Hi,
I have been able to help myself and friends with this forum before, but this time I cannot work it out just by reading previously written threads. My friend has a fake System Tool anti virus. It is preventing her from opening all files mentioned in the sticky:
http://www.daniweb.com/forums/thread134865.html
and she can't reboot.
What do I do now?
thank you very much
Jump to PostHi and welcome to the Daniweb forums :).
==========
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There …
Jump to PostThink you should be aware that you likely are NOT finished here.
Jump to PostYou didn't follow the instructions given by crunchie OR the instructions given in the Read Me Sticky. None of which say use Safe Mode. All say post the logs, you have posted no logs.
Cleaning in Safe mode sometimes IS necessary however once safe mode work is done logs still …
Hi and welcome to the Daniweb forums :).
==========
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following.
Now download and run exeHelper.
exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
=================================================================
Now, immediately try and run the tools from the sticky and post any logs from successful runs.
Thanks very much for the reply. In the end I managed to get into safe mode, downloaded Malwarebytes and all was fine.
Think you should be aware that you likely are NOT finished here.
Think you should be aware that you likely are NOT finished here.
I am not aware..?
You didn't follow the instructions given by crunchie OR the instructions given in the Read Me Sticky. None of which say use Safe Mode. All say post the logs, you have posted no logs.
Cleaning in Safe mode sometimes IS necessary however once safe mode work is done logs still need to be posted and then all the tools used in safe mode should again be updated and run again in normal mode. MBA-M especially is designed to be run in Normal mode as it doesn't scan all files in Safe mode. This is why rkill is the recommended way to be able to work fully in Normal Mode as it stops the infected processes which in turn are stopping the running of removal tools in normal mode.
You may very well have remaining infected files on there which will then regenerate themselves and bring back all the infection again.
Okay, I ran MBA-M again in normal mode, will post a log.
You need to post the log from Safe Mode also. That was the first one run and the one you say fixed everything. It fixed everything it could fix in safe mode but nobody knows what was fixed. In your very first post here you said:
I have been able to help myself and friends with this forum before, but this time I cannot work it out just by reading previously written threads.
and how were you able to do these things? By reading the information posted by others but you aren't offering others any help who may be reading by just saying
Thanks very much for the reply. In the end I managed to get into safe mode, downloaded Malwarebytes and all was fine.
There is no information for us or others which is one of the main reasons for the log requests, to help us, to help others and to help yourself. Those of us who help here need to see the logs to be sure, as you seem to think, that all was fine.
DDS (Ver_10-12-12.02) - NTFSx86
Run by Kunde at 19:05:21.70 on 08.02.2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2973.2238 [GMT 1:00]
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Programme\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
C:\Programme\Alwil Software\Avast5\avastUI.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\uTorrent\uTorrent.exe
svchost.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\Opera\opera.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
C:\Programme\iTunes\iTunes.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\distnoted.exe
C:\Dokumente und Einstellungen\Kunde\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentBar_DE Toolbar: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - c:\programme\utorrentbar_de\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programme\real\realplayer\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\programme\conduitengine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentBar_DE Toolbar: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - c:\programme\utorrentbar_de\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: uTorrentBar_DE Toolbar: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - c:\programme\utorrentbar_de\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\programme\conduitengine\ConduitEngine.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\programme\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
uRun: [uTorrent] "c:\programme\utorrent\uTorrent.exe"
uRun: [ICQ] "c:\programme\icq6.5\ICQ.exe" silent
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\programme\realtek\audio\drivers\AzMixerSel.exe
mRun: [RemoteControl] c:\programme\cyberlink\powerdvd\PDVDServ.exe
mRun: [Nikon Transfer Monitor] c:\programme\gemeinsame dateien\nikon\monitor\NkMonitor.exe
mRun: [TkBellExe] "c:\programme\gemeinsame dateien\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\programme\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\programme\itunes\iTunesHelper.exe"
IE: &Search
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\programme\icq7.2\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-25 294608]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-10-28 583128]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-25 17744]
R2 avast! Antivirus;avast! Antivirus;c:\programme\alwil software\avast5\AvastSvc.exe [2010-11-8 40384]
R2 MBAMService;MBAMService;c:\programme\malwarebytes' anti-malware\mbamservice.exe [2011-2-8 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-8 20952]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-10-9 23096]
=============== Created Last 30 ================
2011-02-08 10:48:28 -------- d-----w- c:\dokume~1\kunde\anwend~1\Malwarebytes
2011-02-08 10:48:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 10:48:19 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\Malwarebytes
2011-02-08 10:48:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-08 10:48:17 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-02-07 11:00:27 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\bBgKjPi08514
2011-01-29 14:41:36 -------- d-----w- c:\programme\iPod
2011-01-25 17:38:17 -------- d-----w- c:\programme\MSECache
==================== Find3M ====================
2010-12-31 20:06:36 38848 ----a-w- c:\windows\avastSS.scr
2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:41 86016 ----a-w- c:\windows\system32\isign32.dll
============= FINISH: 19:05:56.04 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 25.08.2009 23:04:23
System Uptime: 08.02.2011 14:03:17 (5 hours ago)
Motherboard: eMachines, Inc. | | Danube
Processor: Intel Pentium III Xeon-Prozessor | U2E1 | 1995/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 117 GiB total, 28.64 GiB free.
D: is FIXED (NTFS) - 116 GiB total, 115.207 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP174: 08.11.2010 09:56:35 - avast! Free Antivirus Setup
RP175: 11.11.2010 12:33:40 - Systemprüfpunkt
RP176: 12.11.2010 12:00:58 - Software Distribution Service 3.0
RP177: 13.11.2010 17:56:45 - Systemprüfpunkt
RP178: 15.11.2010 10:18:29 - Systemprüfpunkt
RP179: 17.11.2010 17:13:36 - Systemprüfpunkt
RP180: 20.11.2010 12:06:21 - Systemprüfpunkt
RP181: 21.11.2010 12:12:21 - Systemprüfpunkt
RP182: 24.11.2010 16:37:18 - Systemprüfpunkt
RP183: 25.11.2010 20:30:45 - Systemprüfpunkt
RP184: 04.12.2010 19:34:37 - Systemprüfpunkt
RP185: 07.12.2010 22:35:20 - Systemprüfpunkt
RP186: 13.12.2010 16:31:45 - Windows Internet Explorer 8 wurde installiert.
RP187: 13.12.2010 16:32:40 - Software Distribution Service 3.0
RP188: 14.12.2010 23:59:36 - Software Distribution Service 3.0
RP189: 16.12.2010 00:37:25 - Software Distribution Service 3.0
RP190: 17.12.2010 02:11:10 - Software Distribution Service 3.0
RP191: 18.12.2010 11:07:42 - Systemprüfpunkt
RP192: 19.12.2010 10:26:17 - Removed Opera 10.63.
RP193: 19.12.2010 10:26:42 - Installed Opera 11.00.
RP194: 21.12.2010 01:32:52 - Systemprüfpunkt
RP195: 25.12.2010 18:27:35 - Systemprüfpunkt
RP196: 27.12.2010 10:26:37 - Systemprüfpunkt
RP197: 28.12.2010 10:48:26 - Systemprüfpunkt
RP198: 30.12.2010 12:03:06 - Systemprüfpunkt
RP199: 01.01.2011 18:13:06 - Systemprüfpunkt
RP200: 04.01.2011 17:06:35 - Systemprüfpunkt
RP201: 06.01.2011 11:27:07 - Systemprüfpunkt
RP202: 07.01.2011 11:47:46 - Systemprüfpunkt
RP203: 13.01.2011 14:12:13 - Systemprüfpunkt
RP204: 14.01.2011 01:50:58 - Software Distribution Service 3.0
RP205: 17.01.2011 23:21:20 - Systemprüfpunkt
RP206: 20.01.2011 11:27:10 - Systemprüfpunkt
RP207: 22.01.2011 10:01:41 - Systemprüfpunkt
RP208: 23.01.2011 13:01:38 - Systemprüfpunkt
RP209: 25.01.2011 18:38:25 - Installed Compatibility Pack for the 2007 Office system
RP210: 26.01.2011 23:32:30 - Software Distribution Service 3.0
RP211: 28.01.2011 17:48:20 - Systemprüfpunkt
RP212: 29.01.2011 09:07:05 - Removed Opera 11.00.
RP213: 30.01.2011 17:37:30 - Systemprüfpunkt
RP214: 04.02.2011 19:39:57 - Systemprüfpunkt
RP215: 08.02.2011 16:14:35 - Systemprüfpunkt
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3 - Deutsch
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
µTorrent
avast! Free Antivirus
Bonjour
Broadcom Driver v4.170.25.12_Foxconn Installation Program
Compatibility Pack for the 2007 Office system
Conduit Engine
File Uploader
Free M4a to MP3 Converter 6.1
Hotfix für Windows XP (KB2158563)
Hotfix für Windows XP (KB2443685)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix für Windows XP (KB981793)
Hotfix for Windows XP (KB976002-v5)
ICQ7.2
ifolor Bestellsoftware 3.6
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Langenscheidt Grammatiktrainer 4.0 Englisch
lingDIALOG
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multicheck Junior, KV Online-Kurztest
Nikon Message Center
Nikon Transfer
OGA Notifier 2.0.0048.0
Opera 11.01
PowerDVD
ProtectDisc Helper Driver 10
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Red Light Center 3D Client
Segoe UI
Sicherheitsupdate für Windows Internet Explorer 7 (KB2183461)
Sicherheitsupdate für Windows Internet Explorer 7 (KB2360131)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)
Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 7 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 7 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 7 (KB978207)
Sicherheitsupdate für Windows Internet Explorer 7 (KB982381)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381)
Sicherheitsupdate für Windows Media Player (KB2378111)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB975558)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows Media Player (KB979402)
Sicherheitsupdate für Windows XP (KB2079403)
Sicherheitsupdate für Windows XP (KB2115168)
Sicherheitsupdate für Windows XP (KB2121546)
Sicherheitsupdate für Windows XP (KB2160329)
Sicherheitsupdate für Windows XP (KB2229593)
Sicherheitsupdate für Windows XP (KB2259922)
Sicherheitsupdate für Windows XP (KB2279986)
Sicherheitsupdate für Windows XP (KB2286198)
Sicherheitsupdate für Windows XP (KB2296011)
Sicherheitsupdate für Windows XP (KB2296199)
Sicherheitsupdate für Windows XP (KB2347290)
Sicherheitsupdate für Windows XP (KB2360937)
Sicherheitsupdate für Windows XP (KB2387149)
Sicherheitsupdate für Windows XP (KB2419632)
Sicherheitsupdate für Windows XP (KB2423089)
Sicherheitsupdate für Windows XP (KB2436673)
Sicherheitsupdate für Windows XP (KB2440591)
Sicherheitsupdate für Windows XP (KB2443105)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464-v2)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371-v2)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB971961)
Sicherheitsupdate für Windows XP (KB972260)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975562)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977816)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978338)
Sicherheitsupdate für Windows XP (KB978542)
Sicherheitsupdate für Windows XP (KB978601)
Sicherheitsupdate für Windows XP (KB978706)
Sicherheitsupdate für Windows XP (KB979309)
Sicherheitsupdate für Windows XP (KB979482)
Sicherheitsupdate für Windows XP (KB979559)
Sicherheitsupdate für Windows XP (KB979683)
Sicherheitsupdate für Windows XP (KB979687)
Sicherheitsupdate für Windows XP (KB980195)
Sicherheitsupdate für Windows XP (KB980218)
Sicherheitsupdate für Windows XP (KB980232)
Sicherheitsupdate für Windows XP (KB980436)
Sicherheitsupdate für Windows XP (KB981322)
Sicherheitsupdate für Windows XP (KB981349)
Sicherheitsupdate für Windows XP (KB981852)
Sicherheitsupdate für Windows XP (KB981957)
Sicherheitsupdate für Windows XP (KB981997)
Sicherheitsupdate für Windows XP (KB982132)
Sicherheitsupdate für Windows XP (KB982214)
Sicherheitsupdate für Windows XP (KB982665)
Sicherheitsupdate für Windows XP (KB982802)
Skype web features
Skype™ 5.1
Spelling Dictionaries Support For Adobe Reader 9
ToolBook Neuron
Update für Windows Internet Explorer 7 (KB976749)
Update für Windows Internet Explorer 7 (KB980182)
Update für Windows Internet Explorer 8 (KB2447568)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows XP (KB2141007)
Update für Windows XP (KB2345886)
Update für Windows XP (KB2467659)
Update für Windows XP (KB898461)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB955839)
Update für Windows XP (KB961503)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
uTorrentBar_DE Toolbar
VLC media player 1.0.5
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
WinRAR archiver
==== End Of File ===========================
Right here are two items RUNNING and are clearly not allowed if you want to clean a computer here:
C:\Programme\uTorrent\uTorrent.exe
BHO: uTorrentBar_DE Toolbar: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - c:\programme\utorrentbar_de\tbuTor.dll
Please note the very first thing stated by PhilliePhan in the Read Me Sticky
1A – Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this:
P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.