SYSTIM32 Problem. Ordner sind verschwunden und alle Ordner EXE sind 6.56MB ?

Down_under · 18.05.2010, 10:48

Habe gegoogelt und bin hier ausgekommen! MEin NAme ist Sebastian und ich hoffe hier auf Hilfe! HAbe alles probiert und bin am Ende! Problem tritt immer wieder auf!

HAbe auch schon mein Problem identifiziert. Jemand aus Australien im Forum hatte vor kurzem das gleiche Problem unter einem Post!

Ich kann meine Ordner teilweise nicht mehr sehen und wenn doch, dann sind diese 6.56 MB gross und enden mit EXE. Ich finde mit Malware 4 Threats, welche ich nachher noch poste. Wenn ich sie entferne und reboote, kommen sie nach ein paar Minuten wieder. Die Ordneroptionen schliessen sich automatisch nach 1 Sekunde und die SUCHE und AUSFUEHREN funktionieren auch nicht (schliessen sich sofort)

Allerdings kann ich mit dem Logfile aus OTL selber nichts anfangen. Denke mal es muss auf meinSystem angepasst werden!

Ich komme aus der NAehe Duesseldorf und lebe seit 1,5 JAhren in Alice Springs. ICh manage einen Shop, dieser hat 3 Computer im Netzwerk und auf dem Office PC habe ich nun dieses EXE ORdner PRoblem. Leider kann ich nichts mehr machen, bekomme meine Anwendungen nicht mehr ans laufen, ich brauche jedoch die Rechner morgen frueh zum kassieren und Buchfuehrung. Bin fuer alle HIlfe dankbar! Donate auch wenn noetig mit Paypal! HAuptsache der REchner lauft wieder!

Anbei sofort meine OTL Log Datei, darunter ein HIJACK THIS Logfile!

Cheers Seb

OTL Log:

OTL logfile created on: 18/05/2010 6:28:19 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 459.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 53.97 Gb Free Space | 72.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REDGUMSERVER
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Kalender\Kalender.exe (Ulrich Krebs)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\CNAB3RPK.EXE (CANON INC.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://secure.centrelink.gov.au/TX/login?FirstTime=true&Locale=en_US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www3.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "https://secure.centrelink.gov.au/TX/login?FirstTime=true&Locale=en_US"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://www3.iamwired.net/websearch.php?src=tops&search="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 13:30:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 13:30:26 | 000,000,000 | ---D | M]

[2009/11/07 14:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/05/18 16:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\p809rhfj.default\extensions
[2009/11/07 15:35:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\p809rhfj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/18 16:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/20 10:49:24 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2010/01/16 14:53:36 | 000,373,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12872 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe (Ulrich Krebs)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257029364703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westpac.com.au/wtpbs/wtBalanceSheet/portfoliomanagerwt.cab (PortfolioManagerWT ProfileManager Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.8.183.1 192.189.54.17
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/08 06:39:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0ffbabaf-9bfe-11de-80af-00110960935b}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{0ffbabaf-9bfe-11de-80af-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1341912a-dcf3-11dc-aa46-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{1341912a-dcf3-11dc-aa46-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{15274024-ca2b-11dd-bf58-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{15274024-ca2b-11dd-bf58-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18a14fce-9433-11de-80a5-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{18a14fce-9433-11de-80a5-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{377530ab-3802-11dd-aa6f-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{377530ab-3802-11dd-aa6f-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{37dea5ff-0f83-11df-816b-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{37dea5ff-0f83-11df-816b-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3eecf242-303e-11dc-aa27-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{3eecf242-303e-11dc-aa27-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4ad6a45f-c4db-11de-80f6-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{4ad6a45f-c4db-11de-80f6-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51f9a863-53e0-11df-bc78-00110960935b}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
O33 - MountPoints2\{69db068e-f800-11de-814c-00110960935b}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found
O33 - MountPoints2\{69db068e-f800-11de-814c-00110960935b}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found
O33 - MountPoints2\{92b21574-1b80-11df-818a-00110960935b}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found
O33 - MountPoints2\{92b21574-1b80-11df-818a-00110960935b}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found
O33 - MountPoints2\{a1e86cc9-d3ce-11de-811b-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b46dab82-57e0-11df-bc7a-00110960935b}\Shell\AutoRun\command - "" = E:\MediaManager.exe -- File not found
O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b46dab84-57e0-11df-bc7a-00110960935b}\Shell\AutoRun\command - "" = E:\MediaManager.exe -- File not found
O33 - MountPoints2\{ed4bff8c-90fd-11de-80a1-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{ed4bff8c-90fd-11de-80a1-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee313646-21b9-11de-bfce-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{ee313646-21b9-11de-bfce-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eec796b3-ef29-11dc-aa48-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{eec796b3-ef29-11dc-aa48-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fad719c9-c73a-11de-80f9-00110960935b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe6470ad-3210-11dd-aa6c-00110960935b}\Shell - "" = AutoRun
O33 - MountPoints2\{fe6470ad-3210-11dd-aa6c-00110960935b}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/18 17:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira
[2010/05/18 17:55:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/05/18 17:55:10 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/05/18 17:55:09 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/05/18 17:55:09 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/05/18 17:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/05/18 17:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/05/18 17:34:47 | 000,188,673 | ---- | C] (Avira GmbH) -- C:\Documents and Settings\User\Desktop\avirarkd.exe
[2010/05/18 17:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/13 09:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\MP3 Player Load
[2010/04/25 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\GlarySoft
[2010/04/25 14:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/04/25 14:16:11 | 008,088,472 | ---- | C] (Glarysoft Ltd ) -- C:\gusetup.exe
[2010/04/25 10:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TuneUp Software
[2010/04/25 10:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/04/25 10:19:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/04/25 09:34:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\SYSTIM32
[2010/04/25 09:31:12 | 000,000,000 | -HSD | C] -- C:\SYSTIM32
[2010/04/21 11:13:42 | 001,242,112 | ---- | C] (Chestysoft) -- C:\WINDOWS\System32\csXImage.ocx
[2010/04/21 11:13:42 | 000,402,848 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\btn32a20.ocx
[2010/04/21 11:13:42 | 000,266,240 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZTiff.dll
[2010/04/21 11:13:42 | 000,225,280 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\Btn32d20.dll
[2010/04/21 11:13:42 | 000,204,800 | ---- | C] (SaifSoft) -- C:\WINDOWS\System32\ColorBox.ocx
[2010/04/21 11:13:42 | 000,180,224 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\Eztwain3.dll
[2010/04/21 11:13:42 | 000,151,552 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZPng.dll
[2010/04/21 11:13:42 | 000,118,784 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZGif.dll
[2010/04/21 11:13:42 | 000,106,496 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZJpeg.dll
[2010/04/21 11:13:42 | 000,049,152 | ---- | C] (Dosadi (www.dosadi.com)) -- C:\WINDOWS\System32\EZPdf.dll
[2010/04/21 11:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\DVDCoverPrint
[2010/04/21 11:13:41 | 000,238,080 | ---- | C] (Pegasus Software LLC) -- C:\WINDOWS\System32\fximg50g.ocx
[2010/04/21 11:13:41 | 000,178,688 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\fxlbl50g.ocx
[2010/04/21 11:13:40 | 000,307,200 | ---- | C] (Polar sales@polarsoftware.com www.polarsoftware.com) -- C:\WINDOWS\System32\PolarZIPLight.dll
[2010/04/21 11:13:40 | 000,122,880 | ---- | C] (ImageFX) -- C:\WINDOWS\System32\fxtls532.dll
[2010/04/21 11:13:40 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2004/11/25 04:55:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[979 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/18 18:26:40 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/18 18:25:20 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/18 18:25:11 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/05/18 18:25:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/18 18:24:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/18 18:15:41 | 000,000,807 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
[2010/05/18 18:15:41 | 000,000,039 | ---- | M] () -- C:\WINDOWS\MYOB.INI
[2010/05/18 18:14:30 | 000,000,331 | -HS- | M] () -- C:\regs.sys
[2010/05/18 18:03:51 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2010/05/18 18:03:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/05/18 17:55:34 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/05/18 17:46:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/18 17:44:31 | 000,000,743 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/18 17:15:07 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk
[2010/05/18 16:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/05/18 10:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/05/18 04:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/05/17 22:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/05/16 10:11:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/12 09:52:29 | 000,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/12 09:27:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TEMP.001
[2010/05/10 16:28:24 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Centrepay Report.xls
[2010/05/07 13:20:52 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Box of Eggs.doc
[2010/05/07 06:29:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/07 06:29:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/07 06:09:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/07 06:09:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/07 06:04:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/07 06:03:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/07 06:03:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/07 06:03:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/07 06:03:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 14:07:52 | 000,522,560 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/26 14:07:52 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/26 14:07:52 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/25 14:17:08 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Glary Utilities.lnk
[2010/04/25 14:16:12 | 008,088,472 | ---- | M] (Glarysoft Ltd ) -- C:\gusetup.exe
[2010/04/25 10:53:17 | 004,718,592 | ---- | M] () -- C:\WINDOWS\TEMP.000
[2010/04/21 11:15:04 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to DVDCoverPrint.lnk
[979 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/18 18:14:30 | 006,883,584 | ---- | C] () -- C:\WINDOWS\System32\SYSTIM32.EXE
[2010/05/18 17:55:34 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/05/18 17:19:00 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.004
[2010/05/18 17:14:57 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk
[2010/05/18 16:13:04 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.003
[2010/05/18 16:13:04 | 006,883,584 | ---- | C] () -- C:\WINDOWS\LASTGOOD.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\WINSXS.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\WBEM.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\TEMP.002
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SXSCAP~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SUN.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SRCHASST.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SOFTWA~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SHELLNEW.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SERVIC~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\SECURITY.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\RESOUR~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REPAIR.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REGIST~2.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\REGIST~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PSS.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PROVIS~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PROFILES.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PREFETCH.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PEERNET.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\PCHEALTH.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\NETWOR~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MUI.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MSAPPS.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MSAGENT.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MINIDUMP.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MICROS~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\MEDIA.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\L2SCHE~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\JAVA.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IME.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IE8UPD~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\IE7UPD~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\HELP.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\EHOME.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DRIVER~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DOWNLO~2.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\DEBUG.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CURSORS.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CRYSTAL.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CONNEC~1.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CONFIG.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\CACHE.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\BDOSCAN8.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\APPPATCH.EXE
[2010/05/13 09:39:14 | 006,883,584 | ---- | C] () -- C:\WINDOWS\ADDINS.EXE
[2010/05/10 10:42:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEMP.001
[2010/05/07 13:20:51 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Box of Eggs.doc
[2010/04/25 14:17:15 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/04/25 14:17:08 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Glary Utilities.lnk
[2010/04/25 09:34:24 | 006,883,584 | ---- | C] () -- C:\Documents and Settings\User\WINDOWS.EXE
[2010/04/25 09:34:24 | 006,883,584 | ---- | C] () -- C:\Documents and Settings\User\DESKTOP.EXE
[2010/04/25 09:31:10 | 004,718,592 | ---- | C] () -- C:\WINDOWS\TEMP.000
[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\SPOOLE~1.EXE
[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\RETAILM.EXE
[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOBODBC.EXE
[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOBOD~1.EXE
[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\MYOB18.EXE
[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\DOCUME~1.EXE
[2010/04/24 13:07:41 | 006,883,584 | ---- | C] () -- C:\ATI.EXE
[2010/04/24 09:17:59 | 000,000,331 | -HS- | C] () -- C:\regs.sys
[2010/04/21 11:15:04 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to DVDCoverPrint.lnk
[2010/04/21 11:13:41 | 000,059,014 | ---- | C] () -- C:\WINDOWS\System32\picn1820.ssm
[2010/04/21 11:13:41 | 000,047,163 | ---- | C] () -- C:\WINDOWS\System32\picn1320.ssm
[2010/04/21 11:13:41 | 000,016,064 | ---- | C] () -- C:\WINDOWS\System32\picn8220.ssm
[2010/04/21 11:13:39 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2010/03/08 09:32:20 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/03/08 09:32:18 | 001,317,152 | R--- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/11/07 12:19:55 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/06 08:39:29 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2009/05/01 16:03:48 | 000,009,961 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/05 15:44:10 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/20 00:45:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/18 03:11:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/18 02:52:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/18 02:52:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/18 02:47:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/18 02:29:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/11 20:57:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/30 12:15:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/10/02 15:11:22 | 000,000,663 | ---- | C] () -- C:\WINDOWS\openrda.ini
[2007/08/06 11:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/10 11:09:28 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLeNL.DLL
[2007/03/13 16:29:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/23 15:00:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/05/05 18:26:00 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ctreestd.dll
[2004/10/17 09:34:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI
[2004/10/17 09:32:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2004/10/17 09:16:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI
[2004/10/10 14:16:27 | 000,000,132 | ---- | C] () -- C:\WINDOWS\MYOBPOpt.INI
[2004/10/10 13:48:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/10 13:08:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2004/10/10 12:52:25 | 000,000,807 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2004/10/10 12:52:25 | 000,000,119 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2004/10/10 12:52:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2004/10/10 12:50:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2004/10/10 12:49:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2004/10/10 12:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwp32.INI
[2004/10/08 06:53:12 | 000,155,648 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/10/04 03:20:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/31 07:02:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/11/14 10:53:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1996/02/22 10:53:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1996/01/15 10:53:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll
[1995/09/25 10:53:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 10:53:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini
< End of report >

Hoffe auf eure Hilfe!

THX

S. KRasemann

PS. Hier das HIJACK Logfile, falls es hilfreich ist.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:43:39 PM, on 18/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Kalender\Kalender.exe
C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\My Documents\Downloads\windows-kb890830-v3.7.exe
c:\70ff4e5438fec949a2\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.centrelink.gov.au/TX/login?FirstTime=true&Locale=en_US
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=hxxp://iaksignup.bigpond.com/partners/mirs/bpbbmirs.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257029364703
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtpbs/wtBalanceSheet/portfoliomanagerwt.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 8572 bytes

Down_under · 18.05.2010, 12:22

Malware Logfile

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4099

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/05/2010 8:50:51 PM
mbam-log-2010-05-18 (20-50-51).txt

Scan type: Full scan (C:\|)
Objects scanned: 198881
Time elapsed: 1 hour(s), 11 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\SYSTIM32.EXE (Trojan.Agent) -> No action taken.

Down_under · 18.05.2010, 22:38

HAllo LEute!

Hab ich irgendwas falsch gemacht? Hab alles aufgefuehrt. Ist echt nen Notfall!

Wuerde freuen, wenn mal jemand schaut!

Tausend Dank

Seb

SYSTIM32 Problem. Ordner sind verschwunden und alle Ordner EXE sind 6.56MB ?

Plagegeister aller Art und deren Bekämpfung: SYSTIM32 Problem. Ordner sind verschwunden und alle Ordner EXE sind 6.56MB ?