Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1] 2  All   Go Down

Author Topic: HELP!!! windows quick system eraser problem  (Read 12234 times)

0 Members and 1 Guest are viewing this topic.

ephemeridos

    Topic Starter


    Beginner

    HELP!!! windows quick system eraser problem
    « on: September 15, 2008, 05:00:55 PM »
    hi,

    i need help since my computer is having problem with some program that activates with any computer start.
    it's called windows quick system eraser v.1 and it has following message "please wait till your system is complitely erased". there is an alarm sound activated too.

    i got scared each time and i do switch of my notebook immediately. i have done a malwarebyte scan in a safe modus and this is the scan result. unfortunately the problem is still existing. i don't know what to do.
    i receive also error messages. one of them is dwwin.exe and the rest i was not able to identify.

    this is my first scan in safe modus before i have joined this forum. later i have done all the steps that were sujested and below you will find the attachments as well as the full hijackthis scan. there was only one thing that i was not able to do - to remove ask toolbar. it was probably removed by malwarebyte. i have deleted manually the folder asksbar in program folder.

    i have belinea (maxdata) windows xp professional notebook.

    Malwarebytes' Anti-Malware 1.28
    Datenbank Version: 1134
    Windows 5.1.2600 Service Pack 3

    15.09.2008 19:49:41
    mbam-log-2008-09-15 (19-49-41).txt

    Scan-Methode: Vollständiger Scan (C:\|)
    Durchsuchte Objekte: 151398
    Laufzeit: 31 minute(s), 30 second(s)

    Infizierte Speicherprozesse: 0
    Infizierte Speichermodule: 0
    Infizierte Registrierungsschlüssel: 11
    Infizierte Registrierungswerte: 2
    Infizierte Dateiobjekte der Registrierung: 0
    Infizierte Verzeichnisse: 0
    Infizierte Dateien: 6

    Infizierte Speicherprozesse:
    (Keine bösartigen Objekte gefunden)

    Infizierte Speichermodule:
    (Keine bösartigen Objekte gefunden)

    Infizierte Registrierungsschlüssel:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Infizierte Registrierungswerte:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

    Infizierte Dateiobjekte der Registrierung:
    (Keine bösartigen Objekte gefunden)

    Infizierte Verzeichnisse:
    (Keine bösartigen Objekte gefunden)

    Infizierte Dateien:
    C:\Programme\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Programme\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
    C:\Programme\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Programme\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Programme\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

    HIJACKTHIS SCAN REPORT

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:43:18, on 16.09.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Programme\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe
    C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
    C:\WINDOWS\boot32.exe
    C:\Programme\BitDefender\BitDefender 2009\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe
    C:\Programme\Vidalia Bundle\Tor\tor.exe
    C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\BitDefender\BitDefender 2009\seccenter.exe
    C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\Programme\Trend Micro\HijackThis\sniper.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H
    O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [Boot32] C:\WINDOWS\boot32.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2009\IEShow.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Vidalia] "C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Privoxy.lnk = C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162468014625
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programme\BitDefender\BitDefender 2009\vsserv.exe

    --
    End of file - 8121 bytes


    [recovering disk space -- attachment deleted by admin]
    Logged

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: HELP!!! windows quick system eraser problem
    « Reply #1 on: September 15, 2008, 05:42:23 PM »
    ...............
    « Last Edit: September 15, 2008, 05:52:29 PM by evilfantasy »
    Logged

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: HELP!!! windows quick system eraser problem
    « Reply #2 on: September 15, 2008, 05:52:52 PM »
    Disregard the previous post.
    Logged

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: HELP!!! windows quick system eraser problem
    « Reply #3 on: September 15, 2008, 05:54:07 PM »
    Open HijackThis and select Do a system scan only.

    Place a check mark next to the following entries: (if there)

    - O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    - O4 - HKLM\..\Run: [Boot32] C:\WINDOWS\boot32.exe

    Important: Close all windows except for HijackThis and then click Fix checked.

    Exit HijackThis.

    ----------

    Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

    Go to Start > Run and type notepad.exe then click OK

    Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

    Code: [Select]
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
    "Alcmtr"=-
    "Boot32"=-
    Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

    Run CCleaner and restart the computer.

    ----------

    Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

    Link #1
    Link #2

    **Note:  It is important that it is saved directly to your Desktop

    Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

    Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
     
    Double click combofix.exe & follow the prompts.
    When finished ComboFix will produce a log for you.
    Post the ComboFix log and a new HijackThis log in your next reply.

    Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

    Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
    Logged

    ephemeridos

      Topic Starter


      Beginner

      Re: HELP!!! windows quick system eraser problem
      « Reply #4 on: September 15, 2008, 06:02:33 PM »
      oh thank you so much. i have a question. i have bitdefender antivirus and firewall. how do i disable this one?

      and the same question is for malwarebyte and superantispyware.
      Logged

      evilfantasy

      • Malware Removal Specialist
      • Moderator


        • Genius
      • Calm like a bomb
        • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: HELP!!! windows quick system eraser problem
      « Reply #5 on: September 15, 2008, 06:12:20 PM »
      Just right click them in the system tray and choose to exit (or whatever term is used for them)
      Logged

      ephemeridos

        Topic Starter


        Beginner

        Re: HELP!!! windows quick system eraser problem
        « Reply #6 on: September 15, 2008, 06:50:38 PM »
        ok here are the scans from comnofix

        ComboFix 08-09-15.02 - Elvira 2008-09-16  2:40:21.1 - NTFSx86
        Microsoft Windows XP Professional  5.1.2600.3.1252.1.1031.18.1551 [GMT 2:00]
        ausgeführt von:: C:\Dokumente und Einstellungen\Elvira\Desktop\ComboFix.exe
         * Neuer Wiederherstellungspunkt wurde erstellt

        Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
        .

        ((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\Autorun.inf
        C:\Programme\autorun.inf
        C:\system.exe

        .
        (((((((((((((((((((((((   Dateien erstellt von 2008-08-16 bis 2008-09-16  ))))))))))))))))))))))))))))))
        .

        2008-09-16 00:36 . 2008-09-16 00:36   <DIR>   d--------   C:\Programme\Trend Micro
        2008-09-16 00:29 . 2008-09-16 00:29   <DIR>   d--------   C:\Programme\Sun
        2008-09-15 22:50 . 2008-09-16 02:35   <DIR>   d--------   C:\Programme\SUPERAntiSpyware
        2008-09-15 22:50 . 2008-09-16 02:35   <DIR>   d--------   C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\SUPERAntiSpyware.com
        2008-09-15 22:50 . 2008-09-15 22:50   <DIR>   d--------   C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
        2008-09-15 22:26 . 2008-09-15 22:26   <DIR>   d--------   C:\Programme\CCleaner
        2008-09-15 19:14 . 2008-09-16 02:34   <DIR>   d--------   C:\Programme\Malwarebytes' Anti-Malware
        2008-09-15 19:14 . 2008-09-15 19:14   <DIR>   d--------   C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\Malwarebytes
        2008-09-15 19:14 . 2008-09-15 19:14   <DIR>   d--------   C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
        2008-09-14 13:54 . 2008-09-14 13:54   850   --a------   C:\Windows\system32\ProductTweaks.xml
        2008-09-14 13:54 . 2008-09-14 13:54   385   --a------   C:\Windows\system32\user_gensett.xml
        2008-09-14 13:21 . 2008-09-14 13:21   <DIR>   d--------   C:\Programme\MSXML 4.0
        2008-09-14 02:54 . 2008-09-14 02:54   <DIR>   d--------   C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\Uniblue
        2008-09-14 00:26 . 2008-09-14 00:26   <DIR>   d--------   C:\Windows\system32\logs
        2008-09-14 00:26 . 2008-09-14 00:26   <DIR>   d--------   C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\BitDefender
        2008-09-14 00:26 . 2008-09-14 00:26   <DIR>   d--------   C:\Binaries
        2008-09-14 00:25 . 2008-09-14 00:26   <DIR>   d--------   C:\Programme\BitDefender
        2008-09-14 00:25 . 2008-09-14 00:27   <DIR>   d--------   C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender
        2008-09-14 00:24 . 2008-09-14 00:26   <DIR>   d--------   C:\Programme\Gemeinsame Dateien\BitDefender
        2008-09-13 22:00 . 2008-09-13 22:00   <DIR>   d--------   C:\8bf8871132766c1e6f2dd340
        2008-09-13 19:13 . 2008-08-29 10:32   646,184   --a------   C:\autoruns.exe
        2008-09-13 19:13 . 2008-08-29 10:32   540,712   --a------   C:\autorunsc.exe
        2008-09-13 18:43 . 2008-09-13 18:43   <DIR>   d--------   C:\Programme\Enigma Software Group
        2008-09-12 22:34 . 2008-09-12 22:34   16,384   --a------   C:\Windows\~DFA40B.tmp
        2008-09-12 22:23 . 2008-09-12 22:23   <DIR>   d--------   C:\Programme\Autodesk
        2008-09-12 16:41 . 2008-09-07 02:21   28,672   --a------   C:\Windows\boot32.exe
        2008-09-12 16:37 . 2008-09-13 19:06   <DIR>   d-a------   C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
        2008-09-12 16:37 . 2008-09-12 16:37   0   --a------   C:\Windows\system32\MSWINSCK.OCX
        2008-09-06 21:44 . 2004-03-29 17:23   90,112   --a------   C:\Windows\unvise32.exe
        2008-09-05 10:27 . 2008-09-06 11:45   <DIR>   d--------   C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\FrostWire
        2008-09-05 10:26 . 2008-09-05 10:27   <DIR>   d--------   C:\Programme\FrostWire
        2008-09-05 01:07 . 2008-09-06 21:55   <DIR>   d--------   C:\Programme\Gemeinsame Dateien\DAZ
        2008-09-03 17:15 . 2008-09-03 17:27   <DIR>   d--------   C:\Programme\Photoshop
        2008-08-26 12:27 . 2008-05-01 16:34   331,776   ---------   C:\Windows\system32\dllcache\msadce.dll
        2008-08-26 12:26 . 2008-04-11 21:04   691,712   ---------   C:\Windows\system32\dllcache\inetcomm.dll

        .
        ((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-09-16 00:23   ---------   d-----w   C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\tor
        2008-09-15 22:30   ---------   d-----w   C:\Programme\Java
        2008-09-15 12:25   ---------   d-----w   C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\Vidalia
        2008-09-13 19:57   ---------   d-----w   C:\Programme\Panda Security
        2008-09-13 19:57   ---------   d-----w   C:\Programme\Gemeinsame Dateien\Panda Software
        2008-09-12 20:22   ---------   d-----w   C:\Programme\Gemeinsame Dateien\InstallShield
        2008-09-10 18:01   ---------   d-----w   C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
        2008-09-04 23:36   ---------   d-----w   C:\Programme\LimeWire
        2008-09-04 09:09   ---------   d-----w   C:\Programme\Gemeinsame Dateien\Adobe
        2008-09-02 15:14   ---------   d-----w   C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\LimeWire
        2008-08-28 22:17   ---------   d-----w   C:\Programme\Windows Live Safety Center
        2008-08-22 08:18   ---------   d-----w   C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\dvdcss
        2008-08-14 16:54   102,208   ----a-w   C:\WINDOWS\system32\drivers\bdfndisf.sys
        2008-08-12 16:40   228,672   ----a-w   C:\WINDOWS\system32\drivers\bdfsfltr.sys
        2008-08-12 16:40   108,864   ----a-w   C:\WINDOWS\system32\drivers\bdfm.sys
        2008-08-08 16:39   ---------   d-----w   C:\Programme\Vidalia Bundle
        2008-08-08 12:51   7,333,664   ----a-w   C:\Programme\Firefox Setup 3.0.1.exe
        2008-08-01 23:06   ---------   d-----w   C:\Programme\PhotoScape
        2008-07-31 20:48   ---------   d-----w   C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\MSNInstaller
        2008-07-20 16:56   ---------   d-----w   C:\Programme\Tor Browser
        2008-07-18 20:10   94,920   ----a-w   C:\WINDOWS\system32\dllcache\cdm.dll
        2008-07-18 20:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
        2008-07-18 20:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
        2008-07-18 20:10   53,448   ----a-w   C:\WINDOWS\system32\dllcache\wuauclt.exe
        2008-07-18 20:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
        2008-07-18 20:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
        2008-07-18 20:10   36,552   ----a-w   C:\WINDOWS\system32\dllcache\wups.dll
        2008-07-18 20:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
        2008-07-18 20:09   563,912   ----a-w   C:\WINDOWS\system32\dllcache\wuapi.dll
        2008-07-18 20:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
        2008-07-18 20:09   325,832   ----a-w   C:\WINDOWS\system32\dllcache\wucltui.dll
        2008-07-18 20:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
        2008-07-18 20:09   205,000   ----a-w   C:\WINDOWS\system32\dllcache\wuweb.dll
        2008-07-18 20:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
        2008-07-18 20:09   1,811,656   ----a-w   C:\WINDOWS\system32\dllcache\wuaueng.dll
        2008-07-18 20:07   270,880   ----a-w   C:\WINDOWS\system32\mucltui.dll
        2008-07-18 20:07   210,976   ----a-w   C:\WINDOWS\system32\muweb.dll
        2008-07-07 20:26   253,952   ----a-w   C:\WINDOWS\system32\es.dll
        2008-07-07 20:26   253,952   ------w   C:\WINDOWS\system32\dllcache\es.dll
        2008-06-24 16:42   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
        2008-06-24 16:42   74,240   ------w   C:\WINDOWS\system32\dllcache\mscms.dll
        2008-06-24 08:14   3,592,192   ------w   C:\WINDOWS\system32\dllcache\mshtml.dll
        2008-06-23 09:20   70,656   ------w   C:\WINDOWS\system32\dllcache\ie4uinit.exe
        2008-06-23 09:20   625,664   ------w   C:\WINDOWS\system32\dllcache\iexplore.exe
        2008-06-23 09:20   13,824   ------w   C:\WINDOWS\system32\dllcache\ieudinit.exe
        2008-06-21 05:23   161,792   ------w   C:\WINDOWS\system32\dllcache\ieakui.dll
        2008-06-20 17:46   247,296   ----a-w   C:\WINDOWS\system32\mswsock.dll
        2008-06-20 17:46   247,296   ------w   C:\WINDOWS\system32\dllcache\mswsock.dll
        2008-06-20 17:46   147,968   ------w   C:\WINDOWS\system32\dllcache\dnsapi.dll
        2008-06-20 11:51   361,600   ------w   C:\WINDOWS\system32\dllcache\tcpip.sys
        2008-06-20 11:40   138,496   ------w   C:\WINDOWS\system32\dllcache\afd.sys
        2008-06-20 11:08   225,856   ------w   C:\WINDOWS\system32\dllcache\tcpip6.sys
        2003-04-22 09:46   2,719,744   ------w   C:\Programme\aiodrv.msi
        2003-04-22 09:42   2,588,672   ------w   C:\Programme\aiosw.msi
        2003-04-22 09:23   267   ----a-w   C:\Programme\readme.html
        2003-04-09 17:19   2,848   ----a-w   C:\Programme\hpound08.inf
        2003-04-09 17:19   14,157   ----a-w   C:\Programme\hpousc08.inf
        2003-04-09 17:00   4,715   ----a-w   C:\Programme\hpoglu08.inf
        2003-04-09 17:00   2,889   ----a-w   C:\Programme\hpousb08.inf
        2003-03-20 15:20   24,728   ----a-w   C:\Programme\HPZipr12.cat
        2003-03-20 15:20   24,285   ----a-w   C:\Programme\hposcu08.cat
        2003-03-20 15:20   22,523   ----a-w   C:\Programme\HPZius12.cat
        2003-03-20 15:20   22,082   ----a-w   C:\Programme\hpzist12.cat
        2003-03-20 15:20   22,082   ----a-w   C:\Programme\HPZid412.cat
        2003-03-20 15:20   21,641   ----a-w   C:\Programme\HPOunp08.cat
        2003-03-20 15:20   205,503   ----a-w   C:\Programme\hpoprn08.cat
        2003-03-09 20:30   63,562   ----a-w   C:\Programme\hposcu08.inf
        2003-03-09 20:30   51,266   ----a-w   C:\Programme\hpoprn08.inf
        2003-03-09 20:30   33,952   ----a-w   C:\Programme\hpzid412.inf
        2003-03-09 20:30   3,898   ----a-w   C:\Programme\hpounp08.inf
        2003-03-09 20:30   3,667   ----a-w   C:\Programme\hpzist12.inf
        2003-03-09 20:30   274,432   ----a-w   C:\Programme\hpzglu07.exe
        2003-03-09 20:30   237,568   ----a-w   C:\Programme\hpzc3212.dll
        2003-03-09 20:30   23,186   ----a-w   C:\Programme\hpzcin06.ex_
        2003-03-09 20:30   184,320   ----a-w   C:\Programme\hpzscr07.dll
        2003-03-09 20:30   16,352   ----a-w   C:\Programme\HPZUCI12.DLL
        2003-03-09 20:30   14,285   ----a-w   C:\Programme\hpzius12.inf
        2003-03-09 20:30   10,325   ----a-w   C:\Programme\hpzipr12.inf
        2002-09-09 17:48   458,752   ----a-w   C:\Programme\tls704d.dll
        2002-09-09 17:48   22,608   ----a-w   C:\Programme\usbprint.sys
        2002-09-09 17:48   12,288   ----a-w   C:\Programme\usbmon.dll
        2002-09-09 17:47   70,656   ----a-w   C:\Programme\msvcirt.dll
        2002-09-09 17:47   55,155   ----a-w   C:\Programme\hpzusb00.sy_
        2002-09-09 17:47   5,705   ----a-w   C:\Programme\hpzuci02.dl_
        2002-09-09 17:47   254,005   ----a-w   C:\Programme\msvcrt.dll
        2002-09-09 17:47   25,639   ----a-w   C:\Programme\hpzpom04.dl_
        2002-09-09 17:47   212,992   ----a-w   C:\Programme\hpzpnp07.dll
        2002-09-09 17:46   52,552   ----a-w   C:\Programme\hpziou01.dl_
        2002-09-09 17:46   49,212   ----a-w   C:\Programme\hpzjvp01.dll
        2002-09-09 17:46   46,017   ----a-w   C:\Programme\hpzion00.sy_
        2002-09-09 17:46   417,849   ----a-w   C:\Programme\hpzjpp01.dll
        2002-09-09 17:46   28,722   ----a-w   C:\Programme\hpzjlog.dll
        2002-09-09 17:46   249,913   ----a-w   C:\Programme\hpzjut01.dll
        2002-09-06 09:54   995,383   ----a-w   C:\Programme\MFC42.DLL
        2003-01-13 09:59   278,528   ------w   C:\Programme\internet explorer\plugins\PanoViewer.dll
        1999-04-30 15:00   98,304   ------w   C:\Programme\internet explorer\plugins\UPjpeg.dll
        2008-05-09 19:30   32,768   --sha-w   C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008050920080510\index.dat
        .

        ((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
        "Vidalia"="C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe" [2008-08-03 3945620]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-22 8433664]
        "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
        "IAAnotif"="C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
        "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
        "Keyboard Manager Utility"="C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2007-08-02 4128768]
        "SMSERIAL"="C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
        "RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
        "Ulead AutoDetector v2"="C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 90112]
        "BDAgent"="C:\Programme\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-15 716800]
        "BitDefender Antiphishing Helper"="C:\Programme\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
        "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
        "nwiz"="nwiz.exe" [2007-05-22 C:\Windows\system32\nwiz.exe]
        "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\Windows\RTHDCPL.EXE]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

        C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
        hpoddt01.exe.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]
        Privoxy.lnk - C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
        "SweetIM"=C:\Programme\Macrogaming\SweetIM\SweetIM.exe

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
        "C:\\Programme\\Messenger\\msmsgs.exe"=
        "C:\\Programme\\MSN Messenger\\msnmsgr.exe"=
        "C:\\Programme\\MSN Messenger\\livecall.exe"=
        "C:\\Programme\\LimeWire\\LimeWire.exe"=
        "C:\\Programme\\FrostWire\\FrostWire.exe"=

        R2 BDVEDISK;BDVEDISK;C:\Programme\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
        R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]
        R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
        R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 36608]
        R3 qkbfiltr;Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\qkbfiltr.sys [2007-02-01 33792]
        S3 Arrakis3;BitDefender Arrakis Server;C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        bdx   REG_MULTI_SZ      scan

        *Newly Created Service* - PROCEXP90
        .
        Inhalt des "geplante Tasks" Ordners
        .
        - - - - Entfernte verwaiste Registrierungseinträge - - - -

        HKLM-RunOnce-<NO NAME> - (no file)
        Notify-avldr - (no file)


        .
        ------- Zusätzlicher Scan -------
        .
        FireFox -: Profile - C:\Dokumente und Einstellungen\Elvira\Anwendungsdaten\Mozilla\Firefox\Profiles\8ysqmy3s.default\
        FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com
        FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
        FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
        FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
        .

        **************************************************************************

        catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-09-16 02:43:33
        Windows 5.1.2600 Service Pack 3 NTFS

        Scanne versteckte Prozesse...

        Scanne versteckte Autostart Einträge...

        Scanne versteckte Dateien...

        Scan erfolgreich abgeschlossen
        versteckte Dateien: 0

        **************************************************************************
        .
        --------------------- Durch laufende Prozesse gestartete DLLs ---------------------

        Prozess: C:\WINDOWS\SYSTEM32\winlogon.exe
        -> C:\Programme\SUPERAntiSpyware\SASWINLO.dll
        .
        Zeit der Fertigstellung: 2008-09-16  2:44:23
        ComboFix-quarantined-files.txt  2008-09-16 00:44:18

        Pre-Run: 10 Verzeichnis(se), 127,487,578,112 Bytes frei
        Post-Run: 14 Verzeichnis(se), 127,497,596,928 Bytes frei

        233   --- E O F ---   2008-09-14 11:21:58

        Logged

        ephemeridos

          Topic Starter


          Beginner

          Re: HELP!!! windows quick system eraser problem
          « Reply #7 on: September 15, 2008, 06:51:51 PM »
          and hijack this

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 02:47:34, on 16.09.2008
          Platform: Windows XP SP3 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16705)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\SYSTEM32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
          C:\Programme\BitDefender\BitDefender 2009\vsserv.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
          C:\Programme\Synaptics\SynTP\SynTPEnh.exe
          C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe
          C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
          C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
          C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
          C:\Programme\BitDefender\BitDefender 2009\bdagent.exe
          C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe
          C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
          C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe
          C:\Programme\Vidalia Bundle\Tor\tor.exe
          C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Programme\BitDefender\BitDefender 2009\seccenter.exe
          C:\WINDOWS\system32\notepad.exe
          C:\WINDOWS\explorer.exe
          C:\Programme\Trend Micro\HijackThis\sniper.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
          O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
          O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
          O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
          O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H
          O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
          O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
          O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
          O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2009\bdagent.exe"
          O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2009\IEShow.exe"
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [Vidalia] "C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe"
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: hpoddt01.exe.lnk = ?
          O4 - Global Startup: Privoxy.lnk = C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe
          O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
          O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
          O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
          O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
          O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
          O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162468014625
          O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
          O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
          O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
          O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programme\BitDefender\BitDefender 2009\vsserv.exe

          --
          End of file - 7346 bytes
          Logged

          evilfantasy

          • Malware Removal Specialist
          • Moderator


            • Genius
          • Calm like a bomb
            • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: HELP!!! windows quick system eraser problem
          « Reply #8 on: September 15, 2008, 07:01:44 PM »
          Download OTMoveIt2 by OldTimerand save it to your Desktop.

          Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

          1. Double-click OTMoveIt2.exe to run it.
          2. Copy the lines in the codebox below.

          Code: [Select]
          [kill explorer]
          C:\Windows\~DFA40B.tmp
          C:\Windows\boot32.exe
          EmptyTemp
          [start explorer]
          3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste
          4. Click the red Moveit! button.
          5. Copy everything in the Results window (under the green bar) and paste it in your next reply.
          6. Close OTMoveIt2

          Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.
          Logged

          ephemeridos

            Topic Starter


            Beginner

            Re: HELP!!! windows quick system eraser problem
            « Reply #9 on: September 15, 2008, 07:19:13 PM »
            i was immediatelly asked to reboot my computer and this message was shown after the restart.

            Explorer killed successfully
            C:\Windows\~DFA40B.tmp moved successfully.
            C:\Windows\boot32.exe moved successfully.
            < EmptyTemp >
            File delete failed. C:\DOKUME~1\Elvira\LOKALE~1\Temp\etilqs_UNTI0OwsDWD7ZCAbNDQm scheduled to be deleted on reboot.
            File delete failed. C:\WINDOWS\temp\tmp00000f88\tmp00000000 scheduled to be deleted on reboot.
            Temp folders emptied.
            IE temp folders emptied.
            Explorer started successfully
             
            OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09162008_031212

            Files moved on Reboot...
            File C:\DOKUME~1\Elvira\LOKALE~1\Temp\etilqs_UNTI0OwsDWD7ZCAbNDQm not found!
            File C:\WINDOWS\temp\tmp00000f88\tmp00000000 not found!
            Logged

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: HELP!!! windows quick system eraser problem
            « Reply #10 on: September 15, 2008, 07:23:35 PM »
              • Click START then RUN
              • Now type Combofix /u in the runbox
              • Make sure there's a space between Combofix and /u
              • Then hit Enter.

            • The above procedure will:
            • Delete the following:
            • ComboFix and its associated files and folders.
            • Reset the clock settings.
            • Hide file extensions, if required.
            • Hide System/Hidden files, if required.
            • Set a new, clean Restore Point.
            .
            ----------

            How is everything now?
            Logged

            ephemeridos

              Topic Starter


              Beginner

              Re: HELP!!! windows quick system eraser problem
              « Reply #11 on: September 15, 2008, 07:29:11 PM »
              combofix is uninstalled now. let me shut down my computer and start new. i'll reply you soon.
              Logged

              ephemeridos

                Topic Starter


                Beginner

                Re: HELP!!! windows quick system eraser problem
                « Reply #12 on: September 15, 2008, 07:40:27 PM »
                i think that the problem with windows quick system eraser is solved now. it doesn't appear when i start the computer. i have checked this two times with shut down and once with restart.

                the only problem is that each time i woudl shut down the computer i receive an error message about dwwin.exe.
                Logged

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                  • Genius
                • Calm like a bomb
                  • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                Re: HELP!!! windows quick system eraser problem
                « Reply #13 on: September 15, 2008, 08:00:05 PM »
                Thats the Dr. Watson for Windows (Drwtsn32.exe) Tool - See here for more information http://support.microsoft.com/kb/308538

                You might try seeing if something is needing to be updated.

                Use the Secunia Software Inspector

                • Click Start Now
                • Check the box next to Enable thorough system inspection.
                • Click Start
                • Allow the scan to finish and scroll down to see if any updates are needed.
                • Update anything listed.
                Logged

                ephemeridos

                  Topic Starter


                  Beginner

                  Re: HELP!!! windows quick system eraser problem
                  « Reply #14 on: September 15, 2008, 08:42:29 PM »
                  i have done the update also with windows update. from the info on the net dwwin.exe isn't a wild problem.

                  the main problem is fixed. :) i can't thank you enough, i owe you so much!

                  big cyber hug!!!! :) :-*
                  Logged
                  Pages: [1] 2  All   Go Up
                  « previous next »