)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB963027)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969897)
Sicherheitsupdate für Windows XP (KB969898)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978706)
Softerra LDAP Administrator 2010.1
System Requirements Lab
TV3D SDK 6.5 Prerelease
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update für Windows Internet Explorer 8 (KB971930)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows XP (KB898461)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR
XML Paper Specification Shared Components Pack 1.0
==== End Of File ===========================
Hi,
Please run ComboFix under this same account and post back its results.
I don't have the rights to run ComboFix with my infected user-account, so I tried to start it with an Admin-Account.
I get this message:
"CFScript Namensfehler"
Hast Du versucht, CFSkript auszuführen?
Der Name, CFSkript scheint nicht korrekt buchstabiert zu sein.
(Translation:
Did you try to run CFSkript?
The name CFSkript does not seem to be spelled correctly)
After this message ComboFix stops.
P.S. AntiVir is disabled
Ok. Please try to run Malwarebytes' Anti-Malware under that affected account and remove bad findings (quick scan). Let me know if it fails.
mbam-log:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3962
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
07.04.2010 14:34:22
mbam-log-2010-04-07 (14-34-22).txt
Scan type: Quick scan
Objects scanned: 101678
Time elapsed: 2 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pardo (Trojan.Riern) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\getdo (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hi again,
Uninstall old Adobe Reader versions and get the latest one (9.3 + update 9.3.1) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 19 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u19-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report & a fresh dds.txt log. How's the system running?
Hi, Kaspersky took really long ;)...
I updated everything as you told me and there is no error anymore when I'm logging in with my user. The sytems seems to run fine again.
Kaspersky-Log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, April 8, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, April 07, 2010 20:02:47
Records in database: 3918834
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
N:\
T:\
U:\
V:\
W:\
X:\
Y:\
Z:\
Scan statistics:
Objects scanned: 147158
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:45:05
No threats found. Scanned area is clean.
Selected area has been scanned.
DDS:
DDS (Ver_10-03-17.01) - NTFSx86
Run by xxx xxx at 12:09:35,06 on 08.04.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1435 [GMT 2:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
C:\Programme\AGFEO\Tk-Suite-Basic\tools\ctimon.exe
C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Java\jre6\bin\java.exe
C:\Dokumente und Einstellungen\xxx xxx\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://companyweb
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\programme\messenger\msmsgs.exe" /background
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRunOnce: [KB976002-v5] c:\windows\system32\browserchoice.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\xxx~1\startm~1\progra~1\autost~1\onenot~1.lnk - c:\programme\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\lexwar~1.lnk - c:\programme\gemeinsame dateien\lexware\update manager\LxUpdateManager.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\tk-sui~1.lnk - c:\programme\agfeo\tk-suite-basic\tools\ctimon.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {722FE9B2-6895-42D9-9984-F4CB26616023} - {722FE9B2-6895-42D9-9984-F4CB26616023} - d:\programme\pdf genie\pdfshell.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
TCP: {03FB35E0-4D3D-414C-B7B3-07DD449B363B} = 192.168.178.100,195.202.33.68
================= FIREFOX ===================
FF - ProfilePath - c:\dokume~1\xxx~1\anwend~1\mozilla\firefox\profiles\hg6yttp2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - plugin: c:\dokumente und einstellungen\xxx xxx\anwendungsdaten\move networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://www.yohoho.de http://188.40.70.210 http://blackbeard-yohoho.de
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2010-4-7 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2010-4-7 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2010-4-7 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-7 60936]
S3 WPEServ;WPEServ;c:\programme\gemeinsame dateien\wpe\wpeserv.exe [2009-2-9 323584]
=============== Created Last 30 ================
2010-04-07 15:16:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-07 12:08:20 0 d-----w- c:\dokume~1\xxx~1\anwend~1\Avira
2010-04-07 11:40:56 0 d-----w- c:\dokume~1\xxx~1\anwend~1\Malwarebytes
2010-04-07 11:37:51 525824 ----a-w- C:\dds.scr
2010-04-07 11:00:19 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-07 11:00:15 0 d-----w- c:\programme\Avira
2010-04-07 11:00:15 0 d-----w- c:\dokume~1\alluse~1\anwend~1\Avira
2010-04-07 10:59:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 10:59:41 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 10:59:41 0 d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-04-07 10:59:41 0 d-----w- c:\dokume~1\alluse~1\anwend~1\Malwarebytes
2010-04-07 08:42:58 0 d-sha-r- C:\cmdcons
2010-04-07 08:41:52 98816 ----a-w- c:\windows\sed.exe
2010-04-07 08:41:52 77312 ----a-w- c:\windows\MBR.exe
2010-04-07 08:41:52 261632 ----a-w- c:\windows\PEV.exe
2010-04-07 08:41:52 161792 ----a-w- c:\windows\SWREG.exe
2010-04-07 07:09:10 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-24 11:11:52 0 d-----w- c:\dokume~1\xxx~1\anwend~1\Helper
2010-03-16 17:02:42 0 d-sh--w- c:\dokume~1\xxx~1\anwend~1\lowsec
==================== Find3M ====================
2010-04-07 15:16:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-29 06:54:55 567222 ----a-w- c:\windows\system32\perfh007.dat
2010-03-29 06:54:55 127772 ----a-w- c:\windows\system32\perfc007.dat
2010-02-25 06:15:07 916480 ----a-w- c:\windows\system32\wininet.dll
============= FINISH: 12:10:05,18 ===============
Attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 06.11.2008 19:36:13
System Uptime: 04.08.2010 03:16:58 (-2823 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7125
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2010/201mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 19,93 GiB free.
D: is FIXED (NTFS) - 78 GiB total, 73,239 GiB free.
E: is FIXED (NTFS) - 32 GiB total, 19,789 GiB free.
F: is CDROM ()
N: is NetworkDisk (NTFS) - 124 GiB total, 122,883 GiB free.
T: is NetworkDisk (FAT32) - 233 GiB total, 230,34 GiB free.
U: is NetworkDisk (FAT32) - 233 GiB total, 230,34 GiB free.
V: is NetworkDisk (NTFS) - 124 GiB total, 122,883 GiB free.
W: is NetworkDisk (NTFS) - 195 GiB total, 194,964 GiB free.
X: is NetworkDisk (NTFS) - 37 GiB total, 20,614 GiB free.
Y: is NetworkDisk (NTFS) - 37 GiB total, 20,614 GiB free.
Z: is NetworkDisk (NTFS) - 37 GiB total, 20,614 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe Flash Player 10 Plugin
AGFEO TK-ServiceProvider3 (x86)
AGFEO TK-Suite Basic 3
Avira AntiVir Personal - Free Antivirus
Brother P-touch Address Book 1.0
Brother P-touch Editor 4.2
Brother P-touch Software
Brother QL-Series User's Guide
Canon iP4500 series
CD-LabelPrint
Crystal Reports Basic for Visual Studio 2008
dakota.ag
DesignPro 5
EULANDA
EVEREST Home Edition v2.20
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GIMP 2.6.4
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Java Auto Updater
Java(TM) 6 Update 19
Lexware financial office pro 2007 (Client)
Macromedia FreeHand MXa
Malwarebytes' Anti-Malware
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 SDK - DEU
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook 2003
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (German) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Game Studio 3.0
Microsoft XNA Game Studio 3.0 (ARP entry)
Microsoft XNA Game Studio 3.0 (devenv)
Microsoft XNA Game Studio 3.0 (Platformer)
Microsoft XNA Game Studio 3.0 (Redists)
Microsoft XNA Game Studio 3.0 (Shared Components)
Microsoft XNA Game Studio 3.0 (XnaLiveProxy)
Microsoft XNA Game Studio 3.0 Documentation
Microsoft XNA Game Studio Platform Tools
Move Media Player
Mozilla Firefox (3.0.5)
MSXML 6.0 Parser
MusicMonster
NVIDIA Drivers
Paint.NET v3.36
PDF Genie 3.0
Realtek AC'97 Audio
Schattenkopieclient
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956390)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958215)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960714)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB963027)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969897)
Sicherheitsupdate für Windows XP (KB969898)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978706)
Softerra LDAP Administrator 2010.1
System Requirements Lab
TV3D SDK 6.5 Prerelease
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update für Windows Internet Explorer 8 (KB971930)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows Internet Explorer 8 (KB980182)
Update für Windows XP (KB898461)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR
XML Paper Specification Shared Components Pack 1.0
==== End Of File ===========================
Good. Here're the final steps to follow :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Run Secunia vulnerability check here (http://secunia.com/vulnerability_scanning/online/) and fix its findings.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Hi :).
I've deleted the restore points, installed the hosts file and updated to firefox 3.6.
The systems seems to run fine now.
Thank you very very much for your help, from now on I'll keep my system updated on a regular base :).
Perhaps you can answer a few last questions:
We only use firefox. Does it make sense to install add-ons such as popup- or script-blogger? How can I make firefox more save in generally?
Can you point to a good tutorial for configurating a router firewall? I have to admit that our router-firewall was not enabled until now :(.
You're welcome :)
We only use firefox. Does it make sense to install add-ons such as popup- or script-blogger? How can I make firefox more save in generally?
Yes, it does makes sense to install a few handy addons. Adblock Plus (http://adblockplus.org/en/installation), WOT (http://www.mywot.com/en/download/ff) and NoScript (https://addons.mozilla.org/firefox/addon/722) are recommended addons for Firefox user.
Can you point to a good tutorial for configurating a router firewall? I have to admit that our router-firewall was not enabled until now :(
All routers have a little different configuration settings. I believe there isn't any general tutorial for configurating router firewall. Router manufacturer may have support forums where it's possible to ask about configurating.
Ok, I'll install these firefox add-ons and I'll try to configure the router ;).
Thanks again :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.