Author Topic: Viruses and Trojans found by Dr. Web (Read 10328 times)

ephemeridos · « **on:** November 07, 2008, 05:31:17 PM »

OH NOOOO!!!! something is wrong with my bitdefender now!!! i was trying to install it again and my disc drive is gone.

---------------------------------

Hello,

Is evilfantasy around? I was on his page today and have downloaded Dr. Web CureIt. After deep scan it has found 11 viruses and trojans. Before using Dr. Web I have scanned my PC with SuperAntySpyware and Malwarebyt. Both scanns were clean. My BitDefender antivirus scan was also clean.

I greatly appreciate your help. Thank you in advance.

This is Dr. Web scann:

ComboFix.exe\32788R22FWJFW\C.bat;C:\Dokumente und Einstellungen\Elvira\desktop\ComboFix.exe;Wahrscheinlich BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Dokumente und Einstellungen\Elvira\desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Dokumente und Einstellungen\Elvira\desktop;Archiv enthält infizierte Objekte;Verschoben.;
A0012899.exe\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{001BD959-ABA2-4DB2-81E0-11BBCCA314B7}\RP107\A0012899.exe;Wahrscheinlich BATCH.Virus;;
A0012899.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{001BD959-ABA2-4DB2-81E0-11BBCCA314B7}\RP107\A0012899.exe;Program.PsExec.171;;
A0012899.exe;C:\System Volume Information\_restore{001BD959-ABA2-4DB2-81E0-11BBCCA314B7}\RP107;Archiv enthält infizierte Objekte;Verschoben.;
A0008159.reg;C:\System Volume Information\_restore{001BD959-ABA2-4DB2-81E0-11BBCCA314B7}\RP63;Wahrscheinlich SCRIPT.Virus;Nicht desinfizierbar.Gelöscht.;
A0009811.bat;C:\System Volume Information\_restore{001BD959-ABA2-4DB2-81E0-11BBCCA314B7}\RP75;Wahrscheinlich BATCH.Virus;Nicht desinfizierbar.Gelöscht.;
A0010800.bat;C:\System Volume Information\_restore{001BD959-ABA2-4DB2-81E0-11BBCCA314B7}\RP75;Wahrscheinlich BATCH.Virus;Nicht desinfizierbar.Gelöscht.;
A0010834.bat;C:\System Volume Information\_restore{001BD959-ABA2-4DB2-81E0-11BBCCA314B7}\RP76;Wahrscheinlich BATCH.Virus;Nicht desinfizierbar.Gelöscht.;
stream023\livesrv.exe;C:\Windows\Installer\2821cd.msi\stream023;Wahrscheinlich DLOADER.Trojan;;
stream023;C:\Windows\Installer\2821cd.msi;Archiv enthält infizierte Objekte;;
2821cd.msi;C:\Windows\Installer;Archiv enthält infizierte Objekte;Verschoben.;
stream023\livesrv.exe;C:\Windows\Installer\2b8ef0.msi\stream023;Wahrscheinlich DLOADER.Trojan;;
stream023;C:\Windows\Installer\2b8ef0.msi;Archiv enthält infizierte Objekte;;
2b8ef0.msi;C:\Windows\Installer;Archiv enthält infizierte Objekte;Verschoben.;
stream023\livesrv.exe;C:\Windows\Installer\5abca3.msi\stream023;Wahrscheinlich DLOADER.Trojan;;
stream023;C:\Windows\Installer\5abca3.msi;Archiv enthält infizierte Objekte;;
5abca3.msi;C:\Windows\Installer;Archiv enthält infizierte Objekte;Verschoben.;

[Saving space - attachment deleted by admin]

mcxeb52! · « **Reply #1 on:** November 07, 2008, 05:34:59 PM »

I'd post a HiJack This Log. It'll help Evifantasy some more

ephemeridos · « **Reply #2 on:** November 07, 2008, 05:46:29 PM »

thank you

i was working on hijack scan. here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:43:30, on 08.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programme\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\BillP Studios\WinPatrol\winpatrol.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programme\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\BitDefender\BitDefender 2009\seccenter.exe
C:\Programme\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Elvira\Eigene Dateien\Downloads\launch.exe
C:\DOKUME~1\Elvira\LOKALE~1\Temp\RarSFX0\_start.exe
C:\DOKUME~1\Elvira\LOKALE~1\Temp\RarSFX0\setup.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programme\Trend Micro\HijackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H
O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Programme\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [BitDefender Security Center] "C:\Programme\BitDefender\BitDefender 2009\seccenter.exe" /init
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-677995546-4235025852-1612458283-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162468014625
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programme\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 9311 bytes

[Saving space - attachment deleted by admin]

ephemeridos · « **Reply #3 on:** November 08, 2008, 06:48:34 AM »

this is a new hjt scan of today. new dr. web scan is attached. it shows trojan in system volume information. i can not use desinfection and if deleting infected files it says that i could loose important data. what to do now???
i was not able to install bitdefender from my cd. the disc drive doesn't show up in explorer and cd is not installing automatically. i don't know what is wrong. i don't use disc drive very often. i had to install test version from the net.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:05, on 08.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\BillP Studios\WinPatrol\winpatrol.exe
C:\Programme\SweetIM\Messenger\SweetIM.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
C:\Dokumente und Einstellungen\Elvira\Eigene Dateien\Downloads\launch.exe
C:\DOKUME~1\Elvira\LOKALE~1\Temp\RarSFX0\_start.exe
C:\DOKUME~1\Elvira\LOKALE~1\Temp\RarSFX0\setup.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\PhotoScape\PhotoScape.exe
C:\Programme\Trend Micro\HijackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H
O4 - HKLM\..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Programme\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-677995546-4235025852-1612458283-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162468014625
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programme\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 9063 bytes

[Saving space - attachment deleted by admin]

mcxeb52! · « **Reply #4 on:** November 08, 2008, 11:54:34 AM »

I'd forget about bitdefender and use a free antivirus like AVG or AVAST!

ephemeridos · « **Reply #5 on:** November 09, 2008, 02:28:12 PM »

i was in bitdefender forum too and no one replies. if evilfantasy is busy can anyone else help??? please.
i might have screwed bitdefender while using dr. web. i have tried to restore the system and this option doesn't work. i'm not able to install bitdefender from cd.

mcxeb52! · « **Reply #6 on:** November 09, 2008, 09:46:32 PM »

like I said, just ditch bitdefender and get a free antivirus unless you still got some leftover days in your bitdefender subscription?

ephemeridos · « **Reply #7 on:** November 10, 2008, 11:59:46 AM »

thanks for the advice. i can run trial version for 30 days. i hope someone can tell me how to fix my disc drive.
i haven't gotten much support in bitdefender forum.

evilfantasy · « **Reply #8 on:** November 10, 2008, 12:13:24 PM »

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O20 - AppInit_DLLs: secuload.dll

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.

For Windows XP Systems install the Recovery Console:

- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
- If for some reason your Internet is not working click No.
- If you are not using Windows XP, you will not be prompted.
- When prompted to accept the EULA click OK.
- Accept Microsoft's EULA (Click Yes).
- When you are told that the RC is installed correctly click YES to continue scanning for malware.

When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

ephemeridos · « **Reply #9 on:** November 10, 2008, 01:39:04 PM »

oh man! you are simply THE BEST!!!! hi evilfantasy

here is the combofix scan

[Saving space - attachment deleted by admin]

evilfantasy · « **Reply #10 on:** November 10, 2008, 01:47:03 PM »

Start -> All Programs -> Accessories -> System Tools -> System Restore -> System Restore Settings
Click to add a check mark beside Turn off System Restore and click Apply
When you are warned that all existing Restore Points will be deleted, click Yes to continue and wait a few moments to let System Restore clear.
Uncheck "Turn off System Restore"
Click "Apply," and then click "OK".

----------

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

----------

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

Under Main: Select Files to Delete choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
Click Exit on the Main menu to close the program.

Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

Important: Restart the computer before continuing.

----------

Run this online scan.

This scanner requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

Also let me know how everything is now.

ephemeridos · « **Reply #11 on:** November 10, 2008, 03:44:35 PM »

i have the feeling that my firefox works faster and the updates for superantyspyware are working again.
but my disc drive still doesn't appear in explorer. when i put the cd in it works for few seconds than it stopps.

no treats were found with the last scan.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3600 (20081110)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=0829ce17936ff440a5ba08b4bf882e1b
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-11-10 10:32:20
# local_time=2008-11-10 11:32:20 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# osver=5.1.2600 NT Service Pack 3
# scanned=290555
# found=0
# scan_time=4686

evilfantasy · « **Reply #12 on:** November 10, 2008, 03:55:48 PM »

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

Open the folder and run Dial-a-fix.exe
2 windows will open. Close the one in the background labeled Restrictive Policies
Check the box in section 1, Empty temp folders.
Check the box in section 2, Fix Windows Installer.
Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
Check all boxes in Section 5, labeled Registration Center.
Click Go
OK any error messages if received, but write them down and post them here.
Restart the computer when done.

.
How is everything now?

ephemeridos · « **Reply #13 on:** November 10, 2008, 04:21:57 PM »

no error messages received when running the program but disc drive still doesn't work.

evilfantasy · « **Reply #14 on:** November 10, 2008, 04:25:43 PM »

I'm not sure what is going on. You might try posting in the Windows forum.

ephemeridos · « **Reply #15 on:** November 10, 2008, 04:28:30 PM »

ok, thank you so much for your help!!!

it's greatly appreciated!

mcxeb52! · « **Reply #16 on:** November 10, 2008, 04:28:55 PM »

check the device manager. Does it display, next to the disk drive thing a yellow triangle with an exclamation point in it? When you click on the device properties, what does it say? an error or is thing okay?

http://support.microsoft.com/default.aspx?scid=314060 is a microsoft solution for non working CD/DVD drives, but give it a shot anyway after you sure you have a good system restore point in place. I don't know if this will work for you because I'm not sitting at your computer.

Otherwise, try posting in the Windows forum.

ephemeridos · « **Reply #17 on:** November 10, 2008, 08:21:03 PM »

Quote from: mcxeb52! on November 10, 2008, 04:28:55 PM

check the device manager. Does it display, next to the disk drive thing a yellow triangle with an exclamation point in it? When you click on the device properties, what does it say? an error or is thing okay?

http://support.microsoft.com/default.aspx?scid=314060 is a microsoft solution for non working CD/DVD drives, but give it a shot anyway after you sure you have a good system restore point in place. I don't know if this will work for you because I'm not sitting at your computer.

Otherwise, try posting in the Windows forum.

sorry, i haven't seen you posting. that's exactly what i have found too.

i was able to fix it and my bitdefender was easy to install without any errors.

thank you for your support

mcxeb52! · « **Reply #18 on:** November 10, 2008, 08:25:18 PM »

Glad that you're all good again

Computer Hope Forum

News:

Author Topic: Viruses and Trojans found by Dr. Web (Read 10328 times)

ephemeridos

mcxeb52!

ephemeridos

ephemeridos

mcxeb52!

ephemeridos

mcxeb52!

ephemeridos

evilfantasy

ephemeridos

evilfantasy

ephemeridos

evilfantasy

ephemeridos

evilfantasy

ephemeridos

mcxeb52!

ephemeridos

mcxeb52!