Solve : HELP!!! windows quick system eraser problem?

1.	Solve : HELP!!! windows quick system eraser problem?
Answer» hi, i need help since my computer is having problem with some program that activates with any computer start. it's called windows quick system eraser v.1 and it has following message "please wait till your system is complitely erased". there is an alarm sound activated too. i got scared each time and i do switch of my notebook immediately. i have done a malwarebyte scan in a safe modus and this is the scan result. unfortunately the problem is still existing. i don't know what to do. i receive also error messages. one of them is dwwin.exe and the rest i was not able to identify. this is my first scan in safe modus before i have joined this forum. later i have done all the steps that were sujested and below you will find the attachments as well as the full hijackthis scan. there was only one thing that i was not able to do - to remove ask toolbar. it was probably removed by malwarebyte. i have deleted manually the folder asksbar in program folder. i have belinea (maxdata) windows xp professional notebook. Malwarebytes' Anti-Malware 1.28 Datenbank Version: 1134 Windows 5.1.2600 Service Pack 3 15.09.2008 19:49:41 mbam-log-2008-09-15 (19-49-41).txt Scan-Methode: Vollständiger Scan (C:\\|) Durchsuchte Objekte: 151398 Laufzeit: 31 minute(s), 30 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 11 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Programme\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully. C:\Programme\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. HIJACKTHIS SCAN REPORT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:43:18, on 16.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe C:\Programme\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe C:\WINDOWS\boot32.exe C:\Programme\BitDefender\BitDefender 2009\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe C:\Programme\Vidalia Bundle\Tor\tor.exe C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\BitDefender\BitDefender 2009\seccenter.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\sniper.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Boot32] C:\WINDOWS\boot32.exe O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Vidalia] "C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Privoxy.lnk = C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: RESEARCH - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162468014625 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programme\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 8121 bytes [recovering disk space -- attachment deleted by admin]...............Disregard the previous post. Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE - O4 - HKLM\..\Run: [Boot32] C:\WINDOWS\boot32.exe Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Go to Start > Run and type notepad.exe then click OK Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code: [Select]REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run] "Alcmtr"=- "Boot32"=- Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to MERGE with the Registry. Run CCleaner and restart the computer. ---------- Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important:** Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.oh thank you so much. i have a question. i have bitdefender antivirus and firewall. how do i disable this one? and the same question is for malwarebyte and superantispyware.Just right click them in the system tray and choose to exit (or whatever term is used for them)ok here are the scans from comnofix ComboFix 08-09-15.02 - Elvira 2008-09-16 2:40:21.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.1551 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Elvira\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\Programme\autorun.inf C:\system.exe . ((((((((((((((((((((((( Dateien erstellt von 2008-08-16 bis 2008-09-16 )))))))))))))))))))))))))))))) . 2008-09-16 00:36 . 2008-09-16 00:36d--------C:\Programme\Trend Micro 2008-09-16 00:29 . 2008-09-16 00:29d--------C:\Programme\Sun 2008-09-15 22:50 . 2008-09-16 02:35d--------C:\Programme\SUPERAntiSpyware 2008-09-15 22:50 . 2008-09-16 02:35d--------C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\SUPERAntiSpyware.com 2008-09-15 22:50 . 2008-09-15 22:50d--------C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com 2008-09-15 22:26 . 2008-09-15 22:26d--------C:\Programme\CCleaner 2008-09-15 19:14 . 2008-09-16 02:34d--------C:\Programme\Malwarebytes' Anti-Malware 2008-09-15 19:14 . 2008-09-15 19:14d--------C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\Malwarebytes 2008-09-15 19:14 . 2008-09-15 19:14d--------C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-09-14 13:54 . 2008-09-14 13:54850--a------C:\Windows\system32\ProductTweaks.xml 2008-09-14 13:54 . 2008-09-14 13:54385--a------C:\Windows\system32\user_gensett.xml 2008-09-14 13:21 . 2008-09-14 13:21d--------C:\Programme\MSXML 4.0 2008-09-14 02:54 . 2008-09-14 02:54d--------C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\Uniblue 2008-09-14 00:26 . 2008-09-14 00:26d--------C:\Windows\system32\logs 2008-09-14 00:26 . 2008-09-14 00:26d--------C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\BitDefender 2008-09-14 00:26 . 2008-09-14 00:26d--------C:\Binaries 2008-09-14 00:25 . 2008-09-14 00:26d--------C:\Programme\BitDefender 2008-09-14 00:25 . 2008-09-14 00:27d--------C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender 2008-09-14 00:24 . 2008-09-14 00:26d--------C:\Programme\Gemeinsame Dateien\BitDefender 2008-09-13 22:00 . 2008-09-13 22:00d--------C:\8bf8871132766c1e6f2dd340 2008-09-13 19:13 . 2008-08-29 10:32646,184--a------C:\autoruns.exe 2008-09-13 19:13 . 2008-08-29 10:32540,712--a------C:\autorunsc.exe 2008-09-13 18:43 . 2008-09-13 18:43d--------C:\Programme\Enigma Software Group 2008-09-12 22:34 . 2008-09-12 22:3416,384--a------C:\Windows\~DFA40B.tmp 2008-09-12 22:23 . 2008-09-12 22:23d--------C:\Programme\Autodesk 2008-09-12 16:41 . 2008-09-07 02:2128,672--a------C:\Windows\boot32.exe 2008-09-12 16:37 . 2008-09-13 19:06d-a------C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2008-09-12 16:37 . 2008-09-12 16:370--a------C:\Windows\system32\MSWINSCK.OCX 2008-09-06 21:44 . 2004-03-29 17:2390,112--a------C:\Windows\unvise32.exe 2008-09-05 10:27 . 2008-09-06 11:45d--------C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\FrostWire 2008-09-05 10:26 . 2008-09-05 10:27d--------C:\Programme\FrostWire 2008-09-05 01:07 . 2008-09-06 21:55d--------C:\Programme\Gemeinsame Dateien\DAZ 2008-09-03 17:15 . 2008-09-03 17:27d--------C:\Programme\Photoshop 2008-08-26 12:27 . 2008-05-01 16:34331,776---------C:\Windows\system32\dllcache\msadce.dll 2008-08-26 12:26 . 2008-04-11 21:04691,712---------C:\Windows\system32\dllcache\inetcomm.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-16 00:23---------d-----wC:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\tor 2008-09-15 22:30---------d-----wC:\Programme\Java 2008-09-15 12:25---------d-----wC:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\Vidalia 2008-09-13 19:57---------d-----wC:\Programme\Panda Security 2008-09-13 19:57---------d-----wC:\Programme\Gemeinsame Dateien\Panda Software 2008-09-12 20:22---------d-----wC:\Programme\Gemeinsame Dateien\InstallShield 2008-09-10 18:01---------d-----wC:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2008-09-04 23:36---------d-----wC:\Programme\LimeWire 2008-09-04 09:09---------d-----wC:\Programme\Gemeinsame Dateien\Adobe 2008-09-02 15:14---------d-----wC:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\LimeWire 2008-08-28 22:17---------d-----wC:\Programme\Windows Live Safety Center 2008-08-22 08:18---------d-----wC:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\dvdcss 2008-08-14 16:54102,208----a-wC:\WINDOWS\system32\drivers\bdfndisf.sys 2008-08-12 16:40228,672----a-wC:\WINDOWS\system32\drivers\bdfsfltr.sys 2008-08-12 16:40108,864----a-wC:\WINDOWS\system32\drivers\bdfm.sys 2008-08-08 16:39---------d-----wC:\Programme\Vidalia Bundle 2008-08-08 12:517,333,664----a-wC:\Programme\Firefox Setup 3.0.1.exe 2008-08-01 23:06---------d-----wC:\Programme\PhotoScape 2008-07-31 20:48---------d-----wC:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\MSNInstaller 2008-07-20 16:56---------d-----wC:\Programme\Tor Browser 2008-07-18 20:1094,920----a-wC:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:1094,920----a-wC:\WINDOWS\system32\cdm.dll 2008-07-18 20:1053,448----a-wC:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:1053,448----a-wC:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:1045,768----a-wC:\WINDOWS\system32\wups2.dll 2008-07-18 20:1036,552----a-wC:\WINDOWS\system32\wups.dll 2008-07-18 20:1036,552----a-wC:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09563,912----a-wC:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09563,912----a-wC:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09325,832----a-wC:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09325,832----a-wC:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09205,000----a-wC:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09205,000----a-wC:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:091,811,656----a-wC:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:091,811,656----a-wC:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07270,880----a-wC:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07210,976----a-wC:\WINDOWS\system32\muweb.dll 2008-07-07 20:26253,952----a-wC:\WINDOWS\system32\es.dll 2008-07-07 20:26253,952------wC:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:4274,240----a-wC:\WINDOWS\system32\mscms.dll 2008-06-24 16:4274,240------wC:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:143,592,192------wC:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:2070,656------wC:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:20625,664------wC:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:2013,824------wC:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23161,792------wC:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:46247,296----a-wC:\WINDOWS\system32\mswsock.dll 2008-06-20 17:46247,296------wC:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:46147,968------wC:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51361,600------wC:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 11:40138,496------wC:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08225,856------wC:\WINDOWS\system32\dllcache\tcpip6.sys 2003-04-22 09:462,719,744------wC:\Programme\aiodrv.msi 2003-04-22 09:422,588,672------wC:\Programme\aiosw.msi 2003-04-22 09:23267----a-wC:\Programme\readme.html 2003-04-09 17:192,848----a-wC:\Programme\hpound08.inf 2003-04-09 17:1914,157----a-wC:\Programme\hpousc08.inf 2003-04-09 17:004,715----a-wC:\Programme\hpoglu08.inf 2003-04-09 17:002,889----a-wC:\Programme\hpousb08.inf 2003-03-20 15:2024,728----a-wC:\Programme\HPZipr12.cat 2003-03-20 15:2024,285----a-wC:\Programme\hposcu08.cat 2003-03-20 15:2022,523----a-wC:\Programme\HPZius12.cat 2003-03-20 15:2022,082----a-wC:\Programme\hpzist12.cat 2003-03-20 15:2022,082----a-wC:\Programme\HPZid412.cat 2003-03-20 15:2021,641----a-wC:\Programme\HPOunp08.cat 2003-03-20 15:20205,503----a-wC:\Programme\hpoprn08.cat 2003-03-09 20:3063,562----a-wC:\Programme\hposcu08.inf 2003-03-09 20:3051,266----a-wC:\Programme\hpoprn08.inf 2003-03-09 20:3033,952----a-wC:\Programme\hpzid412.inf 2003-03-09 20:303,898----a-wC:\Programme\hpounp08.inf 2003-03-09 20:303,667----a-wC:\Programme\hpzist12.inf 2003-03-09 20:30274,432----a-wC:\Programme\hpzglu07.exe 2003-03-09 20:30237,568----a-wC:\Programme\hpzc3212.dll 2003-03-09 20:3023,186----a-wC:\Programme\hpzcin06.ex_ 2003-03-09 20:30184,320----a-wC:\Programme\hpzscr07.dll 2003-03-09 20:3016,352----a-wC:\Programme\HPZUCI12.DLL 2003-03-09 20:3014,285----a-wC:\Programme\hpzius12.inf 2003-03-09 20:3010,325----a-wC:\Programme\hpzipr12.inf 2002-09-09 17:48458,752----a-wC:\Programme\tls704d.dll 2002-09-09 17:4822,608----a-wC:\Programme\usbprint.sys 2002-09-09 17:4812,288----a-wC:\Programme\usbmon.dll 2002-09-09 17:4770,656----a-wC:\Programme\msvcirt.dll 2002-09-09 17:4755,155----a-wC:\Programme\hpzusb00.sy_ 2002-09-09 17:475,705----a-wC:\Programme\hpzuci02.dl_ 2002-09-09 17:47254,005----a-wC:\Programme\msvcrt.dll 2002-09-09 17:4725,639----a-wC:\Programme\hpzpom04.dl_ 2002-09-09 17:47212,992----a-wC:\Programme\hpzpnp07.dll 2002-09-09 17:4652,552----a-wC:\Programme\hpziou01.dl_ 2002-09-09 17:4649,212----a-wC:\Programme\hpzjvp01.dll 2002-09-09 17:4646,017----a-wC:\Programme\hpzion00.sy_ 2002-09-09 17:46417,849----a-wC:\Programme\hpzjpp01.dll 2002-09-09 17:4628,722----a-wC:\Programme\hpzjlog.dll 2002-09-09 17:46249,913----a-wC:\Programme\hpzjut01.dll 2002-09-06 09:54995,383----a-wC:\Programme\MFC42.DLL 2003-01-13 09:59278,528------wC:\Programme\internet explorer\plugins\PanoViewer.dll 1999-04-30 15:0098,304------wC:\Programme\internet explorer\plugins\UPjpeg.dll 2008-05-09 19:3032,768--sha-wC:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008050920080510\index.dat . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . Hinweis leere Eintrage & legitime Standardeintrage werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "Vidalia"="C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe" [2008-08-03 3945620] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-22 8433664] "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "IAAnotif"="C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713] "Keyboard Manager Utility"="C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2007-08-02 4128768] "SMSERIAL"="C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Ulead AutoDetector v2"="C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 90112] "BDAgent"="C:\Programme\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-15 716800] "BitDefender Antiphishing Helper"="C:\Programme\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "nwiz"="nwiz.exe" [2007-05-22 C:\Windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\Windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\ hpoddt01.exe.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672] Privoxy.lnk - C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "SweetIM"=C:\Programme\Macrogaming\SweetIM\SweetIM.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programme\\Messenger\\msmsgs.exe"= "C:\\Programme\\MSN Messenger\\msnmsgr.exe"= "C:\\Programme\\MSN Messenger\\livecall.exe"= "C:\\Programme\\LimeWire\\LimeWire.exe"= "C:\\Programme\\FrostWire\\FrostWire.exe"= R2 BDVEDISK;BDVEDISK;C:\Programme\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568] R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 36608] R3 qkbfiltr;Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\qkbfiltr.sys [2007-02-01 33792] S3 Arrakis3;BitDefender Arrakis Server;C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdxREG_MULTI_SZ scan Newly Created Service - PROCEXP90 . Inhalt des "geplante Tasks" Ordners . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-RunOnce- - (no file) Notify-avldr - (no file) . ------- Zusätzlicher Scan ------- . FireFox -: Profile - C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\Mozilla\Firefox\Profiles\8ysqmy3s.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-16 02:43:33 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ********************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- Prozess: C:\WINDOWS\SYSTEM32\winlogon.exe -> C:\Programme\SUPERAntiSpyware\SASWINLO.dll . Zeit der Fertigstellung: 2008-09-16 2:44:23 ComboFix-quarantined-files.txt 2008-09-16 00:44:18 Pre-Run: 10 Verzeichnis(se), 127,487,578,112 Bytes frei Post-Run: 14 Verzeichnis(se), 127,497,596,928 Bytes frei 233--- E O F ---2008-09-14 11:21:58 and hijack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:47:34, on 16.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe C:\Programme\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe C:\Programme\BitDefender\BitDefender 2009\bdagent.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe C:\Programme\Vidalia Bundle\Tor\tor.exe C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\BitDefender\BitDefender 2009\seccenter.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Programme\Trend Micro\HijackThis\sniper.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Vidalia] "C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Privoxy.lnk = C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162468014625 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programme\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 7346 bytes Download OTMoveIt2 by OldTimerand save it to your Desktop. Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator. 1. Double-click OTMoveIt2.exe to run it. 2. Copy the lines in the codebox below. Code: [Select][kill explorer] C:\Windows\~DFA40B.tmp C:\Windows\boot32.exe EmptyTemp [start explorer] 3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste 4. Click the red Moveit! button. 5. Copy everything in the Results window (under the green bar) and paste it in your next reply. 6. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.i was immediatelly asked to reboot my computer and this message was shown after the restart. Explorer killed successfully C:\Windows\~DFA40B.tmp moved successfully. C:\Windows\boot32.exe moved successfully. < EmptyTemp > File delete failed. C:\DOKUME~1\Elvira\LOKALE~1\Temp\etilqs_UNTI0OwsDWD7ZCAbNDQm scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\tmp00000f88\tmp00000000 scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09162008_031212 Files moved on Reboot... File C:\DOKUME~1\Elvira\LOKALE~1\Temp\etilqs_UNTI0OwsDWD7ZCAbNDQm not found! File C:\WINDOWS\temp\tmp00000f88\tmp00000000 not found! Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. The above PROCEDURE will: Delete the following: ComboFix and its associated files and folders. Reset the clock SETTINGS. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. . ---------- How is everything now?combofix is uninstalled now. let me shut down my computer and start new. i'll reply you soon.i think that the problem with windows quick system eraser is solved now. it doesn't appear when i start the computer. i have checked this two times with shut down and once with restart. the only problem is that each time i woudl shut down the computer i receive an error message about dwwin.exe.Thats the Dr. Watson for Windows (Drwtsn32.exe) Tool - See here for more information http://support.microsoft.com/kb/308538 You might try seeing if something is needing to be updated. Use the Secunia Software Inspector Click Start Now Check the box next to Enable thorough system inspection. Click Start** Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. i have done the update also with windows update. from the info on the net dwwin.exe isn't a wild problem. the main problem is fixed. i can't thank you enough, i owe you so much! big cyber hug!!!!

Answer»

hi,

i need help since my computer is having problem with some program that activates with any computer start.
it's called windows quick system eraser v.1 and it has following message "please wait till your system is complitely erased". there is an alarm sound activated too.

i got scared each time and i do switch of my notebook immediately. i have done a malwarebyte scan in a safe modus and this is the scan result. unfortunately the problem is still existing. i don't know what to do.
i receive also error messages. one of them is dwwin.exe and the rest i was not able to identify.

this is my first scan in safe modus before i have joined this forum. later i have done all the steps that were sujested and below you will find the attachments as well as the full hijackthis scan. there was only one thing that i was not able to do - to remove ask toolbar. it was probably removed by malwarebyte. i have deleted manually the folder asksbar in program folder.

i have belinea (maxdata) windows xp professional notebook.

Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1134
Windows 5.1.2600 Service Pack 3

15.09.2008 19:49:41
mbam-log-2008-09-15 (19-49-41).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 151398
Laufzeit: 31 minute(s), 30 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\Programme\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

HIJACKTHIS SCAN REPORT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:43:18, on 16.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programme\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\boot32.exe
C:\Programme\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe
C:\Programme\Vidalia Bundle\Tor\tor.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\BitDefender\BitDefender 2009\seccenter.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H
O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Boot32] C:\WINDOWS\boot32.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: RESEARCH - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162468014625
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programme\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 8121 bytes

[recovering disk space -- attachment deleted by admin]...............Disregard the previous post.
Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
- O4 - HKLM\..\Run: [Boot32] C:\WINDOWS\boot32.exe

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"Alcmtr"=-
"Boot32"=-
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to MERGE with the Registry.

Run CCleaner and restart the computer.

----------

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.oh thank you so much. i have a question. i have bitdefender antivirus and firewall. how do i disable this one?

and the same question is for malwarebyte and superantispyware.Just right click them in the system tray and choose to exit (or whatever term is used for them)ok here are the scans from comnofix

ComboFix 08-09-15.02 - Elvira 2008-09-16 2:40:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.1551 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Elvira\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Programme\autorun.inf
C:\system.exe

.
((((((((((((((((((((((( Dateien erstellt von 2008-08-16 bis 2008-09-16 ))))))))))))))))))))))))))))))
.

2008-09-16 00:36 . 2008-09-16 00:36d--------C:\Programme\Trend Micro
2008-09-16 00:29 . 2008-09-16 00:29d--------C:\Programme\Sun
2008-09-15 22:50 . 2008-09-16 02:35d--------C:\Programme\SUPERAntiSpyware
2008-09-15 22:50 . 2008-09-16 02:35d--------C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\SUPERAntiSpyware.com
2008-09-15 22:50 . 2008-09-15 22:50d--------C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2008-09-15 22:26 . 2008-09-15 22:26d--------C:\Programme\CCleaner
2008-09-15 19:14 . 2008-09-16 02:34d--------C:\Programme\Malwarebytes' Anti-Malware
2008-09-15 19:14 . 2008-09-15 19:14d--------C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\Malwarebytes
2008-09-15 19:14 . 2008-09-15 19:14d--------C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-09-14 13:54 . 2008-09-14 13:54850--a------C:\Windows\system32\ProductTweaks.xml
2008-09-14 13:54 . 2008-09-14 13:54385--a------C:\Windows\system32\user_gensett.xml
2008-09-14 13:21 . 2008-09-14 13:21d--------C:\Programme\MSXML 4.0
2008-09-14 02:54 . 2008-09-14 02:54d--------C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\Uniblue
2008-09-14 00:26 . 2008-09-14 00:26d--------C:\Windows\system32\logs
2008-09-14 00:26 . 2008-09-14 00:26d--------C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\BitDefender
2008-09-14 00:26 . 2008-09-14 00:26d--------C:\Binaries
2008-09-14 00:25 . 2008-09-14 00:26d--------C:\Programme\BitDefender
2008-09-14 00:25 . 2008-09-14 00:27d--------C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender
2008-09-14 00:24 . 2008-09-14 00:26d--------C:\Programme\Gemeinsame Dateien\BitDefender
2008-09-13 22:00 . 2008-09-13 22:00d--------C:\8bf8871132766c1e6f2dd340
2008-09-13 19:13 . 2008-08-29 10:32646,184--a------C:\autoruns.exe
2008-09-13 19:13 . 2008-08-29 10:32540,712--a------C:\autorunsc.exe
2008-09-13 18:43 . 2008-09-13 18:43d--------C:\Programme\Enigma Software Group
2008-09-12 22:34 . 2008-09-12 22:3416,384--a------C:\Windows\~DFA40B.tmp
2008-09-12 22:23 . 2008-09-12 22:23d--------C:\Programme\Autodesk
2008-09-12 16:41 . 2008-09-07 02:2128,672--a------C:\Windows\boot32.exe
2008-09-12 16:37 . 2008-09-13 19:06d-a------C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-09-12 16:37 . 2008-09-12 16:370--a------C:\Windows\system32\MSWINSCK.OCX
2008-09-06 21:44 . 2004-03-29 17:2390,112--a------C:\Windows\unvise32.exe
2008-09-05 10:27 . 2008-09-06 11:45d--------C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\FrostWire
2008-09-05 10:26 . 2008-09-05 10:27d--------C:\Programme\FrostWire
2008-09-05 01:07 . 2008-09-06 21:55d--------C:\Programme\Gemeinsame Dateien\DAZ
2008-09-03 17:15 . 2008-09-03 17:27d--------C:\Programme\Photoshop
2008-08-26 12:27 . 2008-05-01 16:34331,776---------C:\Windows\system32\dllcache\msadce.dll
2008-08-26 12:26 . 2008-04-11 21:04691,712---------C:\Windows\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 00:23---------d-----wC:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\tor
2008-09-15 22:30---------d-----wC:\Programme\Java
2008-09-15 12:25---------d-----wC:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\Vidalia
2008-09-13 19:57---------d-----wC:\Programme\Panda Security
2008-09-13 19:57---------d-----wC:\Programme\Gemeinsame Dateien\Panda Software
2008-09-12 20:22---------d-----wC:\Programme\Gemeinsame Dateien\InstallShield
2008-09-10 18:01---------d-----wC:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-09-04 23:36---------d-----wC:\Programme\LimeWire
2008-09-04 09:09---------d-----wC:\Programme\Gemeinsame Dateien\Adobe
2008-09-02 15:14---------d-----wC:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\LimeWire
2008-08-28 22:17---------d-----wC:\Programme\Windows Live Safety Center
2008-08-22 08:18---------d-----wC:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\dvdcss
2008-08-14 16:54102,208----a-wC:\WINDOWS\system32\drivers\bdfndisf.sys
2008-08-12 16:40228,672----a-wC:\WINDOWS\system32\drivers\bdfsfltr.sys
2008-08-12 16:40108,864----a-wC:\WINDOWS\system32\drivers\bdfm.sys
2008-08-08 16:39---------d-----wC:\Programme\Vidalia Bundle
2008-08-08 12:517,333,664----a-wC:\Programme\Firefox Setup 3.0.1.exe
2008-08-01 23:06---------d-----wC:\Programme\PhotoScape
2008-07-31 20:48---------d-----wC:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\MSNInstaller
2008-07-20 16:56---------d-----wC:\Programme\Tor Browser
2008-07-18 20:1094,920----a-wC:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:1094,920----a-wC:\WINDOWS\system32\cdm.dll
2008-07-18 20:1053,448----a-wC:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:1053,448----a-wC:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:1045,768----a-wC:\WINDOWS\system32\wups2.dll
2008-07-18 20:1036,552----a-wC:\WINDOWS\system32\wups.dll
2008-07-18 20:1036,552----a-wC:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09563,912----a-wC:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09563,912----a-wC:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09325,832----a-wC:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09325,832----a-wC:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09205,000----a-wC:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09205,000----a-wC:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:091,811,656----a-wC:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:091,811,656----a-wC:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07270,880----a-wC:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07210,976----a-wC:\WINDOWS\system32\muweb.dll
2008-07-07 20:26253,952----a-wC:\WINDOWS\system32\es.dll
2008-07-07 20:26253,952------wC:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:4274,240----a-wC:\WINDOWS\system32\mscms.dll
2008-06-24 16:4274,240------wC:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:143,592,192------wC:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:2070,656------wC:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20625,664------wC:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:2013,824------wC:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23161,792------wC:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46247,296----a-wC:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46247,296------wC:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46147,968------wC:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51361,600------wC:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40138,496------wC:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08225,856------wC:\WINDOWS\system32\dllcache\tcpip6.sys
2003-04-22 09:462,719,744------wC:\Programme\aiodrv.msi
2003-04-22 09:422,588,672------wC:\Programme\aiosw.msi
2003-04-22 09:23267----a-wC:\Programme\readme.html
2003-04-09 17:192,848----a-wC:\Programme\hpound08.inf
2003-04-09 17:1914,157----a-wC:\Programme\hpousc08.inf
2003-04-09 17:004,715----a-wC:\Programme\hpoglu08.inf
2003-04-09 17:002,889----a-wC:\Programme\hpousb08.inf
2003-03-20 15:2024,728----a-wC:\Programme\HPZipr12.cat
2003-03-20 15:2024,285----a-wC:\Programme\hposcu08.cat
2003-03-20 15:2022,523----a-wC:\Programme\HPZius12.cat
2003-03-20 15:2022,082----a-wC:\Programme\hpzist12.cat
2003-03-20 15:2022,082----a-wC:\Programme\HPZid412.cat
2003-03-20 15:2021,641----a-wC:\Programme\HPOunp08.cat
2003-03-20 15:20205,503----a-wC:\Programme\hpoprn08.cat
2003-03-09 20:3063,562----a-wC:\Programme\hposcu08.inf
2003-03-09 20:3051,266----a-wC:\Programme\hpoprn08.inf
2003-03-09 20:3033,952----a-wC:\Programme\hpzid412.inf
2003-03-09 20:303,898----a-wC:\Programme\hpounp08.inf
2003-03-09 20:303,667----a-wC:\Programme\hpzist12.inf
2003-03-09 20:30274,432----a-wC:\Programme\hpzglu07.exe
2003-03-09 20:30237,568----a-wC:\Programme\hpzc3212.dll
2003-03-09 20:3023,186----a-wC:\Programme\hpzcin06.ex_
2003-03-09 20:30184,320----a-wC:\Programme\hpzscr07.dll
2003-03-09 20:3016,352----a-wC:\Programme\HPZUCI12.DLL
2003-03-09 20:3014,285----a-wC:\Programme\hpzius12.inf
2003-03-09 20:3010,325----a-wC:\Programme\hpzipr12.inf
2002-09-09 17:48458,752----a-wC:\Programme\tls704d.dll
2002-09-09 17:4822,608----a-wC:\Programme\usbprint.sys
2002-09-09 17:4812,288----a-wC:\Programme\usbmon.dll
2002-09-09 17:4770,656----a-wC:\Programme\msvcirt.dll
2002-09-09 17:4755,155----a-wC:\Programme\hpzusb00.sy_
2002-09-09 17:475,705----a-wC:\Programme\hpzuci02.dl_
2002-09-09 17:47254,005----a-wC:\Programme\msvcrt.dll
2002-09-09 17:4725,639----a-wC:\Programme\hpzpom04.dl_
2002-09-09 17:47212,992----a-wC:\Programme\hpzpnp07.dll
2002-09-09 17:4652,552----a-wC:\Programme\hpziou01.dl_
2002-09-09 17:4649,212----a-wC:\Programme\hpzjvp01.dll
2002-09-09 17:4646,017----a-wC:\Programme\hpzion00.sy_
2002-09-09 17:46417,849----a-wC:\Programme\hpzjpp01.dll
2002-09-09 17:4628,722----a-wC:\Programme\hpzjlog.dll
2002-09-09 17:46249,913----a-wC:\Programme\hpzjut01.dll
2002-09-06 09:54995,383----a-wC:\Programme\MFC42.DLL
2003-01-13 09:59278,528------wC:\Programme\internet explorer\plugins\PanoViewer.dll
1999-04-30 15:0098,304------wC:\Programme\internet explorer\plugins\UPjpeg.dll
2008-05-09 19:3032,768--sha-wC:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008050920080510\index.dat
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Vidalia"="C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe" [2008-08-03 3945620]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-22 8433664]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"IAAnotif"="C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"Keyboard Manager Utility"="C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2007-08-02 4128768]
"SMSERIAL"="C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Ulead AutoDetector v2"="C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 90112]
"BDAgent"="C:\Programme\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-15 716800]
"BitDefender Antiphishing Helper"="C:\Programme\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2007-05-22 C:\Windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\Windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
hpoddt01.exe.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]
Privoxy.lnk - C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SweetIM"=C:\Programme\Macrogaming\SweetIM\SweetIM.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programme\\MSN Messenger\\livecall.exe"=
"C:\\Programme\\LimeWire\\LimeWire.exe"=
"C:\\Programme\\FrostWire\\FrostWire.exe"=

R2 BDVEDISK;BDVEDISK;C:\Programme\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 36608]
R3 qkbfiltr;Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\qkbfiltr.sys [2007-02-01 33792]
S3 Arrakis3;BitDefender Arrakis Server;C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdxREG_MULTI_SZ scan

*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-RunOnce- - (no file)
Notify-avldr - (no file)

.
------- Zusätzlicher Scan -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\Mozilla\Firefox\Profiles\8ysqmy3s.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 02:43:33
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

Prozess: C:\WINDOWS\SYSTEM32\winlogon.exe
-> C:\Programme\SUPERAntiSpyware\SASWINLO.dll
.
Zeit der Fertigstellung: 2008-09-16 2:44:23
ComboFix-quarantined-files.txt 2008-09-16 00:44:18

Pre-Run: 10 Verzeichnis(se), 127,487,578,112 Bytes frei
Post-Run: 14 Verzeichnis(se), 127,497,596,928 Bytes frei

233--- E O F ---2008-09-14 11:21:58

and hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:47:34, on 16.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programme\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
C:\Programme\BitDefender\BitDefender 2009\bdagent.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe
C:\Programme\Vidalia Bundle\Tor\tor.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programme\Trend Micro\HijackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H
O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162468014625
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programme\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 7346 bytes
Download OTMoveIt2 by OldTimerand save it to your Desktop.

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

1. Double-click OTMoveIt2.exe to run it.
2. Copy the lines in the codebox below.

Code: [Select][kill explorer]
C:\Windows\~DFA40B.tmp
C:\Windows\boot32.exe
EmptyTemp
[start explorer]
3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste
4. Click the red Moveit! button.
5. Copy everything in the Results window (under the green bar) and paste it in your next reply.
6. Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.i was immediatelly asked to reboot my computer and this message was shown after the restart.

Explorer killed successfully
C:\Windows\~DFA40B.tmp moved successfully.
C:\Windows\boot32.exe moved successfully.
< EmptyTemp >
File delete failed. C:\DOKUME~1\Elvira\LOKALE~1\Temp\etilqs_UNTI0OwsDWD7ZCAbNDQm scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\tmp00000f88\tmp00000000 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09162008_031212

Files moved on Reboot...
File C:\DOKUME~1\Elvira\LOKALE~1\Temp\etilqs_UNTI0OwsDWD7ZCAbNDQm not found!
File C:\WINDOWS\temp\tmp00000f88\tmp00000000 not found!

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above PROCEDURE will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock SETTINGS.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
----------

How is everything now?combofix is uninstalled now. let me shut down my computer and start new. i'll reply you soon.i think that the problem with windows quick system eraser is solved now. it doesn't appear when i start the computer. i have checked this two times with shut down and once with restart.

the only problem is that each time i woudl shut down the computer i receive an error message about dwwin.exe.Thats the Dr. Watson for Windows (Drwtsn32.exe) Tool - See here for more information http://support.microsoft.com/kb/308538

You might try seeing if something is needing to be updated.

Use the Secunia Software Inspector

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

i have done the update also with windows update. from the info on the net dwwin.exe isn't a wild problem.

the main problem is fixed. i can't thank you enough, i owe you so much!

big cyber hug!!!!

Solve : HELP!!! windows quick system eraser problem?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment